ISS Security Alert Summary for December 24, 1998.
df5ac8f1f8645cc0d931d04f01e4bbd5c01f9d1b74138dee83039c79418e0446
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
December 24, 1998
Volume 3 Number 3
X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To
receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to [11]majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.
Happy Holidays from the X-Force.
[12]Top of Page || [13]Back to Alert List
___
Contents
12 Reported Vulnerabilities
- [14]hp-jetdirect-tcpip
- [15]icmp-redirects
- [16]sgi-fcagent-dos
- [17]pcm-dos-execute
- [18]sol-mkcookie
- [19]excite-world-write
- [20]iparty-dos
- [21]netbsd-mmap-drivers-dos
- [22]aix-infod
- [23]http-netscape-fileread
- [24]samba-wsmbconf
- [25]nftp-bo
Virus Alert
- [26]remote-explorer
Risk Factor Key
[27]Top of Page || [28]Back to Alert List
___
Date Reported: 12-10-98
Vulnerability: hp-jetdirect-tcpip
Platforms Affected: HP JetDirect Print Servers
HP JetDirect Printer Interface Cards
Risk Level: High
This issue regards a variety of problems with HP JetDirect printer
interface cards and print servers. Older TCP/IP implementations on HP
JetDirect cards and servers are vulnerable to Denial of Service (DoS)
attacks. HP has addressed many of these issues with newer JetDirect print
server products (Fall 98). Newer JetDirect interfaces feature a web
interface for configuration, access, and control. Because the interface
does not use SSL encryption, the potential exists for exposing sensitive
information, such as administrative passwords and configuration
information, to sniffing attacks.
Reference:
ISS Security Advisory: "HP JetDirect TCP/IP problems" at
[29]http://www.iss.net/xforce/alerts/advise15.html
[30]Top of Page || [31]Back to Alert List
___
Date Reported: 12-10-98
Vulnerability: icmp-redirects
Platforms Affected: OS-9
Risk Level: Medium
One or more operating systems, popular for use in intelligent embedded
controllers or PLCs (Programmed Logic Controllers), may have network
protocol stacks which are vulnerable to certain classes of ICMP Redirect
attacks. Vulnerable controllers are prone to hang or shutdown shortly
after receiving the attacking packets. The failure can extend even to
their non-network functionality and can cause the controlled equipment to
fail. There exists a significant possibility of the controlled equipment
being left in a non-safe or inoperable condition, possibly leading to
physical damage.
Reference:
ISS Security Advisory: "ICMP Redirects Against Embedded Controllers" at
[32]http://www.iss.net/xforce/alerts/advise14.html
[33]Top of Page || [34]Back to Alert List
___
Date Reported: 12-10-98
Vulnerability: sgi-fcagent-dos
Platforms Affected: IRIX (6.4, 6.5, 6.5.1)
Risk Level: Medium
The fcagent RPC service is used to service requests about the status or
configuration of a FibreVault enclosure. It is installed by default on
Origin and Onyx2 platforms running IRIX 6.4 and higher. SGI has
discovered a vulnerability that would allow a remote attacker to crash the
FibreVault program.
Reference:
Silicon Graphics Inc. Security Advisory: "Vulnerability in IRIX fcagent
daemon" at [35]ftp://sgigate.sgi.com/security/19981201-01-PX
[36]Top of Page || [37]Back to Alert List
___
Date Reported: 12-04-98
Vulnerability: pcm-dos-execute
Platforms Affected: Policy Compliance Manager 7.0
Risk Level: High
The Policy Compliance Manager (PCM) program performs security policy
checks on systems, as well as a few security checks, similar to a security
scanner. The smaxagent.exe listens to port 1827. If a user connects to
the PCM port and sends it a specific amount of data, the service will
crash and have to be restarted. It is also possible for a remote user to
execute arbitrary code using this vulnerability.
Reference:
S.A.F.E.R. Security Bulletin 981204.DOS.1.3: "Buffer Overflow in Platinum
PCM 7.0" at [38]http://www.siamrelay.com/advisories/advisory_0004.html
[39]Top of Page || [40]Back to Alert List
___
Date Reported: 12-03-98
Vulnerability: sol-mkcookie
Platforms Affected: Solaris (2.5x86, 2.5.1x86, 2.6x86, 2.7x86)
Risk Level: High
mkcookie is a utility used to generate fresh 'Magic Cookies' each time the
X server is run. RSI has discovered a vulnerability in mkcookie caused by
insufficient bounds checking. Because mkcookie is suid root on Solaris
x86 systems, this would allow attackers to execute arbitrary commands as
root.
Reference:
Repent Security Incorporated, RSI: "RSI.0012.12-03-98.SOLARIS.MKCOOKIE"
at [41]http://enigma.repsec.com/advisory/0012.html
[42]Top of Page || [43]Back to Alert List
___
Date Reported: 11-30-98
Vulnerability: excite-world-write
Platforms Affected: Excite 1.1
Risk Level: High
In Excite 1.1, the installation program installs many files with world
writable permissions. One of the world writable files contains all of the
user's encrypted passwords. Any user with shell or anonymous FTP access
can modify any of the passwords.
Reference:
BUGTRAQ Mail Archives: "Security bugs in Excite for Web Servers 1.1" at
[44]http://www.netspace.org/cgi-bin/wa?A2=ind9811e&L=bugtraq&F=&S=&P=519
[45]Top of Page || [46]Back to Alert List
___
Date Reported: 11-30-98
Vulnerability: iparty-dos
Platforms Affected: iParty Servers
Risk Level: Low
A denial of service attack exists against iParty servers. If a remote
user connects to the iParty port (port 6004 is default), and sends a large
amount of ^? characters, the iParty server will shut itself down and
disconnect all users. No event of this activity shows up in the iParty
log.
Reference:
BUGTRAQ Mail Archives: "iParty can be shut down remotely" at
[47]http://www.netspace.org/cgi-bin/wa?A2=ind9812a&L=bugtraq&F=&S=&P=68
[48]Top of Page || [49]Back to Alert List
___
Date Reported: 11-20-98
Vulnerability: netbsd-mmap-drivers-dos
Platforms Affected: NetBSD
Risk Level: Medium
Many of the mmap character device drivers do not properly bounds check
their arguments. This vulnerability permits access to physical or device
memory, causing some systems to kernel panic and have to be rebooted.
Reference:
NetBSD Security Advisory 1998-005: "Problem with mmap(2) and many drivers."
at
[50]ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-005.
t
xt.asc
[51]Top of Page || [52]Back to Alert List
___
Date Reported: 11-19-98
Vulnerability: aix-infod
Platforms Affected: AIX (3.2.x, 4.1.x, 4.2.x, 4.3.x)
Risk Level: High
The AIX infod (Information Explorer daemon) program provides information
about the operating system. A malicious local user can trick the infod
daemon by sending it false information to start an X display. If the
attacker sends false environment variables as well as uid and gid of 0,
infod will spawn a X display with root privileges.
Reference:
Repent Security Incorporated (RSI) RSI.0011.11-12-98.AIX.INFOD: "AIX
infod" at [53]http://www.repsec.com/advisory/0011.html
[54]Top of Page || [55]Back to Alert List
___
Date Reported: 11-19-98
Vulnerability: http-netscape-fileread
Platforms Affected: Netscape Communicator (4.05, 4.5)
for Windows 95, and Windows NT
Risk Level: Medium
A bug exists in Netscape Communicator that allows a malicious web page to
read files and browse directories on the system. The contents of the file
can be copied and sent to an arbitrary host. This problem exists in
Netscape Communicator 4.5 for Windows 95 and 4.05 for NT.
Reference:
Georgi Guninski's Home Page: "Reading local files with Netscape
Communicator 4.5" at [56]http://www.geocities.com/ResearchTriangle/1711/b6.html
[57]Top of Page || [58]Back to Alert List
___
Date Reported: 11-19-98
Vulnerability: samba-wsmbconf
Platforms Affected: Samba 1.9.18
Risk Level: High
A vulnerability exists in Samba 1.9.18 as distributed by Red Hat, Caldera,
and TurboLinux. The vulnerability is in the wsmbconf binary, which is
installed setgid root and executable by everyone. Normal users can
exploit this vulnerability to gain read/write access as the group root.
Reference:
BUGTRAQ Mail Archives: "Vulnerability in Samba on RedHat, Caldera and PHT
TurboLinux" at
[59]http://www.netspace.org/cgi-bin/wa?A2=ind9811c&L=bugtraq&F=&S=&P=4610
[60]Top of Page || [61]Back to Alert List
___
Date Reported: 11-17-98
Vulnerability: nftp-bo
Platforms Affected: nftp
Risk Level: High
nftp is a shareware ftp program that contains a buffer overflow condition
in the way that it handles strings returned by the server. Once a user
running nftp connects to the server, it could be possible to execute
arbitrary code on the connecting system.
Reference:
BUGTRAQ Mail Archives: "nftp vulnerability" at
[62]http://www.netspace.org/cgi-bin/wa?A2=ind9811c&L=bugtraq&F=&S=&P=1799
[63]Top of Page || [64]Back to Alert List
___
Date Reported: 12/22/98
Virus Alert: remote-explorer
Platforms Affected: Windows NT
Risk Level: High
A virus dubbed the Remote Explorer virus, or the RICHS virus, has been
discovered at MCI WorldCom. The virus installs itself as a service
on Windows NT and waits for a Admin to log in. Once an admin has logged
in, the virus tries to infect every other machine on the network using the
admin privileges. The virus also encrypts files on the machine in which
it is running, and renders them useless.
References:
Microsoft Security Advisor: "Information on the 'Remote Exlorer' or
'RICHS' Virus" at [65]http://www.microsoft.com/security/bulletins/remote.asp
Network Associates: "Remote Explorer" at
[66]http://www.nai.com/products/antivirus/remote_explorer.asp
[67]Top of Page || [68]Back to Alert List
___
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Internet Security Systems, Inc. is the leading provider of adaptive network
security monitoring, detection and response software that protects the
security and integrity of enterprise information systems. By dynamically
detecting and responding to security vulnerabilities and threats inherent
in open systems, ISS's SAFEsuite family of products provide protection
across the enterprise, including the Internet, extranets, and internal
networks, from attacks, misuse and security policy violations. The Company
has delivered its adaptive network security solutions to organizations
worldwide, including firms in the Global 2000, 9 of the ten largest U.S.
commercial banks and over 35 governmental agencies. For more information,
call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at
[69]http://www.iss.net.
[70]Top of Page || [71]Back to Alert List
___
Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby
granted for the redistribution of this Alert Summary electronically. It is
not to be edited in any way without express consent of the X-Force. If
you wish to reprint the whole or any part of this Alert Summary in any other
medium excluding electronic medium, please email [72]xforce@iss.net for
permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.
X-Force PGP Key available at: [73]http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force xforce@iss.net
> of Internet Security Systems, Inc.
[74]News | [75]Serious Fun | [76]Mail Lists | [77]Security Library
[78]Protoworx | [79]Alerts | [80]Submissions | [81]Feedback
[82]Advanced Search
[83]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [84]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [85]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
13. http://xforce.iss.net/alerts/alerts.php3
14. http://xforce.iss.net/alerts/vol-3_num-3.php3#hp-jetdirect-tcpip
15. http://xforce.iss.net/alerts/vol-3_num-3.php3#icmp-redirects
16. http://xforce.iss.net/alerts/vol-3_num-3.php3#sgi-fcagent-dos
17. http://xforce.iss.net/alerts/vol-3_num-3.php3#pcm-dos-execute
18. http://xforce.iss.net/alerts/vol-3_num-3.php3#sol-mkcookie
19. http://xforce.iss.net/alerts/vol-3_num-3.php3#excite-world-write
20. http://xforce.iss.net/alerts/vol-3_num-3.php3#iparty-dos
21. http://xforce.iss.net/alerts/vol-3_num-3.php3#netbsd-mmap-drivers-dos
22. http://xforce.iss.net/alerts/vol-3_num-3.php3#aix-infod
23. http://xforce.iss.net/alerts/vol-3_num-3.php3#http-netscape-fileread
24. http://xforce.iss.net/alerts/vol-3_num-3.php3#samba-wsmbconf
25. http://xforce.iss.net/alerts/vol-3_num-3.php3#nftp-bo
26. http://xforce.iss.net/alerts/vol-3_num-3.php3#remote-explorer
27. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
28. http://xforce.iss.net/alerts/alerts.php3
29. http://www.iss.net/xforce/alerts/advise15.html
30. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
31. http://xforce.iss.net/alerts/alerts.php3
32. http://www.iss.net/xforce/alerts/advise14.html
33. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
34. http://xforce.iss.net/alerts/alerts.php3
35. ftp://sgigate.sgi.com/security/19981201-01-PX
36. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
37. http://xforce.iss.net/alerts/alerts.php3
38. http://www.siamrelay.com/advisories/advisory_0004.html
39. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
40. http://xforce.iss.net/alerts/alerts.php3
41. http://enigma.repsec.com/advisory/0012.html
42. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
43. http://xforce.iss.net/alerts/alerts.php3
44. http://www.netspace.org/cgi-bin/wa?A2=ind9811e&L=bugtraq&F=&S=&P=519
45. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
46. http://xforce.iss.net/alerts/alerts.php3
47. http://www.netspace.org/cgi-bin/wa?A2=ind9812a&L=bugtraq&F=&S=&P=68
48. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
49. http://xforce.iss.net/alerts/alerts.php3
50. ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-005.t
51. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
52. http://xforce.iss.net/alerts/alerts.php3
53. http://www.repsec.com/advisory/0011.html
54. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
55. http://xforce.iss.net/alerts/alerts.php3
56. http://www.geocities.com/ResearchTriangle/1711/b6.html
57. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
58. http://xforce.iss.net/alerts/alerts.php3
59. http://www.netspace.org/cgi-bin/wa?A2=ind9811c&L=bugtraq&F=&S=&P=4610
60. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
61. http://xforce.iss.net/alerts/alerts.php3
62. http://www.netspace.org/cgi-bin/wa?A2=ind9811c&L=bugtraq&F=&S=&P=1799
63. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
64. http://xforce.iss.net/alerts/alerts.php3
65. http://www.microsoft.com/security/bulletins/remote.asp
66. http://www.nai.com/products/antivirus/remote_explorer.asp
67. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
68. http://xforce.iss.net/alerts/alerts.php3
69. http://www.iss.net/
70. http://xforce.iss.net/alerts/vol-3_num-3.php3#list
71. http://xforce.iss.net/alerts/alerts.php3
72. mailto:xforce@iss.net
73. http://www.iss.net/xforce/sensitive.html
74. http://xforce.iss.net/news.php3
75. http://xforce.iss.net/seriousfun/
76. http://xforce.iss.net/maillists/
77. http://xforce.iss.net/library/
78. http://xforce.iss.net/protoworx/
79. http://xforce.iss.net/alerts/
80. http://xforce.iss.net/submission.php3
81. http://xforce.iss.net/feedback.php3
82. http://xforce.iss.net/search.php3
83. http://xforce.iss.net/about.php3
84. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
85. http://xforce.iss.net/privacy.php3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed