ISS Security Alert Summary for December 17, 1997.
770ebb434119a936daf96bb90d41df85f0b14bd8de70f8f65e05327d9e7483ab
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
December 17, 1997
Volume 1 Number 9
_X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an e-mail to [11]majordomo@iss.net and within the body of the
message type: 'subscribe alert'.
___
Index
2 Reported New Vulnerabilities [12]Back to Alert List
[13] - SNMP-config
[14] - statd
2 Updates
[15] - Sun-sendmail
[16] - Sun-at
3 Reported Incidents
[17] - Multiple Web Sites Hacked
[18] - Fox Online Web Site Hacked
[19] - Yahoo! Web Site Hacked
Risk Factor Key
[20]Top of Page || [21]Back to Alert List
___
Date Reported: 12/9/97
Vulnerability: SNMP-config
Platforms Affected: Check Point FireWall-1
Risk Factor: Low
The default configuration of Check Point Firewall-1 may allow remote users
to access SNMP MIB information. The firewall can not be compromised
through this configuration; however, users should evaluate restricting the
availability of SNMP MIB information on all SNMP enabled devices. For
additional information and a patch go to Check Point's public Web site at
[22]http://www.checkpoint.com/techsupport/snmp/cp-fw-301-0024.html If a
customer has not upgraded to FireWall-1 3.0, a description of how to
change the configuration setting without the patch may be found at
[23]http://www.checkpoint.com/techsupport/snmp/config/snmpindex.html
References:
[24]ftp://ftp.secnet.com/pub/advisories/SNI-21.Firewall-1.advisory
[25]Top of Page || [26]Back to Alert List
___
Date Reported: 12/6/97
Vulnerability: Slack-crond
Platforms Affected: Linux Slackware 3.4
Risk Factor: High
A vulnerability exists in Linux Slackware version 3.4's crond. A locally
exploitable buffer overflow condition that will allow local users with an
account to execute arbitrary code. By exploiting this vulnerability,
users can obtain root access.
Reference:
[27]http://www.dec.net/ksrt/adv5.html
[28]Top of Page || [29]Back to Alert List
___
Date Reported: 12/5/97
Vulnerability: statd
Platforms Affected: AIX (3.2, 4.1)
Digital UNIX (V4.0 - V4.0c)
Solaris (2.4, 2.5, 2.5.1)
SunOS (4.1.3, 4.1.4)
Risk Factor: High
statd provides network status monitoring and provides crash and recovery
functions for the locking services on NFS. Local users can exploit a
vulnerability in statd that would allow them to execute commands as the
user running statd, which is, in most cases, root. Remote users without
an account on the system would also be able to exploit this vulnerability
if statd is accessible on the network.
References:
[30]ftp://info.cert.org/pub/cert_advisories/CA-97.26.statd
[31]http://ciac.llnl.gov/ciac/bulletins/i-017.shtml
[32]Top of Page || [33]Back to Alert List
___
Date: 12/3/97 (Cert Advisory 96.20)
Update: Sun-sendmail
Vendor: Sun Microsystems, Inc.
Platforms: SunOS (4.1.3, 4.1.4)
Sun originally shipped SunOS 4.1.3 and 4.1.4 with Sendmail 5. Sun
has released patches that contain Sendmail 8.6.9 plus extensions to
upgrade Solaris 4.1.3 and 4.1.4 from Sendmail 5.
References:
[34]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-159.txt
[35]http://ciac.llnl.gov/ciac/bulletins/g-43a.shtml
[36]ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul
[37]Top of Page || [38]Back to Alert List
___
Date: 12/3/97 (Cert Advisory 97.18)
Update: Sun-at
Vendor: Sun Microsystems, Inc.
Platforms: Solaris (2.3, 2.4, 2.5, 2.5.1)
The at program is used by local users to schedule commands to be run at a
specific time. Sun has released patches that correct the problem that
allows users to exploit the at command to gain root access.
References:
[39]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-160.txt
[40]ftp://info.cert.org/pub/cert_advisories/CA-97.18.at
[41]Top of Page || [42]Back to Alert List
___
Date Reported: 12/13/97
Incident: Multiple Web Sites Hacked
Over the weekend, dozens of web sites were hacked by the same (or
apparently the same) person or group. A majority of the hacked sites
depicted a picture of Jesus with the words 'Thou Art Owned!!!!' and 'BOW
DOWN!'. See reference for exact sites and hacks.
Reference:
[43]http://www.hacked.net/news.html
[44]Top of Page || [45]Back to Alert List
___
Date Reported: 12/11/97
Incident: Fox Online Web Site Hacked
The Fox television network's, Fox Online, web site was hacked in the early
morning of the 11th. A message was posted making reference to a X-File's
character and another by the name of 'Heike'.
Reference:
[46]http://www.news.com/News/Item/0,4,17266,00.html
[47]Top of Page || [48]Back to Alert List
___
Date Reported: 12/9/97
Incident: Yahoo! Web Site Hacked
The Yahoo! web directory and search engine was hacked. Intruders changed
the web pages that are seen by Lynx and older Netscape browsers. Their
message was that they had planted a virus on Yahoo! and that anyone who
had viewed their pages had it. They also made statements that Kevin
Mitnick had been framed, and that they would only release the antidote to
their virus, if he was freed.
References:
[49]http://www.zdnet.com/pcweek/spencer/spencer.html
[50]http://www.infowar.com/hacker/hack_121397a.html-ssi
[51]http://search.washingtonpost.com/wp-srv/WAPO/19971210/V000626-121097-idx.ht
ml
[52]http://search.washingtonpost.com/wp-srv/WAPO/19971209/V000115-120997-idx.ht
ml
[53]http://biz.yahoo.com/bw/971210/trident_data_systems_1.html
[54]http://www.yahoo.com/headlines/971210/wired/stories/hacker_1.html
[55]http://www.yahoo.com/headlines/971210/tech/stories/yahoo_2.html
[56]http://www.wired.com:80/news/news/technology/story/9059.html
[57]Top of Page || [58]Back to Alert List
___
Risk Factor Key:
High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.
Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and intrusion detection tools,
providing comprehensive software that enables organizations to proactively
manage and minimize their network security risks. For more information,
contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS
Web site at [59]http://www.iss.net.
[60]Top of Page || [61]Back to Alert List
________
Copyright (c) 1997 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [62]xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
X-Force PGP Key available at: [63]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X Force xforce@iss.net
> of Internet Security Systems, Inc. [64]Top of Page || [65]Back to
Alert List
[66]News | [67]Serious Fun | [68]Mail Lists | [69]Security Library
[70]Protoworx | [71]Alerts | [72]Submissions | [73]Feedback
[74]Advanced Search
[75]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [76]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [77]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/alerts.php3
13. http://xforce.iss.net/alerts/vol-1_num-9.php3#SNMP-config
14. http://xforce.iss.net/alerts/vol-1_num-9.php3#statd
15. http://xforce.iss.net/alerts/vol-1_num-9.php3#Sun-sendmail
16. http://xforce.iss.net/alerts/vol-1_num-9.php3#Sun-at
17. http://xforce.iss.net/alerts/vol-1_num-9.php3#Multiple
18. http://xforce.iss.net/alerts/vol-1_num-9.php3#Fox
19. http://xforce.iss.net/alerts/vol-1_num-9.php3#Yahoo
20. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
21. http://xforce.iss.net/alerts/alerts.php3
22. http://www.checkpoint.com/techsupport/snmp/cp-fw-301-0024.html
23. http://www.checkpoint.com/techsupport/snmp/config/snmpindex.html
24. ftp://ftp.secnet.com/pub/advisories/SNI-21.Firewall-1.advisory
25. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
26. http://xforce.iss.net/alerts/alerts.php3
27. http://www.dec.net/ksrt/adv5.html
28. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
29. http://xforce.iss.net/alerts/alerts.php3
30. ftp://info.cert.org/pub/cert_advisories/CA-97.26.statd
31. http://ciac.llnl.gov/ciac/bulletins/i-017.shtml
32. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
33. http://xforce.iss.net/alerts/alerts.php3
34. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-159.txt
35. http://ciac.llnl.gov/ciac/bulletins/g-43a.shtml
36. ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul
37. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
38. http://xforce.iss.net/alerts/alerts.php3
39. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-160.txt
40. ftp://info.cert.org/pub/cert_advisories/CA-97.18.at
41. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
42. http://xforce.iss.net/alerts/alerts.php3
43. http://www.hacked.net/news.html
44. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
45. http://xforce.iss.net/alerts/alerts.php3
46. http://www.news.com/News/Item/0,4,17266,00.html
47. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
48. http://xforce.iss.net/alerts/alerts.php3
49. http://www.zdnet.com/pcweek/spencer/spencer.html
50. http://www.infowar.com/hacker/hack_121397a.html-ssi
51. http://search.washingtonpost.com/wp-srv/WAPO/19971210/V000626-121097-idx.html
52. http://search.washingtonpost.com/wp-srv/WAPO/19971209/V000115-120997-idx.html
53. http://biz.yahoo.com/bw/971210/trident_data_systems_1.html
54. http://www.yahoo.com/headlines/971210/wired/stories/hacker_1.html
55. http://www.yahoo.com/headlines/971210/tech/stories/yahoo_2.html
56. http://www.wired.com/news/news/technology/story/9059.html
57. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
58. http://xforce.iss.net/alerts/alerts.php3
59. http://www.iss.net/
60. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
61. http://xforce.iss.net/alerts/alerts.php3
62. mailto:xforce@iss.net
63. http://www.iss.net/xforce/sensitive.html
64. http://xforce.iss.net/alerts/vol-1_num-9.php3#list
65. http://xforce.iss.net/alerts/alerts.php3
66. http://xforce.iss.net/news.php3
67. http://xforce.iss.net/seriousfun/
68. http://xforce.iss.net/maillists/
69. http://xforce.iss.net/library/
70. http://xforce.iss.net/protoworx/
71. http://xforce.iss.net/alerts/
72. http://xforce.iss.net/submission.php3
73. http://xforce.iss.net/feedback.php3
74. http://xforce.iss.net/search.php3
75. http://xforce.iss.net/about.php3
76. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
77. http://xforce.iss.net/privacy.php3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed