ISS Security Alert Summary for July 24, 1998.
803a860c0629789f94141619d55a0a48e564d91718223b7349ec9995abfcd93c
From xforce@iss.net Mon Jul 27 11:16:14 1998
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@arden.iss.net>
Date: Sat, 25 Jul 1998 14:38:04 -0400 (EDT)
Subject: ISSalert: ISS Security Alert Summary v2 n8
ISS Security Alert Summary
July 24, 1998
Volume 2 Number 8
X-Force Vulnerability and Threat Database: http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.
___
Contents
5 Reported Vulnerabilities
- SGI-mailcap
- SGI-ioconfig/disk_bandwidth
- Sun-SUNWadmap
- Sun-libnsl
- Sun-NIS/NIS+
Risk Factor Key
___
Date Reported: 7/20/98
Vulnerability: SGI-mailcap
Platforms Affected: IRIX (6.3, 6.4)
Risk Level: High
The SGI sysmgr, which is a graphical interface used to administer Silicon
Graphics workstations, is used by administrators to execute various tasks.
Two of the tools used to manage its graphical interface, runtask and
runexec, can be used by a malicious web page to execute local system
manager tasks. This can lead to an attacker gaining privileges of the user
browsing the web, which can lead to root access.
Reference:
Silicon Graphics Inc. Security Advisory: "IRIX 6.3 & 6.4 mailcap
vulnerability" at ftp://sgigate.sgi.com/security/19980403-02-PX
___
Date Reported: 7/20/98
Vulnerability: SGI-ioconfig/disk_bandwidth
Platforms Affected: IRIX (6.4)
Risk Level: High
>From the Silicon Graphics, Inc. (SGI) Security Advisory, "The IRIX
ioconfig(1M) program assigns logical controller numbers to all I/O devices
on a Silicon Graphics Origin(tm) or Onyx2(tm) system. The IRIX
disk_bandwidth(1M) program is used to determine the number of I/O
operations that can be performed on a given disk device on an Origin or
Onyx2 system." A vulnerability has been found in both of these programs
that could allow an attacker to obtain root privileges.
Reference:
Silicon Graphics Inc. Security Advisory: "IRIX 6.4 ioconfig(1M) and
disk_bandwidth(1M) Vulnerability" at
ftp://sgigate.sgi.com/security/19980701-01-P
___
Date Reported: 7/15/98
Vulnerability: Sun-SUNWadmap
Platforms Affected: Solaris (2..6 with SUNWadmap package from the
Solaris 2.6 Hardware:3/98 or 5/98 update releases)
Risk Level: High
>From Sun Microsystems, Inc. Security Bulletin #00173, "The System
administration applications package, SUNWadmap, provides software used to
perform system administration tasks. A vulnerability has been discovered
in the SUNWadmap package of the Solaris 2.6 Hardware:3/98 and 5/98 update
releases which could be exploited to get root access."
References:
Sun Microsystems, Inc. Security Bulletin: "Security Bulletin #00173" at
http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/173
CIAC Information Bulletin I-072: "SunOS Vulnerabilities (libnsl,
SUNWadmap)" at http://www.ciac.org/ciac/bulletins/i-072.shtml
___
Date Reported: 7/15/98
Vulnerability: Sun-libnsl
Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)
Risk Level: High
Several buffer overflows have been found in the libnsl library, which
provides functions used by application programs to interface to network
services. If exploited, these buffer overflow conditions could be used to
gain root level access.
References:
Sun Microsystems, Inc. Security Bulletin: "Security Bulletin #00172" at
http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/172
CIAC Information Bulletin I-072: "SunOS Vulnerabilities (libnsl,
SUNWadmap)" at http://www.ciac.org/ciac/bulletins/i-072.shtml
___
Date Reported: 6/29/98
Vulnerability: Sun-NIS/NIS+
Platforms Affected: Sun NIS/NIS+ based networks
Risk Level: High
It is possible, through a well orchestrated attack using the finger service
against multiple NIS clients, to disrupt an entire NIS-based network and/or
starve the NIS servers for resources. The issue originates in the finger
service but the attack causes long duration, network-wide congestion and
resource exhaustion on NIS servers.
References:
ISS Security Alert Advisory: "Distributed DoS attack against NIS/NIS+ based
networks" at http://www.iss.net/xforce/alerts/nis-attack.html
CIAC Information Bulletin I-070: "Distributed DoS Attack Against NIS/NIS+
Networks" at http://www.ciac.org/ciac/bulletins/i-070.shtml
___
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce methods.
Internet Security Systems, Inc. is the leading provider of adaptive network
security monitoring, detection and response software that protects the
security and integrity of enterprise information systems. By dynamically
detecting and responding to security vulnerabilities and threats inherent
in open systems, ISS's SAFEsuite family of products provide protection
across the enterprise, including the Internet, extranets, and internal
networks, from attacks, misuse and security policy violations. The Company
has delivered its adaptive network security solutions to organizations
worldwide, including firms in the Global 2000, 9 of the ten largest U.S.
commercial banks and over 35 governmental agencies. For more information,
call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at
http://www.iss.net.
________
Copyright (c) 1998 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this Alert
Summary in any other medium excluding electronic medium, please email
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.
X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.