ISS Security Alert Summary for October 15, 1998.
f3ca0e1b673e643d6d61ada8d2d7bd20cb118c13a27024a1195e60a293e51a23
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
October 15, 1998
Volume 3 Number 1
X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To
receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to [11]majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.
[12]Top of Page || [13]Back to Alert List
___
Contents
5 Reported Vulnerabilities
- [14]Lotus-Domino-webinfo
- [15]Sun-ftp
- [16]SGI-mail
- [17]snork
- [18]Novell-groupwise-bo
2 Updates
- [19]SGI-at
- [20]SGI-mail-patches
Risk Factor Key
[21]Top of Page || [22]Back to Alert List
___
Date Reported: 10/9/98
Vulnerability: Lotus-Domino-webinfo
Platforms Affected: Lotus Domino
Risk Level: High
The l0pht has received information that many Domino web applications have
improper permissions set. It is possible for a remote attacker to gain
information such as credit card numbers, names and addresses, etc using
web tricks such as formatted URLs.
Reference:
L0pht Security Advisory: "Web users can retrieve sensitive data in many
Domino based Internet applications at
"[23]http://www.l0pht.com/advisories/domino3.txt"
[24]Top of Page || [25]Back to Alert List
___
Date Reported: 9/29/98
Vulnerability: Sun-ftp
Platforms Affected: Solaris (2.3, 2.5, 2.5.1, 2.6)
Risk Level: High
The ftp command is used to transfer files to and from one site to another.
A vulnerability has been found that would allow a malicious ftp server to
trick the ftp client into executing arbitrary commands.
References:
Sun Microsystems, Inc. Security Bulletin #00176: "ftp" at
[26]http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/176
CIAC Information Bulletin: "SunOS ftp client Vulnerability" at
[27]http://www.ciac.org/ciac/bulletins/j-004.shtml
[28]Top of Page || [29]Back to Alert List
___
Date Reported: 9/29/98
Vulnerability: SGI-mail
Platforms Affected: IRIX (3.x, 4.x, 5.0.x, 5.1.x, 5.2, 5.3, 6.0.x
6.1, 6.2, 6.3, 6.4, 6.5, 6.5.1m)
Risk Level: High
This Silicon Graphics advisory contains information on several
vulnerabilities. First, a buffer overrun was found in the mailx program
that would allow an attacker to manipulate any file owned by the mail
group. The second vulnerability was in the Mail(1) program that would
allow an attacker to obtain root level access.
References:
Silicon Graphics Inc. Security Advisory: "IRIX Mail(1)/mailx(1) Security
Issues" at [30]ftp://sgigate.sgi.com/security/19980605-01-PX
CIAC Information Bulletin: "SGI IRIX Mail(1)/mailx(1) Security
Vulnerabilities" at [31]http://www.ciac.org/ciac/bulletins/j-002.shtml
[32]Top of Page || [33]Back to Alert List
___
Date Reported: 9/29/98
Vulnerability: snork
Platforms Affected: Windows NT 4.0 (Workstation and Server)
Risk Level: Medium
The ISS X-Force has been researching a denial of service attack against
the Windows NT RPC service. This attack allows an attacker with minimal
resources to cause a remote NT system to consume 100% CPU Usage
for an indefinite period of time. It also allows a remote attacker to
utilize a very large amount of bandwidth on a remote NT network by
inducing vulnerable systems to engage in a continuous bounce of packets
between all combinations of systems. This attack is similar to those
found in the "Smurf" and "Fraggle" exploits, and is known as the "Snork"
attack.
This vulnerability exists on Windows NT 4.0 Workstation and Server.
All systems with service packs up to and including SP4 RC 1.99 are
vulnerable, including any hotfixes released prior to 9/10/98.
Reference:
ISS Security Advisory: "Snork Denial of Service Attack Against Windows NT
RPC Service" at [34]http://www.iss.net/xforce/alerts/advise9.html
[35]Top of Page || [36]Back to Alert List
___
Date Reported: 9/23/98
Vulnerability: Novell-groupwise-bo
Platforms Affected: Novell IntranetWare (GroupWise)
Risk Level: High
NMRC has found a remote buffer overflow condition in the POP3 and LDAP
ports that can be exploited to crash the server. Novell has released a
patch as of 10/6. Find gwia551.exe at [37]http://support.novell.com.
Reference:
Nomad Mobile Research Centre Advisory: "GroupWise Buffer Overflow" at
[38]http://www.nmrc.org/news/group1.txt
[39]Top of Page || [40]Back to Alert List
___
Date Reported: 10/5/98
Update: SGI-at (NetBSD Security Advisory 1998-004)
Vendor: Silicon Graphics Inc.
Platforms Affected: IRIX (6.2, 6.4, 6.5, 6.5.1)
SGI has released patches for the at(1) vulnerability that can be used to
read normally unreadable files on the system. A local user can use at to
queue a file for execution on the system, and the at command will return
errors that can contain parts of the unreadable file.
References:
Silicon Graphics Inc. Security Advisory: "IRIX at(1) vulnerability" at
[41]ftp://sgigate.sgi.com/security/19981001-01-PX
NetBSD Security Advisory 1998-004: "Problem with at(1) allows any file to
be read." at
[42]ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-004.
txt.asc
[43]Top of Page || [44]Back to Alert List
___
Date Reported: 9/29/98
Update: SGI-mail-patches (CERT CA-96.20)
Vendor: Silicon Graphics Inc.
Platforms Affected: IRIX (3.x, 4.x, 5.0.x, 5.1.x, 5.2, 5.3, 6.0.x
6.1, 6.2, 6.3, 6.4, 6.5, 6.5.1m)
Silicon Graphics Inc, has replaced patches with new patches that correct
multiple Mail(1) security issues. See reference for exact patches and
vulnerabilities.
References:
Silicon Graphics Inc. Security Advisory: "IRIX mail(1)/rmail(1M)/sendmail(1M)
Security Vulnerabilities at [45]ftp://sgigate.sgi.com/security/19980604-02-PX
CERT(*) Advisory CA-96.20: "Sendmail Vulnerabilities" at
[46]ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul
[47]Top of Page || [48]Back to Alert List
___
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Internet Security Systems, Inc. is the leading provider of adaptive network
security monitoring, detection and response software that protects the
security and integrity of enterprise information systems. By dynamically
detecting and responding to security vulnerabilities and threats inherent
in open systems, ISS's SAFEsuite family of products provide protection
across the enterprise, including the Internet, extranets, and internal
networks, from attacks, misuse and security policy violations. The Company
has delivered its adaptive network security solutions to organizations
worldwide, including firms in the Global 2000, 9 of the ten largest U.S.
commercial banks and over 35 governmental agencies. For more information,
call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at
[49]http://www.iss.net.
[50]Top of Page || [51]Back to Alert List
___
Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby
granted for the redistribution of this Alert Summary electronically. It is
not to be edited in any way without express consent of the X-Force. If
you wish to reprint the whole or any part of this Alert Summary in any other
medium excluding electronic medium, please email [52]xforce@iss.net for
permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.
X-Force PGP Key available at: [53]http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force xforce@iss.net
> of Internet Security Systems, Inc.
[54]News | [55]Serious Fun | [56]Mail Lists | [57]Security Library
[58]Protoworx | [59]Alerts | [60]Submissions | [61]Feedback
[62]Advanced Search
[63]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [64]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [65]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
13. http://xforce.iss.net/alerts/alerts.php3
14. http://xforce.iss.net/alerts/vol-3_num-1.php3#Lotus-Domino-webinfo
15. http://xforce.iss.net/alerts/vol-3_num-1.php3#Sun-ftp
16. http://xforce.iss.net/alerts/vol-3_num-1.php3#SGI-mail
17. http://xforce.iss.net/alerts/vol-3_num-1.php3#snork
18. http://xforce.iss.net/alerts/vol-3_num-1.php3#Novell-groupwise-bo
19. http://xforce.iss.net/alerts/vol-3_num-1.php3#SGI-at
20. http://xforce.iss.net/alerts/vol-3_num-1.php3#SGI-mail-patches
21. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
22. http://xforce.iss.net/alerts/alerts.php3
23. http://www.l0pht.com/advisories/domino3.txt
24. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
25. http://xforce.iss.net/alerts/alerts.php3
26. http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/176
27. http://www.ciac.org/ciac/bulletins/j-004.shtml
28. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
29. http://xforce.iss.net/alerts/alerts.php3
30. ftp://sgigate.sgi.com/security/19980605-01-PX
31. http://www.ciac.org/ciac/bulletins/j-002.shtml
32. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
33. http://xforce.iss.net/alerts/alerts.php3
34. http://www.iss.net/xforce/alerts/advise9.html
35. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
36. http://xforce.iss.net/alerts/alerts.php3
37. http://support.novell.com/
38. http://www.nmrc.org/news/group1.txt
39. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
40. http://xforce.iss.net/alerts/alerts.php3
41. ftp://sgigate.sgi.com/security/19981001-01-PX
42. ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-004.txt.asc
43. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
44. http://xforce.iss.net/alerts/alerts.php3
45. ftp://sgigate.sgi.com/security/19980604-02-PX
46. ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul
47. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
48. http://xforce.iss.net/alerts/alerts.php3
49. http://www.iss.net/
50. http://xforce.iss.net/alerts/vol-3_num-1.php3#list
51. http://xforce.iss.net/alerts/alerts.php3
52. mailto:xforce@iss.net
53. http://www.iss.net/xforce/sensitive.html
54. http://xforce.iss.net/news.php3
55. http://xforce.iss.net/seriousfun/
56. http://xforce.iss.net/maillists/
57. http://xforce.iss.net/library/
58. http://xforce.iss.net/protoworx/
59. http://xforce.iss.net/alerts/
60. http://xforce.iss.net/submission.php3
61. http://xforce.iss.net/feedback.php3
62. http://xforce.iss.net/search.php3
63. http://xforce.iss.net/about.php3
64. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
65. http://xforce.iss.net/privacy.php3