what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iss.summary.5.8

iss.summary.5.8
Posted Sep 15, 2000
Site xforce.iss.net

ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.

tags | java, remote, shell, cgi, perl, spoof
systems | linux, windows, solaris, irix
SHA-256 | dbd64db221e040e05a4a342ac92b13566073a9300c9dab57446e955bb03abca1
Download | Favorite | View

iss.summary.5.8

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary
September 15, 2000
Volume 5  Number 8

X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php

In an effort to make the Alert Summary more concise, and easier to
use, we've changed the format. Full vulnerability details can now
be found using the URL at the end of each vulnerability listing.

_____

Contents

87 Reported Vulnerabilities

Risk Factor Key

_____

5166
Date Reported:    8/30/00
Vulnerability:    ftp-goodtech-rnto-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    GoodTech FTP RNTO denial of service
X-Force URL:    http://xforce.iss.net/static/5166.php

_____

5167
Date Reported:    8/30/00
Vulnerability:    imail-file-attachment
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    IMail unauthorized file attachments
X-Force URL:    http://xforce.iss.net/static/5167.php

_____

5161
Date Reported:    8/29/00
Vulnerability:    go-gnome-preinstaller-symlink
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    go-gnome pre-installer symlink attack
X-Force URL:    http://xforce.iss.net/static/5161.php

_____

5165
Date Reported:    8/29/00
Vulnerability:    mailers-cgimail-spoof
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Stalkerlab's Mailers CGImail.exe spoofing
X-Force URL:    http://xforce.iss.net/static/5165.php

_____

5168
Date Reported:    8/29/00
Vulnerability:    win-netbios-corrupt-cache
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Windows NetBIOS cache corruption
X-Force URL:    http://xforce.iss.net/static/5168.php

_____

5169
Date Reported:    8/29/00
Vulnerability:    news-publisher-add-author
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    News Publisher allows remote user to add author
X-Force URL:    http://xforce.iss.net/static/5169.php

_____

5170
Date Reported:    8/29/00
Vulnerability:    xpdf-embedded-url
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Xpdf embedded URL
X-Force URL:    http://xforce.iss.net/static/5170.php

_____

5154
Date Reported:    8/28/00
Vulnerability:    intel-express-switch-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    Intel Express Switch 550F malformed ip header denial of service
X-Force URL:    http://xforce.iss.net/static/5154.php

_____

5158
Date Reported:    8/28/00
Vulnerability:    viking-server-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    Viking Server buffer overflow
X-Force URL:    http://xforce.iss.net/static/5158.php

_____

5171
Date Reported:    8/28/00
Vulnerability:    win2k-corrupt-lsp
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Windows 2000 Local Security Policy Corruption
X-Force URL:    http://xforce.iss.net/static/5171.php

_____

5152
Date Reported:    8/27/00
Vulnerability:    vqserver-get-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    vqServer long GET denial of service
X-Force URL:    http://xforce.iss.net/static/5152.php

_____

5159
Date Reported:    8/26/00
Vulnerability:    mgetty-faxrunq-symlink
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    mgetty faxrunq symlink
X-Force URL:    http://xforce.iss.net/static/5159.php

_____

5147
Date Reported:    8/25/00
Vulnerability:    money-plaintext-password
Platforms Affected:  
Risk Factor:    Low
Attack Type:    Host Based
Brief Decription:    Microsoft Money plain-text password
X-Force URL:    http://xforce.iss.net/static/5147.php

_____

5148
Date Reported:    8/25/00
Vulnerability:    wormhttp-dir-traverse
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Worm HTTP Server directory traversal
X-Force URL:    http://xforce.iss.net/static/5148.php

_____

5149
Date Reported:    8/25/00
Vulnerability:    wormhttp-filename-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Worm HTTP Server long filename denial of service
X-Force URL:    http://xforce.iss.net/static/5149.php

_____

5150
Date Reported:    8/25/00
Vulnerability:    cgi-auction-weaver-read-files
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Auction Weaver allows directory traversal
X-Force URL:    http://xforce.iss.net/static/5150.php

_____

5156
Date Reported:    8/25/00
Vulnerability:    iis-cross-site-scripting
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    IIS Cross-Site Scripting
X-Force URL:    http://xforce.iss.net/static/5156.php

_____

5132
Date Reported:    8/24/00
Vulnerability:    telnetserver-rpc-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Pragma TelnetServer 2000 rpc module buffer overflow
X-Force URL:    http://xforce.iss.net/static/5132.php

_____

5136
Date Reported:    8/24/00
Vulnerability:    nai-pgp-unsigned-adk
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    NAI PGP certificates allow unsigned ADKs that could reveal plain text
X-Force URL:    http://xforce.iss.net/static/5136.php

_____

5157
Date Reported:    8/24/00
Vulnerability:    website-pro-upload-files
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    WebSite Pro allows any user to upload files
X-Force URL:    http://xforce.iss.net/static/5157.php

_____

5125
Date Reported:    8/23/00
Vulnerability:    account-manager-overwrite-password
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Account Manager could allow a remote attacker to overwrite admin password
X-Force URL:    http://xforce.iss.net/static/5125.php

_____

5126
Date Reported:    8/23/00
Vulnerability:    subscribe-me-overwrite-password
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Subscribe Me could allow a remote attacker to overwrite admin password
X-Force URL:    http://xforce.iss.net/static/5126.php

_____

5131
Date Reported:    8/22/00
Vulnerability:    hp-netinit-symlink
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    HP-UX net.init symlink attack
X-Force URL:    http://xforce.iss.net/static/5131.php

_____

5133
Date Reported:    8/22/00
Vulnerability:    realsecure-frag-syn-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    RealSecure fragmented SYN packet denial of service
X-Force URL:    http://xforce.iss.net/static/5133.php

_____

5135
Date Reported:    8/22/00
Vulnerability:    sunjava-webadmin-bbs
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Sun Java Web Server Webadmin and Bulletin Board
X-Force URL:    http://xforce.iss.net/static/5135.php

_____

5109
Date Reported:    8/21/00
Vulnerability:    zkey-java-compromise-accounts
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Zkey JavaScript bug allows user to compromise other users accounts
X-Force URL:    http://xforce.iss.net/static/5109.php

_____

5127
Date Reported:    8/21/00
Vulnerability:    java-vm-applet
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Microsoft Virtual Machine java applet allows malicious web site to masquerade as visitor
X-Force URL:    http://xforce.iss.net/static/5127.php

_____

5134
Date Reported:    8/21/00
Vulnerability:    darxite-login-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Darxite login buffer overflow allows user to execute arbitrary code
X-Force URL:    http://xforce.iss.net/static/5134.php

_____

5102
Date Reported:    8/20/00
Vulnerability:    gopherd-halidate-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    University of Minnesota gopherd halidate buffer overflow
X-Force URL:    http://xforce.iss.net/static/5102.php

_____

5108
Date Reported:    8/20/00
Vulnerability:    phpnuke-pwd-admin-access
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    PHP-Nuke URL configuration allows users to access admin writes to the program
X-Force URL:    http://xforce.iss.net/static/5108.php

_____

5110
Date Reported:    8/19/00
Vulnerability:    becky-imail-header-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Becky Internet Mail header denial of service
X-Force URL:    http://xforce.iss.net/static/5110.php

_____

5129
Date Reported:    8/19/00
Vulnerability:    gnome-installer-overwrite-configuration
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:  GNOME installer could allow user to overwrite configuration files
X-Force URL:    http://xforce.iss.net/static/5129.php

_____

5130
Date Reported:    8/19/00
Vulnerability:    gnome-lokkit-open-ports
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Some ports remain open in Gnome-Lokkit Firewall
X-Force URL:    http://xforce.iss.net/static/5130.php

_____

5151
Date Reported:    8/19/00
Vulnerability:    minicom-capture-groupown
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Minicom user can create capture file with gid uucp
X-Force URL:    http://xforce.iss.net/static/5151.php

_____

5100
Date Reported:    8/18/00
Vulnerability:    webshield-smtp-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    WebShield SMTP domain name period denial of service
X-Force URL:    http://xforce.iss.net/static/5100.php

_____

5090
Date Reported:    8/17/00
Vulnerability:    netwin-netauth-dir-traverse
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Netwin Netauth Directory Traversal could allow a remote attacker to read files
X-Force URL:    http://xforce.iss.net/static/5090.php

_____

5101
Date Reported:    8/17/00
Vulnerability:    xlock-format-d-option
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Xlockmore and xlock -d option string format could be used to execute code
X-Force URL:    http://xforce.iss.net/static/5101.php

_____

5124
Date Reported:    8/17/00
Vulnerability:    frontpage-ext-device-name-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    FrontPage Server Extensions device name denial of service
X-Force URL:    http://xforce.iss.net/static/5124.php

_____

5128
Date Reported:    8/17/00
Vulnerability:    xchat-url-execute-commands
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    X-Chat allows attacker to execute commands using URLs
X-Force URL:    http://xforce.iss.net/static/5128.php

_____

5163
Date Reported:    8/17/00
Vulnerability:    irix-worldview-wnn-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    IRIX WorldView wnn buffer overflow
X-Force URL:    http://xforce.iss.net/static/5163.php

_____

5091
Date Reported:    8/16/00
Vulnerability:    os2-ftpserver-login-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    OS/2 FTP Server login remote Denial of Service could crash FTP server
X-Force URL:    http://xforce.iss.net/static/5091.php

_____

5096
Date Reported:    8/15/00
Vulnerability:    weblogic-plugin-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Weblogic redirect request plugin has buffer overflows that can be used to gain root
X-Force URL:    http://xforce.iss.net/static/5096.php

_____

5097
Date Reported:    8/15/00
Vulnerability:    ie-folder-remote-exe
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Windows folder.htt allows execution of active scripting without approval
X-Force URL:    http://xforce.iss.net/static/5097.php

_____

5098
Date Reported:    8/15/00
Vulnerability:    firebox-url-dos
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Firebox II malformed URL to port 4100 denial of service
X-Force URL:    http://xforce.iss.net/static/5098.php

_____

5099
Date Reported:    8/15/00
Vulnerability:    trustix-secure-apache-misconfig
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Trustix Secure Linux installs Apache with world writable access
X-Force URL:    http://xforce.iss.net/static/5099.php

_____

5092
Date Reported:    8/14/00
Vulnerability:    irix-telnetd-syslog-format
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network Based
Brief Decription:    Irix telnetd syslog format string could allow remote code execution as root
X-Force URL:    http://xforce.iss.net/static/5092.php

_____

5093
Date Reported:    8/14/00
Vulnerability:    rapidstream-remote-execution
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network Based
Brief Decription:    Rapidstream remote root
X-Force URL:    http://xforce.iss.net/static/5093.php

_____

5094
Date Reported:    8/14/00
Vulnerability:    ntop-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    ntop buffer overflow
X-Force URL:    http://xforce.iss.net/static/5094.php

_____

5095
Date Reported:    8/14/00
Vulnerability:    iis-specialized-header
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Internet Information Server source disclosure
X-Force URL:    http://xforce.iss.net/static/5095.php

_____

5085
Date Reported:    8/12/00
Vulnerability:    linux-update-race-condition
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    GNOME updater in Linux is vulnerable to race condition
X-Force URL:    http://xforce.iss.net/static/5085.php

_____

5076
Date Reported:    8/11/00
Vulnerability:    etrust-access-control-default
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    eTrust Access Control default installation opens door for root compromise
X-Force URL:    http://xforce.iss.net/static/5076.php

_____

5084
Date Reported:    8/11/00
Vulnerability:    zope-additional-role
Platforms Affected:  
Risk Factor:    Low
Attack Type:    Host Based
Brief Decription:    zope package in Linux allows user to take on additional roles
X-Force URL:    http://xforce.iss.net/static/5084.php

_____

5115
Date Reported:    8/11/00
Vulnerability:    list-manager-elevate-privileges
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Lyris List Manager allows subscribers to elevate their privileges
X-Force URL:    http://xforce.iss.net/static/5115.php

_____

5071
Date Reported:    8/10/00
Vulnerability:    iis-incorrect-permissions
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    IIS canonicalization error applies incorrect permissions to certain types of files
X-Force URL:    http://xforce.iss.net/static/5071.php

_____

5077
Date Reported:    8/10/00
Vulnerability:    varicad-world-write-permissions
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Varicad for Linux (shipped with Red Hat) leaves directories and files world writable
X-Force URL:    http://xforce.iss.net/static/5077.php

_____

5081
Date Reported:    8/10/00
Vulnerability:    gopherd-gdeskey-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    gopherd 2.x GDESkey buffer overflow
X-Force URL:    http://xforce.iss.net/static/5081.php

_____

5081
Date Reported:    8/10/00
Vulnerability:    gopherd-gdeskey-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    gopherd 2.x GDESkey buffer overflow
X-Force URL:    http://xforce.iss.net/static/5081.php

_____

5113
Date Reported:    8/10/00
Vulnerability:    mediahouse-stats-livestats-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    Mediahouse Statistics Server LiveStats buffer overflow
X-Force URL:    http://xforce.iss.net/static/5113.php

_____

5048
Date Reported:    8/9/00
Vulnerability:    linux-umb-scheme
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    umb-scheme package in Linux includes world writable files
X-Force URL:    http://xforce.iss.net/static/5048.php

_____

5070
Date Reported:    8/9/00
Vulnerability:    mdaemon-session-id-hijack
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    MDaemon WorldClient could allow session ID hijacking
X-Force URL:    http://xforce.iss.net/static/5070.php

_____

5072
Date Reported:    8/9/00
Vulnerability:    tumbleweed-mms-blank-password
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Tumbleweed MMS uses a blank password
X-Force URL:    http://xforce.iss.net/static/5072.php

_____

5075
Date Reported:    8/9/00
Vulnerability:    ie-scriptlet-rendering-file-access
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Microsoft Internet Explorer 'scriptlet rendering' gives web site operators access to files
X-Force URL:    http://xforce.iss.net/static/5075.php

_____

5080
Date Reported:    8/9/00
Vulnerability:    office-html-object-tag
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Office 2000 HTML object tag buffer overflow
X-Force URL:    http://xforce.iss.net/static/5080.php

_____

5111
Date Reported:    8/9/00
Vulnerability:    hp-openview-nnm-password
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    HP OpenView Network Node Manager Web password
X-Force URL:    http://xforce.iss.net/static/5111.php

_____

5112
Date Reported:    8/9/00
Vulnerability:    hp-newgrp
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    HP-UX newgrp allows user to gain additional privileges
X-Force URL:    http://xforce.iss.net/static/5112.php

_____

5068
Date Reported:    8/8/00
Vulnerability:    totalbill-remote-execution
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    Sysgen component allows unauthorized access to port 9998
X-Force URL:    http://xforce.iss.net/static/5068.php

_____

5069
Date Reported:    8/8/00
Vulnerability:    solaris-answerbook2-admin-interface
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    Answerbook2 administration interface
X-Force URL:    http://xforce.iss.net/static/5069.php

_____

5047
Date Reported:    8/7/00
Vulnerability:    perl-shell-escape
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    setuidperl and mailx root compromise
X-Force URL:    http://xforce.iss.net/static/5047.php

_____

5058
Date Reported:    8/7/00
Vulnerability:    solaris-answerbook2-remote-execution
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    Solaris AnswerBook2 web interface could allow remote execution
X-Force URL:    http://xforce.iss.net/static/5058.php

_____

5067
Date Reported:    8/7/00
Vulnerability:    mopd-bo
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network Based
Brief Decription:    mopd daemon buffer overflow
X-Force URL:    http://xforce.iss.net/static/5067.php

_____

5032
Date Reported:    8/6/00
Vulnerability:    java-brownorifice
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network Based
Brief Decription:    Brown Orifice HTTPD
X-Force URL:    http://xforce.iss.net/static/5032.php

_____

5061
Date Reported:    8/5/00
Vulnerability:    diskcheck-tmp-race-condition
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Diskcheck race condition could be used to run files as root
X-Force URL:    http://xforce.iss.net/static/5061.php

_____

5029
Date Reported:    8/4/00
Vulnerability:    servu-null-character-dos
Platforms Affected:  
Risk Factor:    Low
Attack Type:    Network/Host Based
Brief Decription:    Serv U FTP denial of service flaw
X-Force URL:    http://xforce.iss.net/static/5029.php

_____

5057
Date Reported:    8/4/00
Vulnerability:    pccs-mysql-admin-tool
Platforms Affected:  
Risk Factor:    Low
Attack Type:    Network Based
Brief Decription:    PCCS MySQL Database Admin Tool could reveal username and password
X-Force URL:    http://xforce.iss.net/static/5057.php

_____

5011
Date Reported:    8/3/00
Vulnerability:    irix-xfs-truncate
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Host Based
Brief Decription:    truncate() system call does not properly check permissions
X-Force URL:    http://xforce.iss.net/static/5011.php

_____

5079
Date Reported:    8/3/00
Vulnerability:    win-ipx-ping-packet
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    Windows 95/98 malformed IPX ping packet denial of service
X-Force URL:    http://xforce.iss.net/static/5079.php

_____

5026
Date Reported:    8/2/00
Vulnerability:    nai-nettools-strong-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    NAI Net Tools PKI Server strong.exe buffer overflow
X-Force URL:    http://xforce.iss.net/static/5026.php

_____

5028
Date Reported:    8/2/00
Vulnerability:    fw1-unauth-rsh-connection
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network Based
Brief Decription:    Check Point FireWall-1 unauthorized rsh/rexec connection
X-Force URL:    http://xforce.iss.net/static/5028.php

_____

5031
Date Reported:    8/2/00
Vulnerability:    win2k-named-pipes
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
X-Force URL:    http://xforce.iss.net/static/5031.php

_____

5055
Date Reported:    8/2/00
Vulnerability:    sol-libprint-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    Solaris libprint.so.2 buffer overflow
X-Force URL:    http://xforce.iss.net/static/5055.php

_____

5056
Date Reported:    8/2/00
Vulnerability:    ntop-remote-file-access
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    ntop package in Linux allows remote file access
X-Force URL:    http://xforce.iss.net/static/5056.php

_____

5062
Date Reported:    8/2/00
Vulnerability:    irix-grosview-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    IRIX gr_osview buffer overflow
X-Force URL:    http://xforce.iss.net/static/5062.php

_____

5063
Date Reported:    8/2/00
Vulnerability:    irix-libgl-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    IRIX libgl.so buffer overflow
X-Force URL:    http://xforce.iss.net/static/5063.php

_____

5064
Date Reported:    8/2/00
Vulnerability:    irix-dmplay-bo
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    IRIX dmplay buffer overflow
X-Force URL:    http://xforce.iss.net/static/5064.php

_____

5065
Date Reported:    8/2/00
Vulnerability:    irix-inpview-symlink
Platforms Affected:  
Risk Factor:    High
Attack Type:    Host Based
Brief Decription:    IRIX inpview symbolic link
X-Force URL:    http://xforce.iss.net/static/5065.php

_____

5066
Date Reported:    8/2/00
Vulnerability:    nettools-pki-dir-traverse
Platforms Affected:  
Risk Factor:    Medium
Attack Type:    Network/Host Based
Brief Decription:    NAI's Net Tools PKI server directory traversal
X-Force URL:    http://xforce.iss.net/static/5066.php

_____

5137
Date Reported:    8/2/00
Vulnerability:    fw1-localhost-auth
Platforms Affected:  
Risk Factor:    High
Attack Type:    Network/Host Based
Brief Decription:    FireWall-1 misconfiguration could allow unauthenticated attackers to manipulate filter modules
X-Force URL:    http://xforce.iss.net/static/5137.php

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOcJ4YzRfJiV99eG9AQGoMwP+NpgSxSbSgwBjDUxRsIMaWM/eczKR8+4j
0HVIFulBNoze8xXUFZhFiFB5OHVs3wVUHWLNXjmLXONEs05OZaERLUgCr1Qtar6F
AGYWMIPeo5nnlLuIgSR4K4SZMP9M4+0rjMwbRaF8Xl9v8ya9oTCgxSwz5qEGqx6p
R8n+H7hm0Gs=
=0nYG
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close