From xforce@iss.net Mon Jul 27 11:16:14 1998
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@arden.iss.net>
Date: Sat, 25 Jul 1998 14:38:04 -0400 (EDT)
Subject: ISSalert: ISS Security Alert Summary v2 n8

ISS Security Alert Summary
July 24, 1998
Volume 2 Number 8

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list. 
Send an email to majordomo@iss.net, and within the body of the message 
type:  'subscribe alert'.

___

Contents

5 Reported Vulnerabilities
 - SGI-mailcap
 - SGI-ioconfig/disk_bandwidth
 - Sun-SUNWadmap
 - Sun-libnsl
 - Sun-NIS/NIS+

Risk Factor Key

___

Date Reported:    7/20/98
Vulnerability:    SGI-mailcap
Platforms Affected:  IRIX (6.3, 6.4)
Risk Level:    High

The SGI sysmgr, which is a graphical interface used to administer Silicon 
Graphics workstations, is used by administrators to execute various tasks. 
Two of the tools used to manage its graphical interface, runtask and 
runexec, can be used by a malicious web page to execute local system 
manager tasks.  This can lead to an attacker gaining privileges of the user 
browsing the web, which can lead to root access.

Reference:
Silicon Graphics Inc. Security Advisory: "IRIX 6.3 & 6.4 mailcap 
vulnerability" at ftp://sgigate.sgi.com/security/19980403-02-PX

___

Date Reported:    7/20/98
Vulnerability:    SGI-ioconfig/disk_bandwidth
Platforms Affected:  IRIX (6.4)
Risk Level:    High

>From the Silicon Graphics, Inc. (SGI) Security Advisory, "The IRIX 
ioconfig(1M) program assigns logical controller numbers to all I/O devices 
on a Silicon Graphics Origin(tm) or Onyx2(tm) system. The IRIX 
disk_bandwidth(1M) program is used to determine the number of I/O 
operations that can be performed on a given disk device on an Origin or 
Onyx2 system."  A vulnerability has been found in both of these programs 
that could allow an attacker to obtain root privileges.

Reference:
Silicon Graphics Inc. Security Advisory: "IRIX 6.4 ioconfig(1M) and 
disk_bandwidth(1M) Vulnerability" at 
ftp://sgigate.sgi.com/security/19980701-01-P

___

Date Reported:    7/15/98
Vulnerability:    Sun-SUNWadmap
Platforms Affected:  Solaris (2..6 with SUNWadmap package from the
      Solaris 2.6 Hardware:3/98 or 5/98 update releases)
Risk Level:    High

>From Sun Microsystems, Inc. Security Bulletin #00173, "The System 
administration applications package, SUNWadmap, provides software used to 
perform system administration tasks.  A vulnerability has been discovered 
in the SUNWadmap package of the Solaris 2.6 Hardware:3/98 and 5/98 update 
releases which could be exploited to get root access."

References:
Sun Microsystems, Inc. Security Bulletin: "Security Bulletin #00173" at 
http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/173

CIAC Information Bulletin I-072: "SunOS Vulnerabilities (libnsl, 
SUNWadmap)" at http://www.ciac.org/ciac/bulletins/i-072.shtml

___

Date Reported:    7/15/98
Vulnerability:    Sun-libnsl
Platforms Affected:  Solaris (2.4, 2.5, 2.5.1, 2.6)
Risk Level:    High

Several buffer overflows have been found in the libnsl library, which 
provides functions used by application programs to interface to network 
services.  If exploited, these buffer overflow conditions could be used to 
gain root level access.

References:
Sun Microsystems, Inc. Security Bulletin: "Security Bulletin #00172" at 
http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/172

CIAC Information Bulletin I-072: "SunOS Vulnerabilities (libnsl, 
SUNWadmap)" at http://www.ciac.org/ciac/bulletins/i-072.shtml

___

Date Reported:    6/29/98
Vulnerability:    Sun-NIS/NIS+
Platforms Affected:  Sun NIS/NIS+ based networks
Risk Level:    High

It is possible, through a well orchestrated attack using the finger service 
against multiple NIS clients, to disrupt an entire NIS-based network and/or 
starve the NIS servers for resources.  The issue originates in the finger 
service but the attack causes long duration, network-wide congestion and 
resource exhaustion on NIS servers.

References:
ISS Security Alert Advisory: "Distributed DoS attack against NIS/NIS+ based 
networks" at http://www.iss.net/xforce/alerts/nis-attack.html

CIAC Information Bulletin I-070: "Distributed DoS Attack Against NIS/NIS+ 
Networks" at http://www.ciac.org/ciac/bulletins/i-070.shtml

___

Risk Factor Key:

  High  Any vulnerability that provides an attacker with immediate
    access into a machine, gains superuser access, or bypasses
    a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
    that allows an intruder to execute commands on mail
    server.
  Medium  Any vulnerability that provides information that has a
    high potential of giving system access to an intruder.
    Example: A misconfigured TFTP or vulnerable NIS server
    that allows an intruder to get the password file that
    could contain an account with a guessable password.
  Low  Any vulnerability that provides information that
    potentially could lead to a compromise.  Example:  A
    finger that allows an intruder to find out who is online
    and potential accounts to attempt to crack passwords
    via bruteforce methods.


Internet Security Systems, Inc. is the leading provider of adaptive network 
security monitoring, detection and response software that protects the 
security and integrity of enterprise information systems.  By dynamically 
detecting and responding to security vulnerabilities and threats inherent 
in open systems, ISS's SAFEsuite family of products provide protection 
across the enterprise, including the Internet, extranets, and internal 
networks, from attacks, misuse and security policy violations.  The Company 
has delivered its adaptive network security solutions to organizations 
worldwide, including firms in the Global 2000, 9 of the ten largest U.S. 
commercial banks and over 35 governmental agencies.  For more information, 
call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at 
http://www.iss.net.

________

Copyright (c) 1998 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary 
electronically.  It is not to be edited in any way without express consent 
of X-Force.  If you wish to reprint the whole or any part of this Alert 
Summary in any other medium excluding electronic medium, please email 
xforce@iss.net for permission.

Disclaimer
The information within this paper may change without notice. Use of this 
information constitutes acceptance for use in an AS IS condition. There are 
NO warranties with regard to this information. In no event shall the author 
be liable for any damages whatsoever arising out of or in connection with 
the use or spread of this information. Any use of this information is at 
the user's own risk.

X-Force PGP Key available at:   http://www.iss.net/xforce/sensitive.html as 
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.