ISS Security Alert Summary for December 3, 1997.
384188a7b63ce8fe48315ff122b2acb9263ecafe599b323199ba14021437d321
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
December 3, 1997
Volume 1 Number 8
_X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an e-mail to [11]majordomo@iss.net and within the body of the
message type: 'subscribe alert'.
___
Index
4 Reported New Vulnerabilities [12]Back to Alert List
[13] - SCO-scoterm
[14] - land-dos
[15] - SGI-syserr
[16] - SGI-permtool
4 Updates
[17] - Cisco-passwdloss
[18] - HP-ppl
[19] - SGI-at
[20] - SGI-libXt
Risk Factor Key
[21]Top of Page || [22]Back to Alert List
___
Date Reported: 11/20/97
Vulnerability: SCO-scoterm
Affected Platforms: SCO Open Desktop/Open Server 3.0
SCO OpenServer 5.0
Risk Factor: High
Santa Cruz Operation Open Server's xterm, scoterm, has a vulnerability
that, if exploited, would allow any local user to execute arbitrary
commands with root privileges. SCO provides a workaround as well as a
patch for this problem.
References:
[23]ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:02a
[24]http://ciac.llnl.gov/ciac/bulletins/i-016.shtml
[25]Top of Page || [26]Back to Alert List
___
Date Reported: 11/19/97
Vulnerability: land-dos
Affected Platforms: (From BUGTRAQ@NETSPACE.ORG 11/24, second hand
information not meant to be
comprehensive/accurate, contact vendor for exact
operating systems and versions)
AIX (3)
AmigaOS AmiTCP (4.2 (Kickstart 3.0))
BeOS Preview (Release 2 PowerMac)
BSDI (2.0, 2.1 (vanilla))
Cisco IOS/700
Cisco Catalyst 5xxx and 29xx switches
Digital VMS
FreeBSD (2.2.5-Release, 2.2.5-Stable, 3.0-Current)
HP External JetDirect Print Servers
IBM AS/400 OS7400 (3.7)
IRIX (5.2, 5.3)
MacOS MacTCP
MacOS (7.6.1 (OpenTransport 1.1.2), 8.0)
NetApp NFS server (4.1d, 4.3)
NetBSD (1.1, 1.2, 1.2a, 1.2.1, 1.3_ALPHA)
NeXTSTEP (3.0, 3.1)
OpenVMS (7.1 with UCX 4.1-7)
QNX (4.24)
Rhapsody Developer Release
SCO OpenServer (5.0.2 SMP, 5.0.4)
SCO Unixware (2.1.1, 2.1.2)
SunOS (4.1.3, 4.1.4)
Windows 95 (vanilla)
Windows 95 (with Winsock 2 and VIPUPD.EXE)
Windows NT (with SP3, with SP3 and simptcp-fix)
Risk Factor: High
A new bug called the land attack named by its discoverer, has been posted
to a security mailing list, BUGTRAQ, with an exploit that can lock up or
"freeze" many different operating systems as well as network hardware.
An attacker can send a SYN packet, which is normally used to open a
connection, to the host they want to attack. The packet is spoofed to
appear to the machine that it is coming from itself, from the same port.
When the machine tries to respond to itself multiple times, it crashes.
Many different operating systems and hardware such as routers, and hubs
have been reported to being vulnerable to this bug.
Packet filters that protect against IP address spoofing will be
effective in preventing Internet-launched land attacks. Cisco has released
information on how to configure their hardware to avoid this problem.
References:
[27]http://www.iss.net/xforce/advisories/land1.asc (original BUGTRAQ post)
[28]http://www.iss.net/xforce/advisories/land2.asc (affected platforms)
[29]http://www.cisco.com/warp/public/770/land-pub.shtml
[30]ftp://ietf.org/internet-drafts/draft-ferguson-ingress-filtering-03.txt
[31]Top of Page || [32]Back to Alert List
___
Date Reported: 11/18/97
Vulnerability: SGI-syserr
Affected Platforms: All SGI systems running Desktop System Monitor
Risk Factor: High
IRIX's syserr is the System Error Notification Broker program and is part
of the Desktop System Monitor. It monitors system events and notifies the
user when the events occur. A vulnerability exists in syserr that allows
local accounts to create and corrupt random files.
Reference:
[33]ftp://sgigate.sgi.com/security/19971103-01-PX
[34]Top of Page || [35]Back to Alert List
___
Date Reported: 11/18/97
Vulnerability: SGI-permtool
Affected Platforms: All SGI systems running Indigo Magic Desktop
Risk Factor: High
Indigo Magic Desktop contains a program called permissions tool. It is
used to modify the permission bits (owner, group, and others) for files
and directories (similar to chmod). It contains a vulnerability that
allows local accounts to gain access to a privileged user.
Reference:
[36]ftp://sgigate.sgi.com/security/19971103-01-PX
[37]Top of Page || [38]Back to Alert List
___
Date: 11/25/97 (ISS Security Alert Summary v1 n7)
Update: Cisco-passwdloss
Vendor: Cisco
Platforms: LocalDirector 1.6.3
Cisco has investigated the password loss problem in LocalDirector 1.6.3
and was unable to reproduce it. They believe that the reports were caused
by an error on the user's end. Cisco is currently fixing the user
interface to make it more difficult for the user to lose their password
without knowing it. Cisco is still trying to reproduce this to make sure
their assessment is correct.
Reference:
[39]http://www.cisco.com/warp/public/770/ldpass-pub.shtml
[40]Top of Page || [41]Back to Alert List
___
Date: 11/24/97 (HP Security Bulletin #00057 4/22/97)
Update: HP-ppl
Vendor: Hewlett Packard
Platforms: HP-UX (9.x, 10.x)
Hewlett Packard has released new patches for the ppl vulnerability that
was disclosed in April (HP has *revised* HP Security Bulletin #00057).
References:
[42]http://us-support.external.hp.com - HP Security Bulletin #00057
[43]http://ciac.llnl.gov/ciac/bulletins/i-31a.shtml
[44]Top of Page || [45]Back to Alert List
___
Date: 11/18/97 (CERT Advisory CA-97.18 6/12/97)
Update: SGI-at
Vendor: Silicon Graphics Inc.
Platforms: IRIX (3.x, 4.x, 5.0.x, 5.1.x, 5.2, 5.3
6.0.x, 6.1, 6.2, 6.3, 6.4)
The at program can be used by local users to schedule commands to be
executed at a later time. It contains a vulnerability that allows local
users to execute commands as root. SGI has released patches and a
temporary solution for this problem.
References:
[46]ftp://sgigate.sgi.com/security/19971102-01-PX
[47]ftp://info.cert.org/pub/cert_advisories/CA-97.18.at
[48]Top of Page || [49]Back to Alert List
___
Date: 11/18/97 (CERT Advisory CA-97.11 5/1/97)
Update: SGI-libXt
Vendor: Silicon Graphics Inc.
Platforms: IRIX (4.x, 5.0.x, 5.1.x, 5.2, 5.3
6.0.x, 6.1, 6.2, 6.3, 6.4)
Silicon Graphics Inc. has released patches and a temporary solution for
the buffer overflow problems in the Xt library of the X Windowing system
and X application programs.
Reference:
[50]ftp://sgigate.sgi.com/security/19971101-01-PX
[51]ftp://info.cert.org/pub/cert_advisories/CA-97.11.libXt
[52]Top of Page || [53]Back to Alert List
___
Risk Factor Key:
High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.
Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and intrusion detection tools,
providing comprehensive software that enables organizations to proactively
manage and minimize their network security risks. For more information,
contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS
Web site at [54]http://www.iss.net.
[55]Top of Page || [56]Back to Alert List
________
Copyright (c) 1997 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [57]xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
X-Force PGP Key available at: [58]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X Force <[59]xforce@iss.net> of Internet Security Systems, Inc.
[60]Top of Page || [61]Back to Alert List
[62]News | [63]Serious Fun | [64]Mail Lists | [65]Security Library
[66]Protoworx | [67]Alerts | [68]Submissions | [69]Feedback
[70]Advanced Search
[71]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [72]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [73]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/alerts.php3
13. http://xforce.iss.net/alerts/vol-1_num-8.php3#SCO-scoterm
14. http://xforce.iss.net/alerts/vol-1_num-8.php3#land-dos
15. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-syserr
16. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-permtool
17. http://xforce.iss.net/alerts/vol-1_num-8.php3#Cisco-passwdloss
18. http://xforce.iss.net/alerts/vol-1_num-8.php3#HP-ppl
19. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-at
20. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-libXt
21. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
22. http://xforce.iss.net/alerts/alerts.php3
23. ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:02a
24. http://ciac.llnl.gov/ciac/bulletins/i-016.shtml
25. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
26. http://xforce.iss.net/alerts/alerts.php3
27. http://www.iss.net/xforce/advisories/land1.asc
28. http://www.iss.net/xforce/advisories/land2.asc
29. http://www.cisco.com/warp/public/770/land-pub.shtml
30. ftp://ietf.org/internet-drafts/draft-ferguson-ingress-filtering-03.txt
31. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
32. http://xforce.iss.net/alerts/alerts.php3
33. ftp://sgigate.sgi.com/security/19971103-01-PX
34. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
35. http://xforce.iss.net/alerts/alerts.php3
36. ftp://sgigate.sgi.com/security/19971103-01-PX
37. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
38. http://xforce.iss.net/alerts/alerts.php3
39. http://www.cisco.com/warp/public/770/ldpass-pub.shtml
40. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
41. http://xforce.iss.net/alerts/alerts.php3
42. http://us-support.external.hp.com/
43. http://ciac.llnl.gov/ciac/bulletins/i-31a.shtml
44. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
45. http://xforce.iss.net/alerts/alerts.php3
46. ftp://sgigate.sgi.com/security/19971102-01-PX
47. ftp://info.cert.org/pub/cert_advisories/CA-97.18.at
48. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
49. http://xforce.iss.net/alerts/alerts.php3
50. ftp://sgigate.sgi.com/security/19971101-01-PX
51. ftp://info.cert.org/pub/cert_advisories/CA-97.11.libXt
52. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
53. http://xforce.iss.net/alerts/alerts.php3
54. http://www.iss.net/
55. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
56. http://xforce.iss.net/alerts/alerts.php3
57. mailto:xforce@iss.net
58. http://www.iss.net/xforce/sensitive.html
59. mailto:xforce@iss.net
60. http://xforce.iss.net/alerts/vol-1_num-8.php3#list
61. http://xforce.iss.net/alerts/alerts.php3
62. http://xforce.iss.net/news.php3
63. http://xforce.iss.net/seriousfun/
64. http://xforce.iss.net/maillists/
65. http://xforce.iss.net/library/
66. http://xforce.iss.net/protoworx/
67. http://xforce.iss.net/alerts/
68. http://xforce.iss.net/submission.php3
69. http://xforce.iss.net/feedback.php3
70. http://xforce.iss.net/search.php3
71. http://xforce.iss.net/about.php3
72. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
73. http://xforce.iss.net/privacy.php3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed