exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Alert Summary November 19, 1997

ISS Security Alert Summary November 19, 1997
Posted Jul 15, 1999

ISS Security Alert Summary for November 19, 1997.

SHA-256 | 42fa73bee2162383cc7015e140ce290f5aa433d145dd630a1d361c6fb22f9c2d

ISS Security Alert Summary November 19, 1997

Change Mirror Download

From xforce@iss.net Thu Nov 20 14:00:12 1997
Date: Wed, 19 Nov 1997 16:21:56 -0500 (EST)
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@arden.iss.net>
Subject: ISSalert: ISS Security Alert Summary v1 n7

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Alert Summary
November 19, 1997
Volume 1 Number 7


X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an email to majordomo@iss.net and within the body of the
message type: 'subscribe alert'.

___

Index

5 Reported New Vulnerabilities
- Cisco-passwdloss
- DEC-xterm
- Pentium-crash
- HP-xlock
- MSIE-dildog

U.S. Air Force Deploys Leading Internet Scanner Vulnerability Detection
Software Across Bases Worldwide

Risk Factor Key

___

Date Reported: 11/16/97
Vulnerability: Cisco-passwdloss
Affected Platforms: LocalDirector 1.6.3
Risk Factor: High

Cisco development group is investigating reported failures in the enable
password mechanism in LocalDirector 1.6.3. Users who have access to the
LocalDirector via telnet or via the console port can reportedly gain
access to privileged mode without providing the correct password.
X-Force will update this problem as more information becomes available
as this is preliminary information.

Reference:
http://www.cisco.com/warp/public/770/ldpass-pub.shtml

___

Date Reported: 11/12/97
Vulnerability: DEC-xterm
Affected Platforms: Digital UNIX 4.0B (with patch kit 5)
Risk Factor: High

Digital UNIX 4.0B contains a vulnerability in xterm if patch kit 5 has
already been applied. The patch kit replaced an existing xterm bug but
created a new one in the process. By setting your DISPLAY to a variable
that does not exist (eg setenv DISPLAY blah), you can cause xterm to
seg fault and overwrite system files with the core file.

Reference:
http://www.bus.miami.edu/~tom/security/core.html

___

Date Reported: 11/7/97
Vulnerability: Pentium-crash
Affected Platforms: Any Intel Pentium based platform
(eg. Windows NT, Linux, etc)
Risk Factor: High

A code fragment exists that will crash any unpatched operating
system on Intel Pentium CPUs. This problem does not exist in Pentium
Pro, or Pentium II processors. Some operating systems have released
patches to work around this problem.

References:
http://support.intel.com/support/processors/pentium/ppiie/index.htm
http://www.infoworld.com/cgi-bin/displayStory.pl?971111.epentium.htm
http://techweb.cmp.com/eet/news/97/961news/ibug.html

___

Date Reported: 11/4/97
Vulnerability: HP-xlock
Affected Platforms: HP-UX (10.24 with VirtualVault)
see reference for exact versions
Risk Factor: High

Xlock is a program that allows X terminal users to lock their console
while staying logged in. It contains a vulnerability that allows local
users to obtain access to the system that is running xlock.

Reference:
http://us-support.external.hp.com/ - HP Security Bulletin #00073

___

Date Reported: 11/1/97
Vulnerability: MSIE-dildog
Affected Platforms: Windows 95 (MS Internet Explorer 4.0 Suite)
Risk Factor: High

Microsoft Internet Explorer 4.0 Suite contains a buffer overflow
condition that can be exploited when a user accesses a malicious page
contains a link to a "res://" address that is longer than 256
characters. The extra characters are saved in the machines memory and
arbitrary code can be executed on the users system.

References:
http://www.l0pht.com/advisories/ie4_x1.txt
http://www.microsoft.com/ie/security/?/ie/security/buffer.htm

___

U.S. Air Force Deploys Leading Internet Scanner Vulnerability Detection
Software Across Bases Worldwide

www.iss.net/cgi-bin/dbt-display.exe/db_data/press_rel/release/11179752.plt

___


Risk Factor Key:

High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.

Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and intrusion detection tools,
providing comprehensive software that enables organizations to proactively
manage and minimize their network security risks. For more information,
contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS
Web site at http://www.iss.net.

________

Copyright (c) 1997 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
email xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X Force <xforce@iss.net> of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNHNVPTRfJiV99eG9AQEccQP9Gyofp57IgEpR3BXQe/OVzXCHRxAYkhja
o+bf3COzBln6Dfcg91Fd/rjYpselhPLXpbr6NEqdD1d3WkQ/WNaATCHrOhMI55oY
DKSLoS6dnleqEwOOpmfZYVmlmvsHpxMxc0blDknH9WgewOce1H7fQBD3uhaCT/qX
28WCqomTymU=
=4+5y
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close