what you don't know can hurt you

iss.summary.4.6

iss.summary.4.6
Posted Aug 17, 1999

iss.summary.4.6

MD5 | 80db8dc674ff11b0e2262c03b47b23f9

iss.summary.4.6

Change Mirror Download

From xforce@iss.net Mon Aug 16 20:13:43 1999
From: X-Force <xforce@iss.net>
Resent-From: mea culpa <jericho@dimensional.com>
To: alert@iss.net
Resent-To: jericho@attrition.org
Cc: X-Force <xforce@iss.net>
Date: Mon, 16 Aug 1999 16:20:23 -0400 (EDT)
Subject: ISSalert: ISS Security Alert Summary v4 n6


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Alert Summary
August 15, 1999
Volume 4 Number 6

X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.

_____

Contents

8 Reported Vulnerabilities
- - irdp-gateway-spoof
- - http-iis-malformed-header
- - netbsd-profil
- - nt-terminal-dos
- - frontpage-pws-dos
- - sun-stdcm-convert
- - exchange-relay
- - gauntlet-dos

Risk Factor Key

_____

Date Reported: 1999-08-11
Vulnerability: irdp-gateway-spoof
Platforms Affected: Windows (95, 98)
Solaris
SunOS
Risk Factor: High
Attack Type: Network Based

Systems configured for DHCP obtain their default gateway information,
along with other configuration parameters, when they first contact the
network's DHCP server. When dynamically configured through DHCP, it has
been shown to be possible to remotely change the default gateway of
certain systems, including Sun Solaris and SunOS as well as Windows 9x, by
manipulating the systems with ICMP Router Advertisement messages. An
attacker could therefore cause a system to direct its network traffic
through a system of their choice, opening up man-in-the-middle, monitoring
and denial of service attacks.

Reference:
L0pht Security Advisory: "ICMP Router Discovery Protocol" at:
http://www.l0pht.com/advisories/rdp.txt

_____

Date Reported: 1999-08-11
Vulnerability: http-iis-malformed-header
Platforms Affected: IIS 4.0
Risk Factor: Medium
Attack Type: Host/Network Based

A vulnerability has been discovered in Microsoft Internet Information
Server 4.0 (IIS) and other web servers that use IIS as their web engine.
If a remote attacker sends a flood of specifically malformed HTTP request
headers, it could cause IIS to consume all the memory on the server. The
service would have to be stopped and restarted in order to resume normal
operation.

Reference:
Microsoft Security Bulletin (MS99-029): "Patch Available for 'Malformed
HTTP Request Header' Vulnerability" at:
http://www.microsoft.com/security/bulletins/ms99-029.asp

_____

Date Reported: 1999-08-09
Vulnerability: netbsd-profil
Platforms Affected: NetBSD
Risk Factor: High
Attack Type: Host Based

NetBSD supports the profil(2) system call which arranges for the kernel to
sample the PC and increment an element of an array on every profile clock
tick. The profil(2) call fails to disable itself when a program calls
execve(2). Under certains circumstances a malicious local user could call
a privileged program through execve(2) and possibly modify its behavior
during execution and gain elevated privileges.

Reference:
NetBSD Security Advisory 1999-011: "profil(2) can modify setuid root
programs" at: http://www.netbsd.org/Security/advisory.html

_____

Date Reported: 1999-08-09
Vulnerability: nt-terminal-dos
Platforms Affected: Windows NT Server (4.0 Terminal Server Edition)
Risk Factor: Medium
Attack Type: Network Based

The ISS X-Force has discovered a denial of service attack against Windows
NT Server 4.0, Terminal Server Edition. This vulnerability allows a
remote attacker to quickly consume all available memory on a Windows NT
Terminal Server, causing a significant disruption for users currently
logged into the terminal server, and preventing any new terminal
connections from being successfully completed.

References:
Microsoft Security Bulletin (MS99-028): "Patch Available for 'Terminal
Server Connection Request Flooding' Vulnerability" at:
http://www.microsoft.com/security/bulletins/ms99-028.asp

_____

Date Reported: 1999-08-08
Vulnerability: frontpage-pws-dos
Platforms Affected: Microsoft FrontPage Server Extensions PWS
Risk Factor: Medium
Attack Type: Host/Network Based

A bug in Microsoft FrontPage Server Extensions PWS for Windows exists in
the way it handles long URLs. If someone sends it a URL of 167 characters
or more, then the web server crashes.

Reference:
BUGTRAQ Mailing List: "Crash FrontPage Remotely..." at:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=199908071207.FAA23507@mb3.mailbank.com

_____

Date Reported: 1999-08-08
Vulnerability: sun-stdcm-convert
Platforms Affected: Solaris (2.6)
Risk Factor: High
Attack Type: Host Based

A vulnerability exists in stdcm_convert, which is a program shipped with
CDE and packaged with Solaris 2.6. A local user could create a symbolic
link of the tmp file created by stdcm_convert and point it to any file on
the system. This would overwrite the file and make it writable by the
user. This could lead to a local root compromise.

Reference:
BUGTRAQ Mailing List: "sdtcm_convert" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-08&msg=19990809010450.A3223@hades.chaoz.org

_____

Date Reported: 1999-08-06
Vulnerability: exchange-relay
Platforms Affected: Microsoft Exchange (5.5)
Risk Factor: Low
Attack Type: Network Based

A vulnerability exists in Microsoft Exchange 5.5 with at least one
Internet Mail Service configured, which would allow a remote user to relay
mail off of the server to other users by using encapsulated SMTP
addresses. This could allow a spammer to send e-mail from your site, but
poses no real security risk.

Reference:
Microsoft Security Bulletin (MS99-027): "Patch Available for 'Encapsulated
SMTP Address' Vulnerability" at:
http://www.microsoft.com/security/bulletins/ms99-027.asp

_____

Date Reported: 1999-07-30
Vulnerability: gauntlet-dos
Platforms Affected: Gauntlet Firewall (5.0)
Risk Factor: High
Attack Type: Network Based

Network Associates Gauntlet Firewall contains a vulnerability that would
allow a remote attacker to crash the firewall by sending a specifically
constructed ICMP packet through the machine to a known IP inside the
firewall.

Reference:
BUGTRAQ Mailing List: "Remotely Lock Up Gauntlet 5.0" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-07-29&msg=199907301603.LAA17178@expert.cc.purdue.edu

_____


Risk Factor Key:

High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.


ISS is the pioneer and leading provider of adaptive network security
software delivering enterprise-wide information protection solutions. ISS'
award-winning SAFEsuite family of products enables information risk
management within intranet, extranet and electronic commerce environments.
By combining proactive vulnerability detection with real-time intrusion
detection and response, ISS' adaptive security approach creates a flexible
cycle of continuous security improvement, including security policy
implementation and enforcement. ISS SAFEsuite solutions strengthen the
security of existing systems and have dramatically improved the security
posture for organizations worldwide, making ISS a trusted security advisor
for firms in the Global 2000, 21 of the 25 largest U.S. commercial banks
and over 35 governmental agencies. For more information, call ISS at
678-443-6000 or 800-776-2362 or visit the ISS Web site at www.iss.net.


________

Copyright (c) 1999 by Internet Security Systems, Inc. Permission is hereby
granted for the redistribution of this Alert Summary electronically. It is
not to be edited in any way without express consent of the X-Force. If
you wish to reprint the whole or any part of this Alert Summary in any other
medium excluding electronic medium, please e-mail xforce@iss.net for
permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBN7hyVDRfJiV99eG9AQHmTQP9G81xqXy+YxZwipgqLfutU/CdRZgGsWn4
9g+ddZMaFbgRrAya6Ny+FArYi5iqQDJWzDtw8xknk7t++nDOOnDph97lxgGusH3r
mLIHwLqWERVSDMGJ4CUtRs/MrKLJhRw0lMDQ6QKXPXmONiBSvSVslskgeV8LVlWM
R8lq/ubHPCE=
=noQT
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close