ISS Security Alert Summary for April 3, 1998.
774472bda196da17b5cfb52c43dbb8fd2b7f44fe0d61e91a72f3ec6154ea9179
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
April 3, 1998
Volume 2 Number 4
X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an e-mail to [11]majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.
[12]Top of Page || [13]Back to Alert List
___
Contents
10 Reported Vulnerabilities
- [14]SGI-mailcap
- [15]SGI-pfdispaly
- [16]HP-inetd
- [17]Sun-NIS+
- [18]AIX-ttdbserver
- [19]Ascend-kill2
- [20]fraggle
- [21]SGI-digitalmedia-tools
- [22]Sun-ndd
- [23]Sun-rpc.cmsd
4 Updates
- [24]SGI-pset
- [25]SGI-imap/pop
- [26]FreeBSD-iland
- [27]FreeBSD-mmap
Risk Factor Key
[28]Top of Page || [29]Back to Alert List
___
Date Reported: 4/2/98
Vulnerability: SGI-mailcap
Platforms Affected: IRIX (6.3, 6.4)
Risk Level: High
The IRIX System Manager is a web-like interface that allows you to
administer an SGI workstation. A vulnerability exists that would allow an
attacker to mimic the runtask or runexec descriptor files. An unknowing
SGI user could download the descriptor files while reading e-mail or
browsing the web. The fake descriptor files could execute a local
System Manager Task using the privileges of the user reading e-mail or
browsing the web. This action could lead to a local root compromise.
References:
[30]ftp://sgigate.sgi.com/security/19980403-01-PX
[31]http://www.sgi.com/Support/security
[32]Top of Page || [33]Back to Alert List
___
Date Reported: 4/2/98
Vulnerability: SGI-pfdispaly
Platforms Affected: IRIX (6.2, 6.3, 6.4)
Risk Level: Medium
The IRIS Performer API Search Tool is a web-based search tool that assists
in searching of man pages, documents, example code, and special items
known as classes, methods, tokens, and samples. The program pfdispaly.cgi
contains a vulnerability that allows remote users to view any file on the
system with 'nobody' privileges.
References:
[34]ftp://sgigate.sgi.com/security/19980401-01-P3018
[35]http://www.sgi.com/Support/security
[36]Top of Page || [37]Back to Alert List
___
Date Reported: 3/30/98
Vulnerability: HP-inetd
Platforms Affected: HP-UX (9.x, 10.x)
Risk Level: Medium
A vulnerability exists in HP-UX's inetd service. Improperly coded
routines could result in denial of service attacks such as the loss of
networking.
References:
HP Security Bulletin #00077 - [38]http://us-support.external.hp.com/
[39]http://ciac.llnl.gov/ciac/bulletins/i-039.shtml
[40]Top of Page || [41]Back to Alert List
___
Date Reported: 3/23/98
Vulnerability: Sun-NIS+
Platforms Affected: Network Information Server Plus (NIS+)
Risk Factor: High
NIS+ (Network Information Server Plus) is a directory service that provides
various services distributed over a network. Vulnerabilities exist in
NIS+ that allows unauthenticated remote users to gain sensitive
information from the server, as well as disable logging on the NIS+
server.
Reference:
[42]ftp://ftp.secnet.com/pub/advisories/SNI-27.NIS+.advisory
[43]Top of Page || [44]Back to Alert List
___
Date Reported: 3/18/98
Vulnerability: AIX-ttdbserver
Platforms Affected: AIX (4.1.5)
Risk Factor: Medium-High
AIX 4.1.5 machines running ttdbserver are vulnerable to a denial of
service attack that can be initiated by anyone on the Internet without a
login or password on the vulnerable system. The attack can result in a
slowdown of the system or a complete crash of the system depending on the
configuration of the machine being attacked. AIX inetd PATCH IX70400
fixes this problem.
Reference:
[45]http://www.netspace.org/cgi-bin/wa?A2=ind9803c&L=bugtraq&O=T&P=2497
[46]Top of Page || [47]Back to Alert List
___
Date Reported: 3/16/98
Vulnerability: Ascend-kill2/snmp
Platforms Affected: Ascend Operating Systems
(5.0Ap42 (MAX) and 5.0A (Pipeline))
Risk Factor: High
A denial of service vulnerability exists in Ascend Pipeline and MAX
networking equipment running Ascend operating systems 5.0A and 5.0Ap42,
respectively. An attacker can send a malformed probe packet to the discard
port of the router, which causes the router to lock up. A second issue
allows an attacker to use SNMP and TFTP to capture the entire
configuration file, including passwords and keys for the router.
Reference:
[48]ftp://ftp.secnet.com/pub/advisories/SNI-26.Ascend.advisory
[49]http://ciac.llnl.gov/ciac/bulletins/i-038.shtml
[50]Top of Page || [51]Back to Alert List
___
Date Reported: 3/15/98
Vulnerability: fraggle
Platforms Affected: Any platform connected to the Internet
Risk Factor: High
A variant of the smurf denial of service attack called 'fraggle' has been
posted to a number of security mailing lists. The attack consists of
sending out hundreds of UDP packets from a spoofed source (the victim) to
broadcast addresses. All of these hosts then reply to the victim with ICMP
unreach messages, which will crash the system being attacked.
Reference:
[52]http://www.netspace.org/cgi-bin/wa?A2=ind9803c&L=bugtraq&O=T&P=367
[53]Top of Page || [54]Back to Alert List
___
Date Reported: 3/11/98
Vulnerability: SGI-digitalmedia-tools
Platforms Affected: IRIX (5.x, 6.x)
Risk Factor: High
The Digital Media Tools are a set of programs that provide software
support to Silicon Graphic's Multimedia hardware. A number of these tools
contain buffer overruns that could allow arbitrary commands to be run as
root. These tools include: startmidi/stopmidi, datman/cdman, cdplayer and
the CDROM Confidence Test program.
References:
[55]ftp://sgigate.sgi.com/security/19980301-01-PX
[56]http://ciac.llnl.gov/ciac/bulletins/i-035.shtml
[57]http://www.sgi.com/Support/security
[58]Top of Page || [59]Back to Alert List
___
Date Reported: 3/11/98
Vulnerability: Sun-ndd
Platforms Affected: Solaris (2.6)
Risk Factor: Medium
The ndd command is used to get and set selected TCP/IP Internet protocol
family configuration parameters in some kernel drivers. A vulnerability
has been found that would allow a potential attacker to set TCP/IP
parameters to cause a denial of service on the vulnerable system.
Reference:
[60]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-165.txt
[61]Top of Page || [62]Back to Alert List
___
Date Reported: 3/11/98
Vulnerability: Sun-rpc.cmsd
Platforms Affected: Solaris (2.3, 2.4, 2.5, 2.5.1)
Risk Factor: High
Sun has found a vulnerability in the database manager rpc.cmsd. It is
used as an appointment and resource-scheduler with clients such as
Calendar Manager in Openwindows, and Calendar in CDE. The vulnerability,
if exploited, would allow an attacker to overwrite arbitrary files and
gain root level access.
Reference:
[63]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-166.txt
[64]Top of Page || [65]Back to Alert List
___
Date: 3/26/98 (CERT CA-97.21)
Update: SGI-pset
Vendor: Silicon Graphics Inc.
Platforms: IRIX (5.x, 6.0.x, 6.1, 6.2, 6.3)
The pset program is used to display and manage processor set information.
It contains a vulnerability that would allow local users to execute
arbitrary files as root.
References:
[66]ftp://sgigate.sgi.com/security/19970506-02-PX
[67]ftp://info.cert.org/pub/cert_advisories/CA-97.21.sgi_buffer_overflow
[68]http://ciac.llnl.gov/ciac/bulletins/h-61b.shtml
[69]Top of Page || [70]Back to Alert List
___
Date: 3/25/98 (CERT CA-97.09)
Update: SGI-imap/pop
Vendor: Silicon Graphics Inc.
Platforms: IMAP4
POP3
The Internet Mail Access Protocol (IMAP) and Post Office Protocol (POP)
are programs that provide users with means to process and retrieve mail.
A vulnerability exists in these programs that would allow remote users to
obtain root access. SGI has investigated these issues and found that IRIX
implementations of IMAP and POP are not vulnerable to this problem.
References:
[71]ftp://sgigate.sgi.com/security/19980302-01-I
[72]http://ciac.llnl.gov/ciac/bulletins/h-46a.shtml
[73]Top of Page || [74]Back to Alert List
___
Date: 3/12/98 (ISS Security Alert Summary v1 n8)
Update: FreeBSD-land
Vendor: FreeBSD, Inc.
Platforms: FreeBSD 2.1.*, FreeBSD 2.2.0R, 2.2.1R, 2.2.5R
FreeBSD-stable and FreeBSD-current
A bug called the land attack (named by its discoverer) has been posted
to the BUGTRAQ security mailing list. This is an exploit that can lock up
or "freeze" many different operating systems, as well as network hardware.
An attacker can send a SYN packet, which is normally used to open a
connection, to the host they want to attack. The packet is spoofed to
appear to the machine that it is coming from itself, from the same port.
When the machine tries to respond to itself multiple times, it crashes.
Many different operating systems and hardware (such as routers and hubs)
have been reported to being vulnerable to this bug. FreeBSD has released
patches that correct this problem on the vulnerable FreeBSD systems.
Patch:
[75]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:01/
References:
[76]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-98:01.land.asc
[77]http://ciac.llnl.gov/ciac/bulletins/i-036.shtml
[78]http://www.iss.net/xforce/alerts/vol-1_num-8.html
[79]Top of Page || [80]Back to Alert List
___
Date: 3/12/98 (ISS Security Alert Summary v2 n3)
Update: FreeBSD-mmap
Vendor: FreeBSD, Inc.
Platforms: FreeBSD 2.2.*, FreeBSD-stable and
FreeBSD-current before 1998/03/11
The mmap() system call is used to map files to a memory address space. In
some 4.4 BSD derived operating systems (such as FreeBSD, NetBSD, OpenBSD,
and BSDI), a vulnerability exists within this system call that allows a
user of a privileged group (kmem) to become root. This vulnerability also
allows a root user to modify the securelevel of a system. This setting
normally prevents everyone, even root users, from making some security
critical modifications to a normal system. FreeBSD has released patches
that correct this issue.
Patch:
[81]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:02/
References:
[82]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-98:02.mmap.asc
[83]http://ciac.llnl.gov/ciac/bulletins/i-037.shtml
[84]Top of Page || [85]Back to Alert List
___
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce methods.
Internet Security Systems, Inc. (NASDAQ-NMS:ISSX) is the leading provider
of adaptive network security monitoring, detection and response software
that protects the security and integrity of enterprise information
systems. By dynamically detecting and responding to security
vulnerabilities and threats inherent in open systems, ISS's SAFEsuite®
family of products provides protection across the enterprise, including
the Internet, extranets and internal networks, from attacks, misuse and
security policy violations. The Company has delivered its network
security, monitoring, detection and response solutions to organizations
worldwide, including firms in the Global 2000, 9 of the ten largest U.S.
commercial banks and over 35 governmental agencies. For more information,
call ISS at 770-395-0150 or 800-776-2376 or visit the ISS Web site at
HYPERLINK [86]http://www.iss.net.
[87]Top of Page || [88]Back to Alert List
___
Copyright (c) 1998 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [89]xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
X-Force PGP Key available at: [90]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force xforce@iss.net
> of Internet Security Systems, Inc.
[91]News | [92]Serious Fun | [93]Mail Lists | [94]Security Library
[95]Protoworx | [96]Alerts | [97]Submissions | [98]Feedback
[99]Advanced Search
[100]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [101]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [102]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
13. http://xforce.iss.net/alerts/alerts.php3
14. http://xforce.iss.net/alerts/vol-2_num-4.php3#SGI-mailcap
15. http://xforce.iss.net/alerts/vol-2_num-4.php3#SGI-pfdispaly
16. http://xforce.iss.net/alerts/vol-2_num-4.php3#HP-inetd
17. http://xforce.iss.net/alerts/vol-2_num-4.php3#Sun-NIS+
18. http://xforce.iss.net/alerts/vol-2_num-4.php3#AIX-ttdbserver
19. http://xforce.iss.net/alerts/vol-2_num-4.php3#Ascend-kill2
20. http://xforce.iss.net/alerts/vol-2_num-4.php3#fraggle
21. http://xforce.iss.net/alerts/vol-2_num-4.php3#SGI-digitalmedia-tools
22. http://xforce.iss.net/alerts/vol-2_num-4.php3#Sun-ndd
23. http://xforce.iss.net/alerts/vol-2_num-4.php3#Sun-rpc.cmsd
24. http://xforce.iss.net/alerts/vol-2_num-4.php3#SGI-pset
25. http://xforce.iss.net/alerts/vol-2_num-4.php3#SGI-imap/pop
26. http://xforce.iss.net/alerts/vol-2_num-4.php3#FreeBSD-iland
27. http://xforce.iss.net/alerts/vol-2_num-4.php3#FreeBSD-mmap
28. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
29. http://xforce.iss.net/alerts/alerts.php3
30. ftp://sgigate.sgi.com/security/19980403-01-PX
31. http://www.sgi.com/Support/security
32. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
33. http://xforce.iss.net/alerts/alerts.php3
34. ftp://sgigate.sgi.com/security/19980401-01-P3018
35. http://www.sgi.com/Support/security
36. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
37. http://xforce.iss.net/alerts/alerts.php3
38. http://us-support.external.hp.com/
39. http://ciac.llnl.gov/ciac/bulletins/i-039.shtml
40. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
41. http://xforce.iss.net/alerts/alerts.php3
42. ftp://ftp.secnet.com/pub/advisories/SNI-27.NIS+.advisory
43. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
44. http://xforce.iss.net/alerts/alerts.php3
45. http://www.netspace.org/cgi-bin/wa?A2=ind9803c&L=bugtraq&O=T&P=2497
46. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
47. http://xforce.iss.net/alerts/alerts.php3
48. ftp://ftp.secnet.com/pub/advisories/SNI-26.Ascend.advisory
49. http://ciac.llnl.gov/ciac/bulletins/i-038.shtml
50. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
51. http://xforce.iss.net/alerts/alerts.php3
52. http://www.netspace.org/cgi-bin/wa?A2=ind9803c&L=bugtraq&O=T&P=367
53. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
54. http://xforce.iss.net/alerts/alerts.php3
55. ftp://sgigate.sgi.com/security/19980301-01-PX
56. http://ciac.llnl.gov/ciac/bulletins/i-035.shtml
57. http://www.sgi.com/Support/security
58. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
59. http://xforce.iss.net/alerts/alerts.php3
60. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-165.txt
61. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
62. http://xforce.iss.net/alerts/alerts.php3
63. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-166.txt
64. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
65. http://xforce.iss.net/alerts/alerts.php3
66. ftp://sgigate.sgi.com/security/19970506-02-PX
67. ftp://info.cert.org/pub/cert_advisories/CA-97.21.sgi_buffer_overflow
68. http://ciac.llnl.gov/ciac/bulletins/h-61b.shtml
69. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
70. http://xforce.iss.net/alerts/alerts.php3
71. ftp://sgigate.sgi.com/security/19980302-01-I
72. http://ciac.llnl.gov/ciac/bulletins/h-46a.shtml
73. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
74. http://xforce.iss.net/alerts/alerts.php3
75. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:01
76. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-98:01.land.asc
77. http://ciac.llnl.gov/ciac/bulletins/i-036.shtml
78. http://www.iss.net/xforce/alerts/vol-1_num-8.html
79. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
80. http://xforce.iss.net/alerts/alerts.php3
81. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:02
82. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-98:02.mmap.asc
83. http://ciac.llnl.gov/ciac/bulletins/i-037.shtml
84. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
85. http://xforce.iss.net/alerts/alerts.php3
86. http://www.iss.net/
87. http://xforce.iss.net/alerts/vol-2_num-4.php3#list
88. http://xforce.iss.net/alerts/alerts.php3
89. mailto:xforce@iss.net
90. http://www.iss.net/xforce/sensitive.html
91. http://xforce.iss.net/news.php3
92. http://xforce.iss.net/seriousfun/
93. http://xforce.iss.net/maillists/
94. http://xforce.iss.net/library/
95. http://xforce.iss.net/protoworx/
96. http://xforce.iss.net/alerts/
97. http://xforce.iss.net/submission.php3
98. http://xforce.iss.net/feedback.php3
99. http://xforce.iss.net/search.php3
100. http://xforce.iss.net/about.php3
101. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
102. http://xforce.iss.net/privacy.php3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed