I S S   X - F o r c e
                                      
                         The Most Wanted Alert List
                                      
       [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
          [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
                             [9]Advanced Search
                                      
   _ Alert Summaries_

ISS Security Alert Summary
June 19, 1998
Volume 2 Number 7


X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce

To receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an e-mail to [11]majordomo@iss.net, and within the body of the message
type:  'subscribe alert'.


[12]Top of Page || [13]Back to Alert List

___

Contents

6 Reported Vulnerabilities
 - [14]SGI-mediad
 - [15]SGI-OSF/DCE-dos
 - [16]BSDI-rlogind
 - [17]SSH-insert
 - [18]Sun-nisd
 - [19]Sun-ftpd

Risk Factor Key


[20]Top of Page || [21]Back to Alert List

___


Date Reported:          6/17/98
Vulnerability:          SGI-mediad
Platforms Affected:     IRIX (5.1, 6.4)
Risk Level:             High

The mediad daemon is a program used to monitor removable media
devices on IRIX systems and is installed by default on IRIX 5.1 and 6.4
systems.  It contains a vulnerablity that would allow a user with local
access to the system and physical access to the removable media
devices to obtain root level access.

References:
[22]http://www.sgi.com/Support/security/advisories.html
[23]http://www.ciac.org/ciac/bulletins/i-061.shtml


[24]Top of Page || [25]Back to Alert List

___


Date Reported:          6/17/98
Vulnerability:          SGI-OSF/DCE-dos
Platforms Affected:     IRIX (5.3, 6.2, 6.3 or 6.4)
Risk Level:             Medium

The Open Group has released an advisory about a denial of service attack
on the OSF/DCE (Distributed Computing Environment).  A local or remote
user can cause the security demon (secd) core dump and no longer accept
any incoming connections, thus denying service.  This vulnerability can be
exploited by a user without a local account on the system.

References:
[26]http://www.sgi.com/Support/security/advisories.html
[27]http://www.ciac.org/ciac/bulletins/i-060.shtml
[28]ftp://ftp.cert.org/pub/cert_bulletins/VB-97.12.opengroup


[29]Top of Page || [30]Back to Alert List

___


Date Reported:          6/17/98
Vulnerability:          BSDI-rlogind
Platforms Affected:     BSDI (2.0, 2.1)
Risk Level:             High

A vulnerability in BSDI's rlogin program will allow an attacker to
overflow a buffer.  A buffer overflow can let an attacker execute
unauthorized commands, and in some cases gain root level access.

Reference:
[31]http://www.repsec.com/advisory/0004.html


[32]Top of Page || [33]Back to Alert List

___


Date Reported:          6/11/98
Vulnerability:          SSH-insert
Platforms Affected:     All systems running implementations of SSH using protoc
ol version 1.x
Risk Level:             High

The SSH program is used to provide secure communications over insecure
channels.  It is widely used to log in to remote machines.  It
contains a vulnerability that would allow an attacker to execute
arbitrary commands on thet SSH server or on an encrypted SSH
channel.

Reference:
[34]http://www.core-sdi.com/ssh/ssh-advisory.txt


[35]Top of Page || [36]Back to Alert List

___


Date Reported:          6/10/98
Vulnerability:          Sun-nisd
Platforms Affected:     Solaris (2.3 - 2.6)
Risk Level:             High

A stack-based buffer overflow exists in some versions of the
Solaris 2.x rpc.nisd, which allows attackers to gain root access on
the vulnerable machine.

The rpc.nisd program is an ONC RPC agent that implements the NIS+ service.
Generally, the data sent to an RPC daemon has explicit maximum length,
ensuring that it will not overflow buffers of any reasonable size.
However, one NIS+ argument: nis_name, has no specific maximum length.  In
this case the max length defaults to an unsafe value.  Because NIS+ copies
this argument onto fixed length buffers in the stack, an attacker can
corrupt the stack and cause the daemon to execute arbitrary machine code.

References:
[37]http://www.netspace.org/cgi-bin/wa?A2=ind9806b&L=bugtraq&O=T&P=640
[38]http://www.ciac.org/ciac/bulletins/i-058.shtml
[39]http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/170
[40]http://www.iss.net/xforce/


[41]Top of Page || [42]Back to Alert List

___


Date Reported:          6/10/98
Vulnerability:          Sun-ftpd
Platforms Affected:     Solaris (2.3, 2.5, 2.5.1, 2.6)
Risk Level:             Medium

The ftpd daemon is the Internet File Transfre Protocol or the (FTP) server
process that allows users to transfer files to and from a system. Each
time a connection is made to the FTP service, the Internet daemon
(inetd) invokes the FTP process.  A denial of service attack has been
found that can kill the ftp service.

References:
[43]http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/171
[44]http://www.ciac.org/ciac/bulletins/i-059.shtml


[45]Top of Page || [46]Back to Alert List

___

Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server.
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder.
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password.
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via bruteforce methods.

Internet Security Systems, Inc. (NASDAQ-NMS:ISSX) is the leading provider
of adaptive network security monitoring, detection and response software
that protects the security and integrity of enterprise information
systems.  By dynamically detecting and responding to security
vulnerabilities and threats inherent in open systems, ISS's SAFEsuite®
family of products provides protection across the enterprise, including
the Internet, extranets and internal networks, from attacks, misuse and
security policy violations.  The Company has delivered its network
security, monitoring, detection and response solutions to organizations
worldwide, including firms in the Global 2000, 9 of the ten largest U.S.
commercial banks and over 35 governmental agencies.  For more information,
call ISS at 770-395-0150 or 800-776-2376 or visit the ISS Web site at
HYPERLINK [47]http://www.iss.net.


[48]Top of Page || [49]Back to Alert List

___

Copyright (c) 1998 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically.  It is not to be edited in any way without express consent
of X-Force.  If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [50]xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

X-Force PGP Key available at:   [51]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X-Force xforce@iss.net

   > of Internet Security Systems, Inc.
   
     [52]News | [53]Serious Fun | [54]Mail Lists | [55]Security Library
        [56]Protoworx | [57]Alerts | [58]Submissions | [59]Feedback
                            [60]Advanced Search
                                      
                        [61]About the Knowledge Base
                                      
            Copyright ©1994-1998 Internet Security Systems, Inc.
          All Rights Reserved. Sales Inquiries: [62]sales@iss.net
         6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
                 Phone (678) 443-6000 · Fax (678) 443-6477
                                      
                      Read our [63]privacy guidelines.

References

   1. http://xforce.iss.net/news.php3
   2. http://xforce.iss.net/seriousfun/
   3. http://xforce.iss.net/maillists/
   4. http://xforce.iss.net/library/
   5. http://xforce.iss.net/protoworx/
   6. http://xforce.iss.net/alerts/
   7. http://xforce.iss.net/submission.php3
   8. http://xforce.iss.net/feedback.php3
   9. http://xforce.iss.net/search.php3
  10. http://www.iss.net/xforce
  11. mailto:majordomo@iss.net
  12. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  13. http://xforce.iss.net/alerts/alerts.php3
  14. http://xforce.iss.net/alerts/vol-2_num-7.php3#SGI-mediad
  15. http://xforce.iss.net/alerts/vol-2_num-7.php3#SGI-OSF/DCE-dos
  16. http://xforce.iss.net/alerts/vol-2_num-7.php3#BSDI-rlogind
  17. http://xforce.iss.net/alerts/vol-2_num-7.php3#SSH-insert
  18. http://xforce.iss.net/alerts/vol-2_num-7.php3#Sun-nisd
  19. http://xforce.iss.net/alerts/vol-2_num-7.php3#Sun-ftpd
  20. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  21. http://xforce.iss.net/alerts/alerts.php3
  22. http://www.sgi.com/Support/security/advisories.html
  23. http://www.ciac.org/ciac/bulletins/i-061.shtml
  24. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  25. http://xforce.iss.net/alerts/alerts.php3
  26. http://www.sgi.com/Support/security/advisories.html
  27. http://www.ciac.org/ciac/bulletins/i-060.shtml
  28. ftp://ftp.cert.org/pub/cert_bulletins/VB-97.12.opengroup
  29. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  30. http://xforce.iss.net/alerts/alerts.php3
  31. http://www.repsec.com/advisory/0004.html
  32. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  33. http://xforce.iss.net/alerts/alerts.php3
  34. http://www.core-sdi.com/ssh/ssh-advisory.txt
  35. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  36. http://xforce.iss.net/alerts/alerts.php3
  37. http://www.netspace.org/cgi-bin/wa?A2=ind9806b&L=bugtraq&O=T&P=640
  38. http://www.ciac.org/ciac/bulletins/i-058.shtml
  39. http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/170
  40. http://www.iss.net/xforce
  41. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  42. http://xforce.iss.net/alerts/alerts.php3
  43. http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/171
  44. http://www.ciac.org/ciac/bulletins/i-059.shtml
  45. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  46. http://xforce.iss.net/alerts/alerts.php3
  47. http://www.iss.net/
  48. http://xforce.iss.net/alerts/vol-2_num-7.php3#list
  49. http://xforce.iss.net/alerts/alerts.php3
  50. mailto:xforce@iss.net
  51. http://www.iss.net/xforce/sensitive.html
  52. http://xforce.iss.net/news.php3
  53. http://xforce.iss.net/seriousfun/
  54. http://xforce.iss.net/maillists/
  55. http://xforce.iss.net/library/
  56. http://xforce.iss.net/protoworx/
  57. http://xforce.iss.net/alerts/
  58. http://xforce.iss.net/submission.php3
  59. http://xforce.iss.net/feedback.php3
  60. http://xforce.iss.net/search.php3
  61. http://xforce.iss.net/about.php3
  62. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
  63. http://xforce.iss.net/privacy.php3