ISS Security Alert Summary for May 22, 1998.
de5c1f96cd1c0c12879da6a6cecf7f6ff91c0d3397dcc5f953bfde1ed94c5155
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
May 22, 1998
Volume 2 Number 6
X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an e-mail to [11]majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.
[12]Top of Page || [13]Back to Alert List
___
Contents
5 Reported Vulnerabilities
- [14]XFree86-xterm/Xaw
- [15]Quake-server-vuln
- [16]HP-openmail
- [17]Sun-ufsrestore
- [18]Sun-mountd
Risk Factor Key
[19]Top of Page || [20]Back to Alert List
___
Date Reported: 5/3/98
Vulnerability: XFree86-xterm/Xaw
Platforms Affected: All XFree86 versions up to and including 3.3.2
Risk Level: High
xterm is a terminal emulator for X Windows and is included with XFree86
releases. Xaw is the Athena Widgets Xaw library and is also included with
XFree86 releases. Vulnerabilities exist in both xterm and the Xaw library
that would allow an attacker to overflow buffers in xterm and any program
that uses the Xaw library. If these programs are setuid root, then an
attacker with an account on the local system can gain root level access.
Reference:
[21]ftp://ftp.xfree86.org/pub/XFree86/Security/XFree86-SA-1998:01.asc
[22]Top of Page || [23]Back to Alert List
___
Date Reported: 5/1/98
Vulnerability: Quake-server-vuln
Platforms Affected: Quake 1/2, QuakeWorld, Linux/Solaris Quake2
Risk Level: High
The Quake server contains a feature that allows remote administrators to
send commands to the Quake console with a password. It is possible for an
attacker to bypass the authentication and execute commands or even
remotely compromise administrator access on the Quake server.
Reference:
[24]http://www.repsec.com/advisory/0001.html
[25]Top of Page || [26]Back to Alert List
___
Date Reported: 4/29/98
Vulnerability: HP-openmail
Platforms Affected: Any HP 9000 series 700/800 systems running OpenMail.
Risk Level: High
- From HP Security Bulletin: "Hewlett-Packard has learned of an OpenMail
server misconfiguration that can give users the ability to run arbitrary
shell commands. This applies to all currently supported OpenMail versions
(B.05.01 (GR4) and B.05.10 (GR5), as well as the earlier B.04.01 (GR3)
revision."
References:
HP Security Bulletin #00078 - [27]http://us-support.external.hp.com/
[28]http://www.ciac.org/ciac/bulletins/i-047.shtml
[29]Top of Page || [30]Back to Alert List
___
Date Reported: 4/29/98
Vulnerability: Sun-ufsrestore
Platforms Affected: Solaris (2.5, 2.5.1)
Risk Level: High
The usfrestore program is used to restore files from backup media that
were backed up using the usfdump command. usfrestore has a vulnerability
that can be exploited and would allow an attacker to gain root level
access on the vulnerable system.
References:
[31]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-169.txt
[32]http://www.ciac.org/ciac/bulletins/i-049.shtml
[33]Top of Page || [34]Back to Alert List
___
Date Reported: 4/29/98
Vulnerability: Sun-mountd
Platforms Affected: Solaris (2.3, 2.4, 2.5, 2.5.1, 2.6)
Risk Level: High
mountd is the RPC server that handles file system mount requests on NFS
file systems. A vulnerability has been discovered in mountd that would
allow an attacker to obtain information about any file that exists on the
NFS server.
References:
[35]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-168.txt
[36]http://www.ciac.org/ciac/bulletins/i-048.shtml
[37]Top of Page || [38]Back to Alert List
___
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce methods.
Internet Security Systems, Inc. (NASDAQ-NMS:ISSX) is the leading provider
of adaptive network security monitoring, detection and response software
that protects the security and integrity of enterprise information
systems. By dynamically detecting and responding to security
vulnerabilities and threats inherent in open systems, ISS's SAFEsuite®
family of products provides protection across the enterprise, including
the Internet, extranets and internal networks, from attacks, misuse and
security policy violations. The Company has delivered its network
security, monitoring, detection and response solutions to organizations
worldwide, including firms in the Global 2000, 9 of the ten largest U.S.
commercial banks and over 35 governmental agencies. For more information,
call ISS at 770-395-0150 or 800-776-2376 or visit the ISS Web site at
HYPERLINK [39]http://www.iss.net.
[40]Top of Page || [41]Back to Alert List
___
Copyright (c) 1998 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [42]xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
X-Force PGP Key available at: [43]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force xforce@iss.net
> of Internet Security Systems, Inc.
[44]News | [45]Serious Fun | [46]Mail Lists | [47]Security Library
[48]Protoworx | [49]Alerts | [50]Submissions | [51]Feedback
[52]Advanced Search
[53]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [54]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [55]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
13. http://xforce.iss.net/alerts/alerts.php3
14. http://xforce.iss.net/alerts/vol-2_num-6.php3#XFree86-xterm/Xaw
15. http://xforce.iss.net/alerts/vol-2_num-6.php3#Quake-server-vuln
16. http://xforce.iss.net/alerts/vol-2_num-6.php3#HP-openmail
17. http://xforce.iss.net/alerts/vol-2_num-6.php3#Sun-ufsrestore
18. http://xforce.iss.net/alerts/vol-2_num-6.php3#Sun-mountd
19. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
20. http://xforce.iss.net/alerts/alerts.php3
21. ftp://ftp.xfree86.org/pub/XFree86/Security/XFree86-SA-1998:01.asc
22. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
23. http://xforce.iss.net/alerts/alerts.php3
24. http://www.repsec.com/advisory/0001.html
25. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
26. http://xforce.iss.net/alerts/alerts.php3
27. http://us-support.external.hp.com/
28. http://www.ciac.org/ciac/bulletins/i-047.shtml
29. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
30. http://xforce.iss.net/alerts/alerts.php3
31. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-169.txt
32. http://www.ciac.org/ciac/bulletins/i-049.shtml
33. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
34. http://xforce.iss.net/alerts/alerts.php3
35. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-168.txt
36. http://www.ciac.org/ciac/bulletins/i-048.shtml
37. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
38. http://xforce.iss.net/alerts/alerts.php3
39. http://www.iss.net/
40. http://xforce.iss.net/alerts/vol-2_num-6.php3#list
41. http://xforce.iss.net/alerts/alerts.php3
42. mailto:xforce@iss.net
43. http://www.iss.net/xforce/sensitive.html
44. http://xforce.iss.net/news.php3
45. http://xforce.iss.net/seriousfun/
46. http://xforce.iss.net/maillists/
47. http://xforce.iss.net/library/
48. http://xforce.iss.net/protoworx/
49. http://xforce.iss.net/alerts/
50. http://xforce.iss.net/submission.php3
51. http://xforce.iss.net/feedback.php3
52. http://xforce.iss.net/search.php3
53. http://xforce.iss.net/about.php3
54. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
55. http://xforce.iss.net/privacy.php3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed