what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iss.summary.6.3

iss.summary.6.3
Posted Feb 14, 2001
Site xforce.iss.net

ISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.

tags | remote, web, arbitrary, cgi, php, vulnerability
systems | cisco, linux, windows, solaris, suse
SHA-256 | cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06ccc

iss.summary.6.3

Change Mirror Download

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary
February 6, 2001
Volume 6 Number 3

X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php

_____

Contents

120 Reported Vulnerabilities

Risk Factor Key

_____

Date Reported: 1/31/01
Vulnerability: win2k-rdp-dos
Platforms Affected: Windows 2000
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows 2000 Server RDP denial of service
X-Force URL: http://xforce.iss.net/static/6035.php

_____

Date Reported: 1/31/01
Vulnerability: cisco-ccs-file-access
Platforms Affected: Cisco Content Services Switch
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Cisco CCS command line interface could allow read access to files and directories
X-Force URL: http://xforce.iss.net/static/6031.php

_____

Date Reported: 1/31/01
Vulnerability: quicktime-embedded-tag-bo
Platforms Affected: Quicktime 4.1.2
Risk Factor: High
Attack Type: Host Based
Brief Description: QuickTime Player EMBED tag buffer overflow
X-Force URL: http://xforce.iss.net/static/6040.php

_____

Date Reported: 1/31/01
Vulnerability: solaris-ximp40-bo
Platforms Affected: Solaris (7, 8)
Risk Factor: High
Attack Type: Host Based
Brief Description: Solaris "ximp40" shared library buffer overflow
X-Force URL: http://xforce.iss.net/static/6039.php

_____

Date Reported: 1/31/01
Vulnerability: cisco-ccs-cli-dos
Platforms Affected: Cisco Content Services Switch
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Cisco CCS command line interface denial of service
X-Force URL: http://xforce.iss.net/static/6030.php

_____

Date Reported: 1/30/01
Vulnerability: slimserve-httpd-dos
Platforms Affected: SlimServe 1.0
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SlimServe HTTPd denial of service
X-Force URL: http://xforce.iss.net/static/6028.php

_____

Date Reported: 1/30/01
Vulnerability: crazywwwboard-qdecoder-bo
Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1
Risk Factor: Medium
Attack Type: Network Based
Brief Description: CrazyWWWBoard qDecoder buffer overflow
X-Force URL: http://xforce.iss.net/static/6033.php

_____

Date Reported: 1/30/01
Vulnerability: virusbuster-mua-bo
Platforms Affected:
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow
X-Force URL: http://xforce.iss.net/static/6034.php

_____

Date Reported: 1/29/01
Vulnerability: iis-isapi-obtain-code
Platforms Affected: IIS (4.0, 5.0)
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions
X-Force URL: http://xforce.iss.net/static/6032.php

_____

Date Reported: 1/29/01
Vulnerability: bind-inverse-query-disclosure
Platforms Affected: Bind (4.x, 8.2.x)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BIND 4.x and 8.2.x exposes environment variables
X-Force URL: http://xforce.iss.net/static/6018.php

_____

Date Reported: 1/29/01
Vulnerability: hp-man-dos
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP man command denial of service
X-Force URL: http://xforce.iss.net/static/6014.php

_____

Date Reported: 1/29/01
Vulnerability: sort-temp-file-abort
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sort temporary files denial of service
X-Force URL: http://xforce.iss.net/static/6038.php

_____

Date Reported: 1/29/01
Vulnerability: bind-complain-format-string
Platforms Affected: BIND 4.x
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BIND 4.x nslookupComplain() format string
X-Force URL: http://xforce.iss.net/static/6017.php

_____

Date Reported: 1/29/01
Vulnerability: bind-complain-bo
Platforms Affected: BIND 4.x
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BIND 4.x nslookupComplain() buffer overflow
X-Force URL: http://xforce.iss.net/static/6016.php

_____

Date Reported: 1/29/01
Vulnerability: winvnc-client-bo
Platforms Affected: WinVNC
Risk Factor: High
Attack Type: Network Based
Brief Description: WinVNC client buffer overflow
X-Force URL: http://xforce.iss.net/static/6025.php

_____

Date Reported: 1/29/01
Vulnerability: winvnc-server-bo
Platforms Affected: WinVNC
Risk Factor: High
Attack Type: Network Based
Brief Description: WinVNC server buffer overflow
X-Force URL: http://xforce.iss.net/static/6026.php

_____

Date Reported: 1/29/01
Vulnerability: guestserver-cgi-execute-commands
Platforms Affected: Guestserver 4.12 and earlier
Risk Factor: High
Attack Type: Network Based
Brief Description: Guestserver.cgi allows remote command execution
X-Force URL: http://xforce.iss.net/static/6027.php

_____

Date Reported: 1/29/01
Vulnerability: bind-tsig-bo
Platforms Affected: BIND 8.2.x
Risk Factor: Unauthorized Access Attempt
Attack Type: Network/Host Based
Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow
X-Force URL: http://xforce.iss.net/static/6015.php

_____

Date Reported: 1/28/01
Vulnerability: hyperseek-cgi-reveal-info
Platforms Affected: Hyperseek Search Engine 2000
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Hyperseek CGI could reveal listings of directories and files
X-Force URL: http://xforce.iss.net/static/6012.php

_____

Date Reported: 1/26/01
Vulnerability: newsdaemon-gain-admin-access
Platforms Affected: NewsDaemon prior to 0.21b
Risk Factor: High
Attack Type: Network Based
Brief Description: NewsDaemon allows remote users to gain administrative access
X-Force URL: http://xforce.iss.net/static/6010.php

_____

Date Reported: 1/26/01
Vulnerability: mars-nwe-format-string
Platforms Affected: Mars_nwe 0.99.pl19
Risk Factor: High
Attack Type: Network Based
Brief Description: Mars_nwe format string
X-Force URL: http://xforce.iss.net/static/6019.php

_____

Date Reported: 1/26/01
Vulnerability: mars-nwe-format-string
Platforms Affected: Mars_nwe 0.99.pl19
Risk Factor: High
Attack Type: Network Based
Brief Description: Mars_nwe format string
X-Force URL: http://xforce.iss.net/static/6019.php

_____

Date Reported: 1/25/01
Vulnerability: planetintra-pi-bo
Platforms Affected: Planet Intra LAN Intranet 2.5
Risk Factor: High
Attack Type: Network Based
Brief Description: Planet Intra 'pi' binary buffer oveflow
X-Force URL: http://xforce.iss.net/static/6002.php

_____

Date Reported: 1/25/01
Vulnerability: borderware-ping-dos
Platforms Affected: BorderWare Firewall Server 6.1.2
Risk Factor: High
Attack Type: Network Based
Brief Description: BorderWare ping denial of service
X-Force URL: http://xforce.iss.net/static/6004.php

_____

Date Reported: 1/25/01
Vulnerability: aol-malformed-url-dos
Platforms Affected: AOL 5.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: AOL malformed URL denial of service
X-Force URL: http://xforce.iss.net/static/6009.php

_____

Date Reported: 1/25/01
Vulnerability: mirc-bypass-password
Platforms Affected: mIRC
Risk Factor: High
Attack Type: Host Based
Brief Description: mIRC allows malicious user to bypass password
X-Force URL: http://xforce.iss.net/static/6013.php

_____

Date Reported: 1/25/01
Vulnerability: netscape-enterprise-revlog-dos
Platforms Affected: Netscape Enterprise Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Enterprise Server REVLOG denial of service
X-Force URL: http://xforce.iss.net/static/6003.php

_____

Date Reported: 1/24/01
Vulnerability: aim-execute-code
Platforms Affected: AOL Instant Messenger 4.1 and later
Risk Factor: High
Attack Type: Host Based
Brief Description: AOL Instant Messenger execution of code in modified images
X-Force URL: http://xforce.iss.net/static/6005.php

_____

Date Reported: 1/24/01
Vulnerability: netscape-enterprise-list-directories
Platforms Affected: Netscape Enterprise Server (3.0, 4.0)
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Netscape Enterprise Server allows remote directory listing
X-Force URL: http://xforce.iss.net/static/5997.php

_____

Date Reported: 1/24/01
Vulnerability: winnt-mutex-dos
Platforms Affected: Windows NT 4.0
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Windows NT mutex denial of service
X-Force URL: http://xforce.iss.net/static/6006.php

_____

Date Reported: 1/24/01
Vulnerability: jrun-webinf-file-retrieval
Platforms Affected: JRun
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: JRun malformed URL file retrieval
X-Force URL: http://xforce.iss.net/static/6008.php

_____

Date Reported: 1/23/01
Vulnerability: ipfw-bypass-firewall
Platforms Affected: FreeBSD (3.x, 4.x)
Risk Factor: High
Attack Type: Network Based
Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall
X-Force URL: http://xforce.iss.net/static/5998.php

_____

Date Reported: 1/23/01
Vulnerability: netopia-telnet-dos
Platforms Affected: Netopia R-series router
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netopia R9100 allows remote user to crash the router using telnet
X-Force URL: http://xforce.iss.net/static/6001.php

_____

Date Reported: 1/23/01
Vulnerability: wuftp-debug-format-string
Platforms Affected: Wu-ftpd
Risk Factor: High
Attack Type: Network Based
Brief Description: Wu-ftpd debug mode format string
X-Force URL: http://xforce.iss.net/static/6020.php

_____

Date Reported: 1/23/01
Vulnerability: kde2-kdesu-retrieve-passwords
Platforms Affected: Linux: Caldera eDesktop 2.4
Risk Factor: High
Attack Type: Host Based
Brief Description: KDE2 kdesu program allows users to retrieve passwords
X-Force URL: http://xforce.iss.net/static/5995.php

_____

Date Reported: 1/23/01
Vulnerability: easycom-safecom-url-bo
Platforms Affected: Easycom/Safecom firmware 404.590
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Easycom/Safecom print server long URL buffer overflow
X-Force URL: http://xforce.iss.net/static/5988.php

_____

Date Reported: 1/23/01
Vulnerability: easycom-safecom-printguide-dos
Platforms Affected: Easycom/Safecom firmware 404.590
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Easycom/Safecom PrintGuide denial of service
X-Force URL: http://xforce.iss.net/static/5989.php

_____

Date Reported: 1/23/01
Vulnerability: easycom-safecom-ftp-dos
Platforms Affected: Easycom/Safecom firmware 404.590
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Easycom/Safecom FTP denial of service
X-Force URL: http://xforce.iss.net/static/5990.php

_____

Date Reported: 1/23/01
Vulnerability: vnc-weak-authentication
Platforms Affected: VNC 3.3.3 and earlier
Risk Factor: Medium
Attack Type: Network Based
Brief Description: VNC weak authentication could allow unauthorized access
X-Force URL: http://xforce.iss.net/static/5992.php

_____

Date Reported: 1/23/01
Vulnerability: lotus-domino-smtp-bo
Platforms Affected: Lotus Domino 5.0
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Domino SMTP Server policy feature buffer overflow
X-Force URL: http://xforce.iss.net/static/5993.php

_____

Date Reported: 1/23/01
Vulnerability: linux-sash-shadow-readable
Platforms Affected: sash prior to 3.4-4
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux sash /etc/shadow directory world-readable
X-Force URL: http://xforce.iss.net/static/5994.php

_____

Date Reported: 1/22/01
Vulnerability: powerpoint-execute-code
Platforms Affected: Microsoft PowerPoint 2000
Risk Factor: High
Attack Type: Host Based
Brief Description: PowerPoint could allow code execution on another user's computer
X-Force URL: http://xforce.iss.net/static/5996.php

_____

Date Reported: 1/22/01
Vulnerability: icecast-format-string
Platforms Affected: Icecast 1.3.8beta2 and prior
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Icecast format string could allow arbitrary code execution
X-Force URL: http://xforce.iss.net/static/5978.php

_____

Date Reported: 1/22/01
Vulnerability: oracle-handlers-directory-traversal
Platforms Affected: Oracle 8.1.7
Risk Factor: High
Attack Type: Network Based
Brief Description: Oracle JSP/SQLJP handlers directory traversal
X-Force URL: http://xforce.iss.net/static/5986.php

_____

Date Reported: 1/22/01
Vulnerability: oracle-handlers-execute-jsp
Platforms Affected: Oracle 8.1.7
Risk Factor: High
Attack Type: Network Based
Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files
X-Force URL: http://xforce.iss.net/static/5987.php

_____

Date Reported: 1/22/01
Vulnerability: netscape-enterprise-dot-dos
Platforms Affected: Netscape Enterprise Server 4.1 SP5
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Netscape Enterprise Server "/../" denial of service
X-Force URL: http://xforce.iss.net/static/5983.php

_____

Date Reported: 1/22/01
Vulnerability: goodtech-ftp-dos
Platforms Affected: GoodTech FTP 3.0.1.2.1.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: GoodTech FTP server denial of service
X-Force URL: http://xforce.iss.net/static/5984.php

_____

Date Reported: 1/22/01
Vulnerability: netscape-fasttrack-cache-dos
Platforms Affected: Netscape FastTrack
Risk Factor: Low
Attack Type: Host Based
Brief Description: Netscape FastTrack Server cache denial of service
X-Force URL: http://xforce.iss.net/static/5985.php

_____

Date Reported: 1/21/01
Vulnerability: eeye-iris-dos
Platforms Affected: Iris Network Analyzer 1.01beta
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Iris denial of service
X-Force URL: http://xforce.iss.net/static/5981.php

_____

Date Reported: 1/20/01
Vulnerability: watchguard-firebox-obtain-passphrase
Platforms Affected: Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox allows remote user to obtain passphrase
X-Force URL: http://xforce.iss.net/static/5979.php

_____

Date Reported: 1/19/01
Vulnerability: fastream-ftp-server-dos
Platforms Affected: Fastream FTP++ Simple FTP Server 2.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Fastream FTP denial of service
X-Force URL: http://xforce.iss.net/static/5976.php

_____

Date Reported: 1/19/01
Vulnerability: fastream-ftp-path-disclosure
Platforms Affected: Fastream FTP++ Simple FTP Server 2.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Fastream FTP path disclosure
X-Force URL: http://xforce.iss.net/static/5977.php

_____

Date Reported: 1/19/01
Vulnerability: localweb2k-directory-traversal
Platforms Affected: LocalWEB2000 HTTP Server 1.1.0
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LocalWEB2000 directory traversal
X-Force URL: http://xforce.iss.net/static/5982.php

_____

Date Reported: 1/19/01
Vulnerability: win2k-efs-recover-data
Platforms Affected: Windows 2000
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows 2000 EFS allows local user to recover sensitive data
X-Force URL: http://xforce.iss.net/static/5973.php

_____

Date Reported: 1/19/01
Vulnerability: linux-bing-bo
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Bing host name buffer overflow
X-Force URL: http://xforce.iss.net/static/6036.php

_____

Date Reported: 1/18/01
Vulnerability: micq-sprintf-remote-bo
Platforms Affected: Matt's ICQ Clone 0.4.6
Risk Factor: High
Attack Type: Network Based
Brief Description: ICQ clone for Linux sprintf() remote buffer overflow
X-Force URL: http://xforce.iss.net/static/5962.php

_____

Date Reported: 1/18/01
Vulnerability: mysql-select-bo
Platforms Affected: MySQL prior to 3.23.31
Risk Factor: High
Attack Type: Host Based
Brief Description: MySQL select buffer overflow
X-Force URL: http://xforce.iss.net/static/5969.php

_____

Date Reported: 1/18/01
Vulnerability: shoutcast-description-bo
Platforms Affected: SHOUTcast DNAS 1.7.1
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Shoutcast Server for Linux description buffer overflow
X-Force URL: http://xforce.iss.net/static/5965.php

_____

Date Reported: 1/17/01
Vulnerability: fw1-limited-license-dos
Platforms Affected: Check Point Firewall-1 4.1
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: FireWall-1 limited-IP license denial of service
X-Force URL: http://xforce.iss.net/static/5966.php

_____

Date Reported: 1/17/01
Vulnerability: fw1-limited-license-dos
Platforms Affected: Check Point Firewall-1 4.1
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: FireWall-1 limited-IP license denial of service
X-Force URL: http://xforce.iss.net/static/5966.php

_____

Date Reported: 1/17/01
Vulnerability: hp-stm-dos
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP-UX Support Tools Manager denial of service
X-Force URL: http://xforce.iss.net/static/5957.php

_____

Date Reported: 1/17/01
Vulnerability: linux-webmin-tmpfiles
Platforms Affected: OpenLinux (2.3, 2.4)
Risk Factor: High
Attack Type: Host Based
Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files
X-Force URL: http://xforce.iss.net/static/6011.php

_____

Date Reported: 1/17/01
Vulnerability: tinyproxy-remote-bo
Platforms Affected: tinyproxy 1.3.2 and 1.3.3
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Tinyproxy remote buffer overflow
X-Force URL: http://xforce.iss.net/static/5954.php

_____

Date Reported: 1/17/01
Vulnerability: postaci-sql-command-injection
Platforms Affected: PostACI
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Postaci SQL command injection
X-Force URL: http://xforce.iss.net/static/5972.ph p

_____

Date Reported: 1/17/01
Vulnerability: wwwwais-cgi-dos
Platforms Affected: wwwwais.c 25
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: wwwwais CGI based program denial of service
X-Force URL: http://xforce.iss.net/static/5980.php

_____

Date Reported: 1/17/01
Vulnerability: mime-header-attachment
Platforms Affected: MIME 1.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: MIME headers could allow spoofed file attachment
X-Force URL: http://xforce.iss.net/static/5991.php

_____

Date Reported: 1/16/01
Vulnerability: ssh-rpc-private-key
Platforms Affected: SSH
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key
X-Force URL: http://xforce.iss.net/static/5963.php

_____

Date Reported: 1/16/01
Vulnerability: linux-glibc-preload-overwrite
Platforms Affected: Linux
Risk Factor: Low
Attack Type: Host Based
Brief Description: Linux glibc LD_PRELOAD file overwrite
X-Force URL: http://xforce.iss.net/static/5971.php

_____

Date Reported: 1/16/01
Vulnerability: inn-tmpfile-symlink
Platforms Affected: InterNet News (INN)
Risk Factor: High
Attack Type: Host Based
Brief Description: INN tmpfile symbolic link
X-Force URL: http://xforce.iss.net/static/5974.php

_____

Date Reported: 1/15/01
Vulnerability: interscan-viruswall-insecure-password
Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x)
Risk Factor: High
Attack Type: Network Based
Brief Description: InterScan VirusWall for Unix password change insecure
X-Force URL: http://xforce.iss.net/static/5944.php

_____

Date Reported: 1/15/01
Vulnerability: interscan-viruswall-weak-authentication
Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: InterScan VirusWall for Unix uses weak authentication
X-Force URL: http://xforce.iss.net/static/5946.php

_____

Date Reported: 1/15/01
Vulnerability: ie-mshtml-dos
Platforms Affected: Internet Explorer 4.0 and later
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Internet Explorer mshtml.dll denial of service
X-Force URL: http://xforce.iss.net/static/5938.php

_____

Date Reported: 1/15/01
Vulnerability: dhcp-format-string
Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)
Risk Factor: High
Attack Type: Network Based
Brief Description: Caldera DHCP format string
X-Force URL: http://xforce.iss.net/static/5953.php

_____

Date Reported: 1/15/01
Vulnerability: win-mediaplayer-arbitrary-code
Platforms Affected: Windows Media Player 7.0
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Windows Media Player skins can be used execute arbitrary code
X-Force URL: http://xforce.iss.net/static/5937.php

_____

Date Reported: 1/15/01
Vulnerability: veritas-backupexec-dos
Platforms Affected: Backup Exec 4.5
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Veritas Backup Exec denial of service
X-Force URL: http://xforce.iss.net/static/5941.php

_____

Date Reported: 1/15/01
Vulnerability: interscan-viruswall-symlink
Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x)
Risk Factor: High
Attack Type: Host Based
Brief Description: InterScan VirusWall for Unix symbolic link
X-Force URL: http://xforce.iss.net/static/5947.php

_____

Date Reported: 1/15/01
Vulnerability: omnihttpd-statsconfig-corrupt-files
Platforms Affected: OmniHTTPd
Risk Factor: Medium
Attack Type: Network Based
Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system
X-Force URL: http://xforce.iss.net/static/5955.php

_____

Date Reported: 1/15/01
Vulnerability: omnihttpd-statsconfig-execute-code
Platforms Affected: OmniHTTPd
Risk Factor: High
Attack Type: Network Based
Brief Description: OmniHTTPD statsconfig.pl allows code execution
X-Force URL: http://xforce.iss.net/static/5956.php

_____

Date Reported: 1/15/01
Vulnerability: icmp-pmtu-dos
Platforms Affected: Linux
BSD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ICMP PMTU denial of service
X-Force URL: http://xforce.iss.net/static/5975.php

_____

Date Reported: 1/15/01
Vulnerability: icmp-pmtu-dos
Platforms Affected: Linux
BSD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ICMP PMTU denial of service
X-Force URL: http://xforce.iss.net/static/5975.php

_____

Date Reported: 1/14/01
Vulnerability: splitvt-perserc-format-string
Platforms Affected: splitvt 1.6.4 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: Splitvt perserc.c module format string
X-Force URL: http://xforce.iss.net/static/5948.php

_____

Date Reported: 1/14/01
Vulnerability: splitvt-perserc-format-string
Platforms Affected: splitvt 1.6.4 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: Splitvt perserc.c module format string
X-Force URL: http://xforce.iss.net/static/5948.php

_____

Date Reported: 1/14/01
Vulnerability: flash-module-bo
Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Flash browser module buffer overflow
X-Force URL: http://xforce.iss.net/static/5952.php

_____

Date Reported: 1/13/01
Vulnerability: rctab-elevate-privileges
Platforms Affected: Linux SuSE
Risk Factor: Medium
Attack Type: Host Based
Brief Description: rctab in SuSE Linux could allow privilege elevation
X-Force URL: http://xforce.iss.net/static/5945.php

_____

Date Reported: 1/12/01
Vulnerability: ultraboard-cgi-perm
Platforms Affected: UltraBoard 2000B
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: UltraBoard CGI weak permissions
X-Force URL: http://xforce.iss.net/static/5931.php

_____

Date Reported: 1/12/01
Vulnerability: compaq-web-management-bo
Platforms Affected: Compaq Web-Based Management
Risk Factor: High
Attack Type: Network Based
Brief Description: Compaq Web-Based Management program buffer overflow
X-Force URL: http://xforce.iss.net/static/5935.php

_____

Date Reported: 1/12/01
Vulnerability: php-htaccess-unauth-access
Platforms Affected: PHP (4.0.0, 4.0.4)
Risk Factor: Low
Attack Type: Network Based
Brief Description: PHP could allow unauthorized access to restricted files
X-Force URL: http://xforce.iss.net/static/5940.php

_____

Date Reported: 1/12/01
Vulnerability: basilix-webmail-retrieve-files
Platforms Affected: Basilix Webmail 0.9.7beta
Risk Factor: Low
Attack Type: Network Based
Brief Description: Basilix Webmail System allows unauthorized users to retrieve files
X-Force URL: http://xforce.iss.net/static/5934.php

_____

Date Reported: 1/12/01
Vulnerability: solaris-arp-bo
Platforms Affected: Solaris
Risk Factor: High
Attack Type: Host Based
Brief Description: Solaris arp buffer overflow
X-Force URL: http://xforce.iss.net/static/5928.php

_____

Date Reported: 1/12/01
Vulnerability: php-view-source-code
Platforms Affected: PHP (4.0.0, 4.0.4)
Risk Factor: Low
Attack Type: Network Based
Brief Description: PHP could allow remote viewing of source code
X-Force URL: http://xforce.iss.net/static/5939.php

_____

Date Reported: 1/11/01
Vulnerability: wec-ntlm-authentication
Platforms Affected: Windows 2000
Microsoft Office 2000
Windows ME
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Web Extender Client (WEC) NTLM authentication
X-Force URL: http://xforce.iss.net/static/5920.php

_____

Date Reported: 1/11/01
Vulnerability: spamcop-url-seq-predict
Platforms Affected: SpamCop
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: SpamCop URL number increment sequence prediction
X-Force URL: http://xforce.iss.net/static/5933.php

_____

Date Reported: 1/10/01
Vulnerability: linux-wuftpd-privatepw-symlink
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux wu-ftpd privatepw symbolic link
X-Force URL: http://xforce.iss.net/static/5915.php

_____

Date Reported: 1/10/01
Vulnerability: rdist-symlink
Platforms Affected: rdist
Risk Factor: High
Attack Type: Host Based
Brief Description: rdist symbolic link
X-Force URL: http://xforce.iss.net/static/5925.php

_____

Date Reported: 1/10/01
Vulnerability: squid-email-symlink
Platforms Affected: squid
Risk Factor: High
Attack Type: Host Based
Brief Description: squid email notification symbolic link
X-Force URL: http://xforce.iss.net/static/5921.php

_____

Date Reported: 1/10/01
Vulnerability: linux-diffutils-sdiff-symlimk
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux diffutils sdiff symbolic link
X-Force URL: http://xforce.iss.net/static/5914.php

_____

Date Reported: 1/10/01
Vulnerability: tcpdump-arpwatch-symlink
Platforms Affected: arpwatch
Risk Factor: High
Attack Type: Host Based
Brief Description: tcpdump arpwatch symbolic link
X-Force URL: http://xforce.iss.net/static/5922.php

_____

Date Reported: 1/10/01
Vulnerability: linuxconf-vpop3d-symlink
Platforms Affected: linuxconf
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linuxconf vpop3d symbolic link
X-Force URL: http://xforce.iss.net/static/5923.php

_____

Date Reported: 1/10/01
Vulnerability: shadow-utils-useradd-symlink
Platforms Affected: shadow-utils
Risk Factor: High
Attack Type: Host Based
Brief Description: shadow-utils useradd symbolic link
X-Force URL: http://xforce.iss.net/static/5927.php

_____

Date Reported: 1/10/01
Vulnerability: linux-glibc-read-files
Platforms Affected: Linux glibc
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux glibc library can allow users to read restricted files
X-Force URL: http://xforce.iss.net/static/5907.php

_____

Date Reported: 1/10/01
Vulnerability: gettyps-symlink
Platforms Affected: gettyps
Risk Factor: High
Attack Type: Host Based
Brief Description: getty_ps symbolic link
X-Force URL: http://xforce.iss.net/static/5924.php

_____

Date Reported: 1/10/01
Vulnerability: linux-gpm-symlink
Platforms Affected: gpm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux gpm symbolic link attack
X-Force URL: http://xforce.iss.net/static/5917.php

_____

Date Reported: 1/10/01
Vulnerability: linux-mgetty-symlink
Platforms Affected: mgetty
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux mgetty symbolic link attack
X-Force URL: http://xforce.iss.net/static/5918.php

_____

Date Reported: 1/10/01
Vulnerability: linux-apache-symlink
Platforms Affected: Apache
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux Apache symbolic link
X-Force URL: http://xforce.iss.net/static/5926.php

_____

Date Reported: 1/10/01
Vulnerability: linux-inn-symlink
Platforms Affected: inn
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux INN tmp directory symbolic link
X-Force URL: http://xforce.iss.net/static/5916.php

_____

Date Reported: 1/10/01
Vulnerability: conferenceroom-developer-dos
Platforms Affected: ConferenceRoom Professional Edition
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: ConferenceRoom Developer Edition denial of service
X-Force URL: http://xforce.iss.net/static/5909.php

_____

Date Reported: 1/9/01
Vulnerability: oracle-xsql-execute-code
Platforms Affected: Oracle 8.1.7
Risk Factor: High
Attack Type: Network Based
Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server
X-Force URL: http://xforce.iss.net/static/5905.php

_____

Date Reported: 1/9/01
Vulnerability: netscreen-webui-bo
Platforms Affected: NetScreen
Risk Factor: Medium
Attack Type: Network Based
Brief Description: NetScreen Firewall WebUI buffer overflow
X-Force URL: http://xforce.iss.net/static/5908.php

_____

Date Reported: 1/9/01
Vulnerability: suse-reiserfs-long-filenames
Platforms Affected: SuSE 7.0
Risk Factor: High
Attack Type: Host Based
Brief Description: SuSE reiserfs long file name denial of service
X-Force URL: http://xforce.iss.net/static/5910.php

_____

Date Reported: 1/9/01
Vulnerability: interbase-backdoor-account
Platforms Affected: InterBase 6.01 and earlier
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: InterBase built-in backdoor account
X-Force URL: http://xforce.iss.net/static/5911.php

_____

Date Reported: 1/9/01
Vulnerability: interbase-hidden-function-dos
Platforms Affected: InterBase 6.01
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: InterBase hidden function denial of service
X-Force URL: http://xforce.iss.net/static/5912.php

_____

Date Reported: 1/9/01
Vulnerability: brickserver-thttpd-dos
Platforms Affected: BRICKServer Small Business
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BRICKServer thttpd denial of service
X-Force URL: http://xforce.iss.net/static/5919.php

_____

Date Reported: 1/9/01
Vulnerability: solaris-exrecover-bo
Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Solaris exrecover buffer overflow
X-Force URL: http://xforce.iss.net/static/5913.php

_____

Date Reported: 1/9/01
Vulnerability: hp-inetd-swait-dos
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP-UX inetd swait denial of service
X-Force URL: http://xforce.iss.net/static/5904.php

_____

Date Reported: 1/8/01
Vulnerability: microsoft-iis-read-files
Platforms Affected: IIS (4.0, 5.0)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL
X-Force URL: http://xforce.iss.net/static/5903.php

_____

Date Reported: 1/8/01
Vulnerability: ibm-websphere-dos
Platforms Affected: IBM Websphere 3.52
IBM HTTP Server 1.3.12
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM WebSphere denial of service
X-Force URL: http://xforce.iss.net/static/5900.php

_____

Date Reported: 1/8/01
Vulnerability: storagesoft-imagecast-dos
Platforms Affected: ImageCast 4.1
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: StorageSoft ImageCast denial of service
X-Force URL: http://xforce.iss.net/static/5901.php

_____

Date Reported: 1/8/01
Vulnerability: nai-pgp-replace-keys
Platforms Affected: PGP 7.0
Risk Factor: Medium
Attack Type: Host Based
Brief Description: PGP users may replace signed exported key blocks with arbitrary keys
X-Force URL: http://xforce.iss.net/static/5902.php

_____

Date Reported: 1/7/01
Vulnerability: http-cgi-bbs-forum
Platforms Affected: WebBBS 1.0
Risk Factor: High
Attack Type: Network Based
Brief Description: bbs_forum.cgi allows remote command execution
X-Force URL: http://xforce.iss.net/static/5906.php

_____

Date Reported: 1/5/01
Vulnerability: lotus-domino-directory-traversal
Platforms Affected: Lotus Domino 5.0.x
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal
X-Force URL: http://xforce.iss.net/static/5899.php

_____

Date Reported: 1/5/01
Vulnerability: http-cgi-fastgraf
Platforms Affected: FASTGRAF
Risk Factor: High
Attack Type: Network Based
Brief Description: Fastgraf CGI scripts allow remote command execution
X-Force URL: http://xforce.iss.net/static/5897.php

_____

Date Reported: 1/4/01
Vulnerability: newsdesk-cgi-read-files
Platforms Affected: Newsdesk 1.2
Risk Factor: High
Attack Type: Network Based
Brief Description: Newsdesk.cgi allows read access to files
X-Force URL: http://xforce.iss.net/static/5898.php

_____

Date Reported: 1/1/01
Vulnerability: gtk-module-execute-code
Platforms Affected: GTK+ 1.2.8 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: GTK+ arbitrary code execution using custom loadable module
X-Force URL: http://xforce.iss.net/static/5832.php

_____

Date Reported: 1/1/01
Vulnerability: linux-tty-writable-dos
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux writable TTY denial of service
X-Force URL: http://xforce.iss.net/static/5896.php

_____


Risk Factor Key:

High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.


_____

Additional Information

This document is available at http://xforce.iss.net/alerts/advisennn.php.
To receive these Alerts and Advisories:
- - Subscribe to the Alert mailing list from
http://xforce.iss.net/maillists/index.php
- - Or send an email to majordomo@iss.net, and within the body of the
message type:
'subscribe alert' (without the quotes).


About Internet Security Systems (ISS)
Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading
global provider of security management solutions for the Internet.
By combining best of breed products, security management services,
aggressive research and development, and comprehensive educational
and consulting services, ISS is the trusted security advisor for
thousands of organizations around the world looking to protect their
mission critical information and networks.

Copyright (c) 2001 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this
Alert in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.




X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9
7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m
AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge
3mV5zJXCUM4=
=ClrQ
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close