ISS Security Alert Summary for February 18, 1999.
bdad794138e81eb6b2b2809246a14766beecfa3570831aad92fa33a9cb808f29
I S S X - F o r c e
The Most Wanted Alert List
[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search
_ Alert Summaries_
ISS Security Alert Summary
February 18, 1999
Volume 3 Number 5
X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To
receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to [11]majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.
[12]Top of Page || [13]Back to Alert List
___
Contents
33 Reported Vulnerabilities
- [14]linux-super-bo
- [15]nt-backoffice-setup
- [16]allaire-forums-file-read
- [17]fakebo-execute
- [18]sun-sdtcm-convert-bo
- [19]sun-man
- [20]netbsd-netstat-read
- [21]palmetto-ftpd-bo
- [22]clearcase-temp-race
- [23]fakebo-crash
- [24]nt-sp4-auth-error
- [25]pcnfsd-world-write
- [26]pine-remote-exe
- [27]linux-milo-halt
- [28]router-config-dos
- [29]coldfusion-expression-evaluator
- [30]coldfusion-file-existance
- [31]coldfusion-source-display
- [32]coldfusion-sourcewindow
- [33]coldfusion-syntax-checker
- [34]slmail-helo-overflow
- [35]slmail-vrfyexpn-overflow
- [36]sql-multiple-queries
- [37]navionc-config-script
- [38]plp-lpc-bo
- [39]imail-registry
- [40]java-socket-open
- [41]wsftp-registry
- [42]wsftp-remote-dos
- [43]controlit-bookfile-access
- [44]controlit-passwd-encrypt
- [45]controlit-reboot
- [46]iis-remote-ftp
Risk Factor Key
[47]Top of Page || [48]Back to Alert List
___
Date Reported: 1999-02-15
Vulnerability: linux-super-bo
Platforms Affected: Linux (Debian)
Risk Factor: High
Super is a utility that allows authorized users to execute commands with
root privileges. It is intended to be an alternate to setuid scripts,
which are inherently dangerous. A buffer overflow exists in Super that
may allow attackers to take advantage of its setuid configuration to gain
root access.
Reference:
ISS Security Advisory: "Buffer Overflow in 'Super' package in Debian
Linux" at [49]http://www.iss.net/xforce/alerts/advise19.html
[50]Top of Page || [51]Back to Alert List
___
Date Reported: 1999-02-12
Vulnerability: nt-backoffice-setup
Platforms: Windows NT
Risk Factor: High
A vulnerability exists in the Setup program for Window NT BackOffice 4.0.
When installing certain packages from the BackOffice distribution (like
SQL Server, Exchange, and MTS) the Setup program prompts users for
username/password information for these services to speed up and simplify
the install. However, the Setup program fails to delete the files
containing these stored passwords allowing anyone with local access to
read them.
References:
Microsoft Security Bulletin MS99-005: "BackOffice Server 4.0 Does Not
Delete Installation Setup File" at
[52]http://www.microsoft.com/security/bulletins/ms99-005.asp
Microsoft Knowledgebase Article ID: Q217004: "BackOffice Installer Tool
Does Not Delete Password Cache File" at
[53]http://support.microsoft.com/support/kb/articles/q217/0/04.asp
[54]Top of Page || [55]Back to Alert List
___
Date Reported: 1999-02-11
Tagname: allaire-forums-file-read
Platforms Affected: Allaire Forums
Risk Factor: Medium
The "GetFile.cfm" program distributed with Allaire Forums 2.0.x contains a
vulnerability which could allow a remote attacker to view any file on the
system.
Reference:
NTBUGTRAQ Mailing List: "ACFUG List: Alert: Allaire Forums GetFile bug"
[56]http://www.ntbugtraq.com/page_archives_wa.asp?A2=ind9902&L=ntbugtraq&F=P&S=
&P=2788
[57]Top of Page || [58]Back to Alert List
___
Date Reported: 1999-02-11
Vulnerability: fakebo-execute
Platforms Affected: FakeBO
Risk Factor: High
FakeBO is a program for many platforms which emulates an installed copy of
BackOrifice and Netbus and logs all connection attempts. A buffer overflow
exists in FakeBO which could allow a remote attacker to execute arbitrary
commands on the system.
References:
BUGTRAQ Mailing List: "remote fakebo shell exploit" at
[59]http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=11546
Vlatko Kosturjak's Homepage: "FakeBO" at
[60]http://yi.com/home/KosturjakVlatko/fakebo.htm
[61]Top of Page || [62]Back to Alert List
___
Date Reported: 1999-02-11
Vulnerability: sun-sdtcm-convert-bo
Platforms Affected: Solaris (2.4, 2.4 x86, 2.5, 2.5 x86, 2.5.1,
2.5.1 x86, 2.6, 2.6 x86, 7, 7 x86)
Risk Factor: High
sdtcm_convert is a setuid-root calender data conversion utility that
converts OpenWindows calender data format to extensible calender data
format. A buffer overflow has been discovered in sdtcm_convert that if
exploited would allow the attacker to gain root level access.
Reference:
Sun Microsystems, Inc. Security Bulletin: "sdtcm_convert" at
[63]http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/183
[64]Top of Page || [65]Back to Alert List
___
Date Reported: 1999-02-10
Vulnerability: sun-man
Platforms Affected: Solaris (2.4, 2.4 x86, 2.5, 2.5 x86, 2.5.1,
2.5.1 x86, 2.6, 2.6 x86, 7, 7 x86)
Risk Factor: High
Man and catman utilities are used to display online reference manuals.
Vulnerabilities with these programs allow an attacker to overwrite
arbitrary files when catman is executed by root.
Reference:
Sun Microsystems, Inc. Security Bulletin: "man/catman" at
[66]http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/184
[67]Top of Page || [68]Back to Alert List
___
Date Reported: 1999-02-09
Vulnerability: netbsd-netstat-read
Platforms Affected: NetBSD
Risk Factor: High
The netstat(1) command was designed to allow normal users to view network
configurations and allow privileged users to change these settings. This
vulnerability exists in the NetBSD netstat program that allows any
non-privileged user to read arbitrary locations in kernel memory. This
could allow a local attacker to gain information, which could lead to the
compromise of elevated privileges, including root.
Reference:
NetBSD Security Advisory 1999-002: "Security problem with netstat"
[69]ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-002.
txt.asc
[70]Top of Page || [71]Back to Alert List
___
Date Reported: 1999-02-09
Vulnerability: palmetto-ftpd-bo
Platforms Affected: wu-ftpd
ProFTPD
Risk Factor: High
A vulnerability exists in ProFTPD through version 1.2.0pre1 and wu-ftpd
through 2.4.2 BETA 18 and 2.4.2 BETA 18 VR9 which could allow a remote
attacker to cause these services to execute arbitrary commands as root.
These servers are installed by default on many operating systems including
Slackware and Red Hat Linux distributions.
Reference:
Netect, Inc. Security Advisory: "palmetto.ftpd" at
[72]http://www.netect.com/advisory_0209_2.html
[73]Top of Page || [74]Back to Alert List
___
Date Reported: 1999-02-08
Vulnerability: clearcase-temp-race
Platforms Affected: ClearCase
Risk Factor: High
ClearCase is a configuration management program manufactured by
Rational Software. A temporary file race condition exists in the
db_loader program installed with ClearCase that could allow a local
attacker to make any program on the system suid root.
References:
L0pht Security Advisory: "Rational Software's Clear Case v3.2" at
[75]http://www.l0pht.com/advisories/ClearCase.txt
Rational Software Corporation Homepage at
[76]http://www.rational.com/index.jtmpl
[77]Top of Page || [78]Back to Alert List
___
Date Reported: 1999-02-08
Vulnerability: fakebo-crash
Platforms Affected: FakeBO
Risk Factor: Low
FakeBO is a program for many platforms which emulates an installed copy of
BackOrifice and Netbus and logs all connection attempts. A vulnerability
exists in FakeBO which allows a remote attacker to send a TCP packet with
the SYN flag set (stealth scan packet) which will crash the FakeBO server.
References:
Vlatko Kosturjak's Homepage: "FakeBO" at
[79]http://yi.com/home/KosturjakVlatko/fakebo.htm
BUGTRAQ Mailing List: "FakeBo 0.3.1 & nmap" at
[80]http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=6208
[81]Top of Page || [82]Back to Alert List
___
Date Reported: 1999-02-08
Vulnerability: nt-sp4-auth-error
Platforms Affected: Windows NT (4.0 SP4)
Risk Factor: High
A vulnerability was introduced in Windows NT 4.0 SP4 (Service Pack 4)
which could allow some users to access resources by supplying a null
password. The problem exists when clients other than Windows NT/95/98
change their passwords, causing certain fields in the SAM (Service Account
Manager) to be left null. The next time this account is accessed from an
NT machine, no password will be required for authentication. This
vulnerability only affects sites who have deployed machines with DOS,
Windows 3.1, Windows for Workgroups, OS/2, or Macintosh clients.
References:
Microsoft Security Bulletin MS99-004: "Authentication Processing Error in
Windows NT 4.0 SP4" at
[83]http://www.microsoft.com/security/bulletins/ms99-004.asp
Microsoft Knowledgebase Article ID: Q214840: "MSV1_0 Allows Network
Connections for Specific Accounts" at
[84]http://support.microsoft.com/support/kb/articles/q214/8/40.asp
[85]Top of Page || [86]Back to Alert List
___
Date Reported: 1999-02-08
Vulnerability: pcnfsd-world-write
Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00)
Risk Factor: High
The remote procedural call rpc.pcnfsd is used by NFS clients to provide
usernames and passwords, has a vulnerability that if exploited, allows the
main printer spool directory to be made world writable. This
vulnerability would allow both local and remote attackers to compromise
root access.
Reference:
HP Advisory HPSBUX9902-091: "Security Vulnerability with rpc.pcnfsd" at
[87]http://us-support.external.hp.com/
[88]Top of Page || [89]Back to Alert List
___
Date Reported: 1999-02-08
Vulnerability: pine-remote-exe
Platforms Affected: Pine (4.10 and below)
Risk Factor: High
A vulnerability exists in the Pine e-mail client up to and including
version 4.10 that could allow a remote attacker to execute arbitrary
commands as the user viewing e-mail. The attack relies on the ability to
make the MIME functions of Pine execute commands embedded inside e-mail.
References:
BUGTRAQ Mailing List: "remote exploit on pine 4.10 - neverending story?"
at [90]http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=1418
University of Washington Pine Information Center at
[91]http://www.washington.edu/pine/
[92]Top of Page || [93]Back to Alert List
___
Date Reported: 1999-02-06
Vulnerability: linux-milo-halt
Platforms Affected: Linux
Risk Factor: Medium
The Miniloader (MILO) included with Alpha versions of Linux (such as
Red Hat) were shipped with instructions intended to be used exclusively
for debugging. These instructions could allow any local, non-privileged
user to cause the Alpha Linux system to halt, reboot, or behave in
unpredictable ways.
Reference:
KSR[T] Security Advisory #009: "Non-Privileged Halt" at
[94]http://www.ksrt.org/adv9.html
[95]Top of Page || [96]Back to Alert List
___
Date Reported: 1999-02-05
Vulnerability: router-config-dos
Platforms Affected: Cisco
Livingston Portmaster
Risk Factor: Medium
A flaw in the way some router operating systems handle improperly
closed sessions and malformed packets could allow a remote attacker to
cause the device to crash or lock up, refusing any administrative
sessions. This problem has been observed in Cisco and Livingston
Portmaster products to date.
Reference:
BUGTRAQ Mailing List: "Widespread Router Access Port DoS" at
[97]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=6094
[98]Top of Page || [99]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: coldfusion-expression-evaluator
Platforms Affected: Cold Fusion (4.0 and earlier)
Risk Factor: Medium
The Expression Evaluator is a sample script included with ColdFusion
(through version 4.0) to demonstrate to users how to use the expression
evaluation features of ColdFusion. A vulnerability exists in this script
which could allow remote attackers to view or delete arbitrary files on
the server. Normally this program is only accessable from the localhost
machine (127.0.0.1), but when accessed directly, the Expression Evaluator
allows connections from any host.
Reference:
Allaire Security Bulletin (ASB99-01): "Expression Evaluator Security
Issues" at [100]http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full
[101]Top of Page || [102]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: coldfusion-file-existance
Platforms Affected: Cold Fusion (4.0 and earlier)
Risk Factor: Low
The ColdFusion package distributes a number of sample applications. The
fileexists.cfm program can be used to remotely confirm the existence of
arbitrary files. This information could be used by an attacker to
pinpoint further attacks.
Reference:
Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications
and Sample Code Exposes Servers" at
[103]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
[104]Top of Page || [105]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: coldfusion-source-display
Platforms Affected: Cold Fusion (4.0 and earlier)
Risk Factor: Medium
ColdFusion 4.0 ships with many sample applications and scripts which are
installed by default. A vulnerability exists in the viewexample.cfm
program which allows a remote user to view the source of any CFM file on
the server. This data could allow an attacker to gain proprietary
information contained in the source code, such as usernames and passwords.
Reference:
Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications
and Sample Code Exposes Servers" at
[106]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
[107]Top of Page || [108]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: coldfusion-sourcewindow
Platforms Affected: Cold Fusion (4.0 and earlier)
Risk Factor: Medium
The ColdFusion sample program "sourcewindow.cfm" contains
a vulnerability which could allow remote attackers to read any file on the
system.
Reference:
Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications
and Sample Code Exposes Servers" at
[109]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
[110]Top of Page || [111]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: coldfusion-syntax-checker
Platforms Affected: Cold Fusion (4.0 and earlier)
Risk Factor: Medium
The Syntax Checker is a program shipped with ColdFusion with the purpose
of testing older CFML code for compatibility with version 4. A
vulnerability in this program allows remote attackers to cause the system
to consume all available processor resources.
Reference:
Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications
and Sample Code Exposes Servers" at
[112]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
[113]Top of Page || [114]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: slmail-helo-overflow
Platforms Affected: Seattle Labs Mail (SLmail prior to 3.2)
Risk Factor: Medium
SLmail is a commercial SMTP server for Windows 95 and Windows
NT systems. SLmail version 3.1 contains a vulnerability in how it handles
HELO commands of certain lengths, and could allow a remote attacker to
cause the service to consume all the processor resources on the server or
simply crash. This hole has been confirmed in 3.1, but it is believed to
affect previous versions.
Reference:
eEye Advisory AD02041999: "Multiple SLMail Vulnerabilities" at
[115]http://www.eeye.com/database/advisories/ad02041999/ad02041999.html
[116]Top of Page || [117]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: slmail-vrfyexpn-overflow
Platforms Affected: Seattle Labs Mail (SLmail prior to 3.2)
Risk Factor: Medium
SLmail is a commercial SMTP server for Windows 95 and Windows NT systems.
SLmail version 3.1 contains a vulnerability in how it handles EXPN and
VRFY commands of certain lengths, and could allow a remote attacker to
cause the SLmail service to crash and exit. This hole has been confirmed
in 3.1, but it is believed to affect previous versions.
Reference:
eEye Advisory AD02041999: "Multiple SLMail Vulnerabilities" at
[118]http://www.eeye.com/database/advisories/ad02041999/ad02041999.html
[119]Top of Page || [120]Back to Alert List
___
Date Reported: 1999-02-04
Vulnerability: sql-multiple-queries
Platforms Affected: Sybase
SQL Server
Risk Factor: Low
A feature exists in many DBMS, like Sybase and Microsoft SQL Server, which
allow multiple SQL commands to be executed in one query. While not
directly a vulnerability in any product, this little documented feature is
often overlooked in systems that dynamically build queries (such as CGI
scripts). If proper forethought isn't placed in validating input to such
systems, it could be possible to execute arbitrary commands within the
DBMS.
Reference:
Allaire Security Bulletin (ASB99-04): "Multiple SQL Statements in Dynamic
Queries" at [121]http://www.allaire.com/handlers/index.cfm?ID=8728&Method=Full
[122]Top of Page || [123]Back to Alert List
___
Date Reported: 1999-02-03
Vulnerability: navionc-config-script
Platforms Affected: AIX
Risk Factor: Medium
The configuration script included with some versions of AIX for the
Navio NC Browser makes the "/tmp" directory world writable and readable
over NFS. This configuration could allow an attacker an easy way to launch
remote attacks.
Reference:
BUGTRAQ Mailing List: "TROJAN: netstation.navio-comm.rte 1.1.0.1" at
[124]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1563
[125]Top of Page || [126]Back to Alert List
___
Date Reported: 1999-02-03
Vulnerability: plp-lpc-bo
Platforms Affected: PLP Line Printer Control
Linux: SuSE 5.2
Risk Factor: High
The PLP LPC (Line Printer Control) program has been discovered to contain
a vulnerability which could allow local attackers to gain root privileges.
This program is shipped by default with many operating systems, including
S.u.S.E. Linux.
Reference:
BUGTRAQ Mailing List: "Linux /usr/bin/lpc overflow" at
[127]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=2402
[128]Top of Page || [129]Back to Alert List
___
Date Reported: 1999-02-02
Vulnerability: imail-registry
Platforms Affected: IMail
Risk Factor: Medium
IMail is a commercial multi-protocol mail server for Windows NT. IMail
insecurely stores sensitive information in modifiable portions of the
registry. Any local user can modify the contents of the IMail registry
settings and gain full administrative access to the IMail server.
Reference:
eEye Advisory AD02021999: "WS_FTP Server Remote DoS Attack" at
[130]http://www.eeye.com/database/advisories/ad02021999/ad02021999.html
[131]Top of Page || [132]Back to Alert List
___
Date Reported: 1999-02-02
Vulnerability: java-socket-open
Platforms Affected: Netscape Communicator (4.5)
Netscape Navigator
Internet Explorer (3.02)
Risk Factor: Low
A vulnerability exists in some implementations of the Java VM which could
allow an applet to open a socket on the local machine and listen to that
socket. However, applets are restricted in the operations they can do
over these connections, so the risk is limited to a denial of service
attack.
Reference:
BUGTRAQ Mailing List: "Unsecured server in applets under Netscape" at
[133]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1353
[134]Top of Page || [135]Back to Alert List
___
Date Reported: 1999-02-02
Vulnerability: wsftp-registry
Platforms Affected: WS_FTP Server
Risk Factor: Medium
WS_FTP is a popular FTP server for Windows NT machines. WS_FTP insecurely
stores sensitive information in modifiable portions of the registry. Any
local user can modify the contents of the WS_FTP registry settings and
gain full administrative control over the server.
Reference:
eEye Advisory AD02021999: "WS_FTP Server Remote DoS Attack" at
[136]http://www.eeye.com/database/advisories/ad02021999/ad02021999.html
[137]Top of Page || [138]Back to Alert List
___
Date Reported: 1999-02-02
Vulnerability: wsftp-remote-dos
Platforms Affected: WS_FTP Server
Risk Factor: Medium
WS_FTP is a popular FTP server for Windows NT machines. Some versions of
WS_FTP contain a buffer overflow vulnerability that could allow a remote
attacker to crash the server process, denying access to legitimate users.
A valid login (such as "anonymous") is required to exploit this hole.
This vulnerability has been confirmed in versions 1.0.1E and 1.0.2E of the
WS_FTP Server package.
Reference:
eEye Digital Security Team: "WS_FTP Server Remote DoS Attack" at
[139]http://www.eEye.com/database/advisories/ad02021999/ad02021999.html
[140]Top of Page || [141]Back to Alert List
___
Date Reported: 1999-01-25
Vulnerability: controlit-bookfile-access
Platforms Affected: ControlIT
Remotely Possible/32
Risk Factor: Low
The ControlIT address book function allows ControlIT users to store
frequently used usernames and passwords in a file. The passwords in this
file are encrypted using the same weak mechanism employed during remote
connections. Under Windows NT, this file has permissions of Everyone:Read,
meaning any local user can read the file and decrypt passwords.
Reference:
ISS Security Advisory: "Multiple vulnerabilities in ControlIT(tm)
(formerly Remotely Possible/32) enterprise management software" at
[142]http://www.iss.net/xforce/alerts/advise18.html
[143]Top of Page || [144]Back to Alert List
___
Date Reported: 1999-01-25
Vulnerability: controlit-passwd-encrypt
Platforms Affected: ControlIT
Remotely Possible/32
Risk Factor: High
ControlIT does not effectively encrypt the username or password
transmission between a client and a server on a network. Analysis of an
encrypted password captured from a local network shows that ControlIT uses
a weak cryptographic process to obscure the password transmitted over the
network. Though the exact mathematical transform is not known, a
substitution table suffices to decrypt any ControlIT password. Since
ControlIT supports Windows NT native security, an attacker could obtain
user or administrator passwords to Windows NT machines via this
vulnerability.
Reference:
ISS Security Advisory: "Multiple vulnerabilities in ControlIT(tm)
(formerly Remotely Possible/32) enterprise management software" at
[145]http://www.iss.net/xforce/alerts/advise18.html
[146]Top of Page || [147]Back to Alert List
___
Date Reported: 1999-01-25
Vulnerability: controlit-reboot
Platforms Affected: ControlIT
Remotely Possible/32
Risk Factor: Medium
ControlIT allows remote users to either reboot the remote machine or force
the current user of the remote machine to logout. A user must be
authenticated to operate this mechanism. Another option, configurable by
the local user, allows the remote user to initiate a reboot or logout of
current user once the remote user disconnects the session. This option
triggers regardless of authentication; anybody can connect and disconnect
without authenticating to trigger the timer of this option if it is
enabled by the local user.
Reference:
ISS Security Advisory: "Multiple vulnerabilities in ControlIT(tm)
(formerly Remotely Possible/32) enterprise management software" at
[148]http://www.iss.net/xforce/alerts/advise18.html
[149]Top of Page || [150]Back to Alert List
___
Date Reported: 1999-01-24
Vulnerability: iis-remote-ftp
Platforms Affected: IIS (3.0, 4.0)
Personal Web Server (1.0)
Risk Factor: Medium
The Microsoft Internet Information Server (IIS) FTP service contains a
buffer overflow vulnerability in the "NLST" command. This vulnerability
could allow a remote attacker to crash the FTP server. The attacker is
required to have a valid login (such as "anonymous") to the server before
exploiting this hole. It is not known whether it is possible to execute
arbitrary code on the system with this hole.
References:
eEye Security Advisory: "IIS Remote FTP Exploit/DoS Attack" at
[151]http://www.eEye.com/database/advisories/ad01241999/ad01241999.html
[152]Top of Page || [153]Back to Alert List
___
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Internet Security Systems, Inc. (ISS) is the leading provider of adaptive
network
security monitoring, detection and response software that protects the
security and integrity of enterprise information systems. By dynamically
detecting and responding to security vulnerabilities and threats inherent
in open systems, ISS's SAFEsuite family of products provide protection
across the enterprise, including the Internet, extranets, and internal
networks, from attacks, misuse, and security policy violations. ISS
has delivered its adaptive network security solutions to organizations
worldwide, including firms in the Global 2000, nine of the ten largest
U.S. commercial banks and over 35 governmental agencies. For more
information, call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web
site at [154]http://www.iss.net.
[155]Top of Page || [156]Back to Alert List
___
Copyright (c) 1999 by Internet Security Systems, Inc. Permission is hereby
granted for the redistribution of this Alert Summary electronically. It is
not to be edited in any way without express consent of the X-Force. If
you wish to reprint the whole or any part of this Alert Summary in any other
medium excluding electronic medium, please e-mail [157]xforce@iss.net for
permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.
X-Force PGP Key available at: [158]http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force xforce@iss.net
> of Internet Security Systems, Inc.
[159]News | [160]Serious Fun | [161]Mail Lists | [162]Security Library
[163]Protoworx | [164]Alerts | [165]Submissions | [166]Feedback
[167]Advanced Search
[168]About the Knowledge Base
Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [169]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477
Read our [170]privacy guidelines.
References
1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
13. http://xforce.iss.net/alerts/alerts.php3
14. http://xforce.iss.net/alerts/vol-3_num-5.php3#linux-super-bo
15. http://xforce.iss.net/alerts/vol-3_num-5.php3#nt-backoffice-setup
16. http://xforce.iss.net/alerts/vol-3_num-5.php3#allaire-forums-file-read
17. http://xforce.iss.net/alerts/vol-3_num-5.php3#fakebo-execute
18. http://xforce.iss.net/alerts/vol-3_num-5.php3#sun-sdtcm-convert-bo
19. http://xforce.iss.net/alerts/vol-3_num-5.php3#sun-man
20. http://xforce.iss.net/alerts/vol-3_num-5.php3#netbsd-netstat-read
21. http://xforce.iss.net/alerts/vol-3_num-5.php3#palmetto-ftpd-bo
22. http://xforce.iss.net/alerts/vol-3_num-5.php3#clearcase-temp-race
23. http://xforce.iss.net/alerts/vol-3_num-5.php3#fakebo-crash
24. http://xforce.iss.net/alerts/vol-3_num-5.php3#nt-sp4-auth-error
25. http://xforce.iss.net/alerts/vol-3_num-5.php3#pcnfsd-world-write
26. http://xforce.iss.net/alerts/vol-3_num-5.php3#pine-remote-exe
27. http://xforce.iss.net/alerts/vol-3_num-5.php3#linux-milo-halt
28. http://xforce.iss.net/alerts/vol-3_num-5.php3#router-config-dos
29. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-expression-evaluator
30. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-file-existance
31. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-source-display
32. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-sourcewindow
33. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-syntax-checker
34. http://xforce.iss.net/alerts/vol-3_num-5.php3#slmail-helo-overflow
35. http://xforce.iss.net/alerts/vol-3_num-5.php3#slmail-vrfyexpn-overflow
36. http://xforce.iss.net/alerts/vol-3_num-5.php3#sql-multiple-queries
37. http://xforce.iss.net/alerts/vol-3_num-5.php3#navionc-config-script
38. http://xforce.iss.net/alerts/vol-3_num-5.php3#plp-lpc-bo
39. http://xforce.iss.net/alerts/vol-3_num-5.php3#imail-registry
40. http://xforce.iss.net/alerts/vol-3_num-5.php3#java-socket-open
41. http://xforce.iss.net/alerts/vol-3_num-5.php3#wsftp-registry
42. http://xforce.iss.net/alerts/vol-3_num-5.php3#wsftp-remote-dos
43. http://xforce.iss.net/alerts/vol-3_num-5.php3#controlit-bookfile-access
44. http://xforce.iss.net/alerts/vol-3_num-5.php3#controlit-passwd-encrypt
45. http://xforce.iss.net/alerts/vol-3_num-5.php3#controlit-reboot
46. http://xforce.iss.net/alerts/vol-3_num-5.php3#iis-remote-ftp
47. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
48. http://xforce.iss.net/alerts/alerts.php3
49. http://www.iss.net/xforce/alerts/advise19.html
50. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
51. http://xforce.iss.net/alerts/alerts.php3
52. http://www.microsoft.com/security/bulletins/ms99-005.asp
53. http://support.microsoft.com/support/kb/articles/q217
54. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
55. http://xforce.iss.net/alerts/alerts.php3
56. http://www.ntbugtraq.com/page_archives_wa.asp?A2=ind9902&L=ntbugtraq&F=P&S=&P=2788
57. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
58. http://xforce.iss.net/alerts/alerts.php3
59. http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=11546
60. http://yi.com/home/KosturjakVlatko/fakebo.htm
61. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
62. http://xforce.iss.net/alerts/alerts.php3
63. http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/183
64. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
65. http://xforce.iss.net/alerts/alerts.php3
66. http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/184
67. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
68. http://xforce.iss.net/alerts/alerts.php3
69. ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-002.txt.asc
70. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
71. http://xforce.iss.net/alerts/alerts.php3
72. http://www.netect.com/advisory_0209_2.html
73. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
74. http://xforce.iss.net/alerts/alerts.php3
75. http://www.l0pht.com/advisories/ClearCase.txt
76. http://www.rational.com/index.jtmpl
77. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
78. http://xforce.iss.net/alerts/alerts.php3
79. http://yi.com/home/KosturjakVlatko/fakebo.htm
80. http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=6208
81. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
82. http://xforce.iss.net/alerts/alerts.php3
83. http://www.microsoft.com/security/bulletins/ms99-004.asp
84. http://support.microsoft.com/support/kb/articles/q214
85. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
86. http://xforce.iss.net/alerts/alerts.php3
87. http://us-support.external.hp.com/
88. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
89. http://xforce.iss.net/alerts/alerts.php3
90. http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=1418
91. http://www.washington.edu/pine
92. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
93. http://xforce.iss.net/alerts/alerts.php3
94. http://www.ksrt.org/adv9.html
95. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
96. http://xforce.iss.net/alerts/alerts.php3
97. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=6094
98. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
99. http://xforce.iss.net/alerts/alerts.php3
100. http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full
101. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
102. http://xforce.iss.net/alerts/alerts.php3
103. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
104. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
105. http://xforce.iss.net/alerts/alerts.php3
106. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
107. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
108. http://xforce.iss.net/alerts/alerts.php3
109. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
110. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
111. http://xforce.iss.net/alerts/alerts.php3
112. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
113. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
114. http://xforce.iss.net/alerts/alerts.php3
115. http://www.eeye.com/database/advisories/ad02041999/ad02041999.html
116. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
117. http://xforce.iss.net/alerts/alerts.php3
118. http://www.eeye.com/database/advisories/ad02041999/ad02041999.html
119. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
120. http://xforce.iss.net/alerts/alerts.php3
121. http://www.allaire.com/handlers/index.cfm?ID=8728&Method=Full
122. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
123. http://xforce.iss.net/alerts/alerts.php3
124. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1563
125. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
126. http://xforce.iss.net/alerts/alerts.php3
127. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=2402
128. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
129. http://xforce.iss.net/alerts/alerts.php3
130. http://www.eeye.com/database/advisories/ad02021999/ad02021999.html
131. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
132. http://xforce.iss.net/alerts/alerts.php3
133. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1353
134. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
135. http://xforce.iss.net/alerts/alerts.php3
136. http://www.eeye.com/database/advisories/ad02021999/ad02021999.html
137. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
138. http://xforce.iss.net/alerts/alerts.php3
139. http://www.eEye.com/database/advisories/ad02021999/ad02021999.html
140. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
141. http://xforce.iss.net/alerts/alerts.php3
142. http://www.iss.net/xforce/alerts/advise18.html
143. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
144. http://xforce.iss.net/alerts/alerts.php3
145. http://www.iss.net/xforce/alerts/advise18.html
146. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
147. http://xforce.iss.net/alerts/alerts.php3
148. http://www.iss.net/xforce/alerts/advise18.html
149. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
150. http://xforce.iss.net/alerts/alerts.php3
151. http://www.eEye.com/database/advisories/ad01241999/ad01241999.html
152. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
153. http://xforce.iss.net/alerts/alerts.php3
154. http://www.iss.net/
155. http://xforce.iss.net/alerts/vol-3_num-5.php3#list
156. http://xforce.iss.net/alerts/alerts.php3
157. mailto:xforce@iss.net
158. http://www.iss.net/xforce/sensitive.html
159. http://xforce.iss.net/news.php3
160. http://xforce.iss.net/seriousfun/
161. http://xforce.iss.net/maillists/
162. http://xforce.iss.net/library/
163. http://xforce.iss.net/protoworx/
164. http://xforce.iss.net/alerts/
165. http://xforce.iss.net/submission.php3
166. http://xforce.iss.net/feedback.php3
167. http://xforce.iss.net/search.php3
168. http://xforce.iss.net/about.php3
169. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
170. http://xforce.iss.net/privacy.php3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed