ISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.
cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06ccc
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary
February 6, 2001
Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
_____
Contents
120 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 1/31/01
Vulnerability: win2k-rdp-dos
Platforms Affected: Windows 2000
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows 2000 Server RDP denial of service
X-Force URL: http://xforce.iss.net/static/6035.php
_____
Date Reported: 1/31/01
Vulnerability: cisco-ccs-file-access
Platforms Affected: Cisco Content Services Switch
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Cisco CCS command line interface could allow read access to files and directories
X-Force URL: http://xforce.iss.net/static/6031.php
_____
Date Reported: 1/31/01
Vulnerability: quicktime-embedded-tag-bo
Platforms Affected: Quicktime 4.1.2
Risk Factor: High
Attack Type: Host Based
Brief Description: QuickTime Player EMBED tag buffer overflow
X-Force URL: http://xforce.iss.net/static/6040.php
_____
Date Reported: 1/31/01
Vulnerability: solaris-ximp40-bo
Platforms Affected: Solaris (7, 8)
Risk Factor: High
Attack Type: Host Based
Brief Description: Solaris "ximp40" shared library buffer overflow
X-Force URL: http://xforce.iss.net/static/6039.php
_____
Date Reported: 1/31/01
Vulnerability: cisco-ccs-cli-dos
Platforms Affected: Cisco Content Services Switch
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Cisco CCS command line interface denial of service
X-Force URL: http://xforce.iss.net/static/6030.php
_____
Date Reported: 1/30/01
Vulnerability: slimserve-httpd-dos
Platforms Affected: SlimServe 1.0
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SlimServe HTTPd denial of service
X-Force URL: http://xforce.iss.net/static/6028.php
_____
Date Reported: 1/30/01
Vulnerability: crazywwwboard-qdecoder-bo
Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1
Risk Factor: Medium
Attack Type: Network Based
Brief Description: CrazyWWWBoard qDecoder buffer overflow
X-Force URL: http://xforce.iss.net/static/6033.php
_____
Date Reported: 1/30/01
Vulnerability: virusbuster-mua-bo
Platforms Affected:
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow
X-Force URL: http://xforce.iss.net/static/6034.php
_____
Date Reported: 1/29/01
Vulnerability: iis-isapi-obtain-code
Platforms Affected: IIS (4.0, 5.0)
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions
X-Force URL: http://xforce.iss.net/static/6032.php
_____
Date Reported: 1/29/01
Vulnerability: bind-inverse-query-disclosure
Platforms Affected: Bind (4.x, 8.2.x)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BIND 4.x and 8.2.x exposes environment variables
X-Force URL: http://xforce.iss.net/static/6018.php
_____
Date Reported: 1/29/01
Vulnerability: hp-man-dos
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP man command denial of service
X-Force URL: http://xforce.iss.net/static/6014.php
_____
Date Reported: 1/29/01
Vulnerability: sort-temp-file-abort
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sort temporary files denial of service
X-Force URL: http://xforce.iss.net/static/6038.php
_____
Date Reported: 1/29/01
Vulnerability: bind-complain-format-string
Platforms Affected: BIND 4.x
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BIND 4.x nslookupComplain() format string
X-Force URL: http://xforce.iss.net/static/6017.php
_____
Date Reported: 1/29/01
Vulnerability: bind-complain-bo
Platforms Affected: BIND 4.x
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BIND 4.x nslookupComplain() buffer overflow
X-Force URL: http://xforce.iss.net/static/6016.php
_____
Date Reported: 1/29/01
Vulnerability: winvnc-client-bo
Platforms Affected: WinVNC
Risk Factor: High
Attack Type: Network Based
Brief Description: WinVNC client buffer overflow
X-Force URL: http://xforce.iss.net/static/6025.php
_____
Date Reported: 1/29/01
Vulnerability: winvnc-server-bo
Platforms Affected: WinVNC
Risk Factor: High
Attack Type: Network Based
Brief Description: WinVNC server buffer overflow
X-Force URL: http://xforce.iss.net/static/6026.php
_____
Date Reported: 1/29/01
Vulnerability: guestserver-cgi-execute-commands
Platforms Affected: Guestserver 4.12 and earlier
Risk Factor: High
Attack Type: Network Based
Brief Description: Guestserver.cgi allows remote command execution
X-Force URL: http://xforce.iss.net/static/6027.php
_____
Date Reported: 1/29/01
Vulnerability: bind-tsig-bo
Platforms Affected: BIND 8.2.x
Risk Factor: Unauthorized Access Attempt
Attack Type: Network/Host Based
Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow
X-Force URL: http://xforce.iss.net/static/6015.php
_____
Date Reported: 1/28/01
Vulnerability: hyperseek-cgi-reveal-info
Platforms Affected: Hyperseek Search Engine 2000
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Hyperseek CGI could reveal listings of directories and files
X-Force URL: http://xforce.iss.net/static/6012.php
_____
Date Reported: 1/26/01
Vulnerability: newsdaemon-gain-admin-access
Platforms Affected: NewsDaemon prior to 0.21b
Risk Factor: High
Attack Type: Network Based
Brief Description: NewsDaemon allows remote users to gain administrative access
X-Force URL: http://xforce.iss.net/static/6010.php
_____
Date Reported: 1/26/01
Vulnerability: mars-nwe-format-string
Platforms Affected: Mars_nwe 0.99.pl19
Risk Factor: High
Attack Type: Network Based
Brief Description: Mars_nwe format string
X-Force URL: http://xforce.iss.net/static/6019.php
_____
Date Reported: 1/26/01
Vulnerability: mars-nwe-format-string
Platforms Affected: Mars_nwe 0.99.pl19
Risk Factor: High
Attack Type: Network Based
Brief Description: Mars_nwe format string
X-Force URL: http://xforce.iss.net/static/6019.php
_____
Date Reported: 1/25/01
Vulnerability: planetintra-pi-bo
Platforms Affected: Planet Intra LAN Intranet 2.5
Risk Factor: High
Attack Type: Network Based
Brief Description: Planet Intra 'pi' binary buffer oveflow
X-Force URL: http://xforce.iss.net/static/6002.php
_____
Date Reported: 1/25/01
Vulnerability: borderware-ping-dos
Platforms Affected: BorderWare Firewall Server 6.1.2
Risk Factor: High
Attack Type: Network Based
Brief Description: BorderWare ping denial of service
X-Force URL: http://xforce.iss.net/static/6004.php
_____
Date Reported: 1/25/01
Vulnerability: aol-malformed-url-dos
Platforms Affected: AOL 5.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: AOL malformed URL denial of service
X-Force URL: http://xforce.iss.net/static/6009.php
_____
Date Reported: 1/25/01
Vulnerability: mirc-bypass-password
Platforms Affected: mIRC
Risk Factor: High
Attack Type: Host Based
Brief Description: mIRC allows malicious user to bypass password
X-Force URL: http://xforce.iss.net/static/6013.php
_____
Date Reported: 1/25/01
Vulnerability: netscape-enterprise-revlog-dos
Platforms Affected: Netscape Enterprise Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Enterprise Server REVLOG denial of service
X-Force URL: http://xforce.iss.net/static/6003.php
_____
Date Reported: 1/24/01
Vulnerability: aim-execute-code
Platforms Affected: AOL Instant Messenger 4.1 and later
Risk Factor: High
Attack Type: Host Based
Brief Description: AOL Instant Messenger execution of code in modified images
X-Force URL: http://xforce.iss.net/static/6005.php
_____
Date Reported: 1/24/01
Vulnerability: netscape-enterprise-list-directories
Platforms Affected: Netscape Enterprise Server (3.0, 4.0)
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Netscape Enterprise Server allows remote directory listing
X-Force URL: http://xforce.iss.net/static/5997.php
_____
Date Reported: 1/24/01
Vulnerability: winnt-mutex-dos
Platforms Affected: Windows NT 4.0
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Windows NT mutex denial of service
X-Force URL: http://xforce.iss.net/static/6006.php
_____
Date Reported: 1/24/01
Vulnerability: jrun-webinf-file-retrieval
Platforms Affected: JRun
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: JRun malformed URL file retrieval
X-Force URL: http://xforce.iss.net/static/6008.php
_____
Date Reported: 1/23/01
Vulnerability: ipfw-bypass-firewall
Platforms Affected: FreeBSD (3.x, 4.x)
Risk Factor: High
Attack Type: Network Based
Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall
X-Force URL: http://xforce.iss.net/static/5998.php
_____
Date Reported: 1/23/01
Vulnerability: netopia-telnet-dos
Platforms Affected: Netopia R-series router
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netopia R9100 allows remote user to crash the router using telnet
X-Force URL: http://xforce.iss.net/static/6001.php
_____
Date Reported: 1/23/01
Vulnerability: wuftp-debug-format-string
Platforms Affected: Wu-ftpd
Risk Factor: High
Attack Type: Network Based
Brief Description: Wu-ftpd debug mode format string
X-Force URL: http://xforce.iss.net/static/6020.php
_____
Date Reported: 1/23/01
Vulnerability: kde2-kdesu-retrieve-passwords
Platforms Affected: Linux: Caldera eDesktop 2.4
Risk Factor: High
Attack Type: Host Based
Brief Description: KDE2 kdesu program allows users to retrieve passwords
X-Force URL: http://xforce.iss.net/static/5995.php
_____
Date Reported: 1/23/01
Vulnerability: easycom-safecom-url-bo
Platforms Affected: Easycom/Safecom firmware 404.590
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Easycom/Safecom print server long URL buffer overflow
X-Force URL: http://xforce.iss.net/static/5988.php
_____
Date Reported: 1/23/01
Vulnerability: easycom-safecom-printguide-dos
Platforms Affected: Easycom/Safecom firmware 404.590
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Easycom/Safecom PrintGuide denial of service
X-Force URL: http://xforce.iss.net/static/5989.php
_____
Date Reported: 1/23/01
Vulnerability: easycom-safecom-ftp-dos
Platforms Affected: Easycom/Safecom firmware 404.590
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Easycom/Safecom FTP denial of service
X-Force URL: http://xforce.iss.net/static/5990.php
_____
Date Reported: 1/23/01
Vulnerability: vnc-weak-authentication
Platforms Affected: VNC 3.3.3 and earlier
Risk Factor: Medium
Attack Type: Network Based
Brief Description: VNC weak authentication could allow unauthorized access
X-Force URL: http://xforce.iss.net/static/5992.php
_____
Date Reported: 1/23/01
Vulnerability: lotus-domino-smtp-bo
Platforms Affected: Lotus Domino 5.0
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Domino SMTP Server policy feature buffer overflow
X-Force URL: http://xforce.iss.net/static/5993.php
_____
Date Reported: 1/23/01
Vulnerability: linux-sash-shadow-readable
Platforms Affected: sash prior to 3.4-4
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux sash /etc/shadow directory world-readable
X-Force URL: http://xforce.iss.net/static/5994.php
_____
Date Reported: 1/22/01
Vulnerability: powerpoint-execute-code
Platforms Affected: Microsoft PowerPoint 2000
Risk Factor: High
Attack Type: Host Based
Brief Description: PowerPoint could allow code execution on another user's computer
X-Force URL: http://xforce.iss.net/static/5996.php
_____
Date Reported: 1/22/01
Vulnerability: icecast-format-string
Platforms Affected: Icecast 1.3.8beta2 and prior
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Icecast format string could allow arbitrary code execution
X-Force URL: http://xforce.iss.net/static/5978.php
_____
Date Reported: 1/22/01
Vulnerability: oracle-handlers-directory-traversal
Platforms Affected: Oracle 8.1.7
Risk Factor: High
Attack Type: Network Based
Brief Description: Oracle JSP/SQLJP handlers directory traversal
X-Force URL: http://xforce.iss.net/static/5986.php
_____
Date Reported: 1/22/01
Vulnerability: oracle-handlers-execute-jsp
Platforms Affected: Oracle 8.1.7
Risk Factor: High
Attack Type: Network Based
Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files
X-Force URL: http://xforce.iss.net/static/5987.php
_____
Date Reported: 1/22/01
Vulnerability: netscape-enterprise-dot-dos
Platforms Affected: Netscape Enterprise Server 4.1 SP5
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Netscape Enterprise Server "/../" denial of service
X-Force URL: http://xforce.iss.net/static/5983.php
_____
Date Reported: 1/22/01
Vulnerability: goodtech-ftp-dos
Platforms Affected: GoodTech FTP 3.0.1.2.1.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: GoodTech FTP server denial of service
X-Force URL: http://xforce.iss.net/static/5984.php
_____
Date Reported: 1/22/01
Vulnerability: netscape-fasttrack-cache-dos
Platforms Affected: Netscape FastTrack
Risk Factor: Low
Attack Type: Host Based
Brief Description: Netscape FastTrack Server cache denial of service
X-Force URL: http://xforce.iss.net/static/5985.php
_____
Date Reported: 1/21/01
Vulnerability: eeye-iris-dos
Platforms Affected: Iris Network Analyzer 1.01beta
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Iris denial of service
X-Force URL: http://xforce.iss.net/static/5981.php
_____
Date Reported: 1/20/01
Vulnerability: watchguard-firebox-obtain-passphrase
Platforms Affected: Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox allows remote user to obtain passphrase
X-Force URL: http://xforce.iss.net/static/5979.php
_____
Date Reported: 1/19/01
Vulnerability: fastream-ftp-server-dos
Platforms Affected: Fastream FTP++ Simple FTP Server 2.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Fastream FTP denial of service
X-Force URL: http://xforce.iss.net/static/5976.php
_____
Date Reported: 1/19/01
Vulnerability: fastream-ftp-path-disclosure
Platforms Affected: Fastream FTP++ Simple FTP Server 2.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Fastream FTP path disclosure
X-Force URL: http://xforce.iss.net/static/5977.php
_____
Date Reported: 1/19/01
Vulnerability: localweb2k-directory-traversal
Platforms Affected: LocalWEB2000 HTTP Server 1.1.0
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LocalWEB2000 directory traversal
X-Force URL: http://xforce.iss.net/static/5982.php
_____
Date Reported: 1/19/01
Vulnerability: win2k-efs-recover-data
Platforms Affected: Windows 2000
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows 2000 EFS allows local user to recover sensitive data
X-Force URL: http://xforce.iss.net/static/5973.php
_____
Date Reported: 1/19/01
Vulnerability: linux-bing-bo
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Bing host name buffer overflow
X-Force URL: http://xforce.iss.net/static/6036.php
_____
Date Reported: 1/18/01
Vulnerability: micq-sprintf-remote-bo
Platforms Affected: Matt's ICQ Clone 0.4.6
Risk Factor: High
Attack Type: Network Based
Brief Description: ICQ clone for Linux sprintf() remote buffer overflow
X-Force URL: http://xforce.iss.net/static/5962.php
_____
Date Reported: 1/18/01
Vulnerability: mysql-select-bo
Platforms Affected: MySQL prior to 3.23.31
Risk Factor: High
Attack Type: Host Based
Brief Description: MySQL select buffer overflow
X-Force URL: http://xforce.iss.net/static/5969.php
_____
Date Reported: 1/18/01
Vulnerability: shoutcast-description-bo
Platforms Affected: SHOUTcast DNAS 1.7.1
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Shoutcast Server for Linux description buffer overflow
X-Force URL: http://xforce.iss.net/static/5965.php
_____
Date Reported: 1/17/01
Vulnerability: fw1-limited-license-dos
Platforms Affected: Check Point Firewall-1 4.1
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: FireWall-1 limited-IP license denial of service
X-Force URL: http://xforce.iss.net/static/5966.php
_____
Date Reported: 1/17/01
Vulnerability: fw1-limited-license-dos
Platforms Affected: Check Point Firewall-1 4.1
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: FireWall-1 limited-IP license denial of service
X-Force URL: http://xforce.iss.net/static/5966.php
_____
Date Reported: 1/17/01
Vulnerability: hp-stm-dos
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP-UX Support Tools Manager denial of service
X-Force URL: http://xforce.iss.net/static/5957.php
_____
Date Reported: 1/17/01
Vulnerability: linux-webmin-tmpfiles
Platforms Affected: OpenLinux (2.3, 2.4)
Risk Factor: High
Attack Type: Host Based
Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files
X-Force URL: http://xforce.iss.net/static/6011.php
_____
Date Reported: 1/17/01
Vulnerability: tinyproxy-remote-bo
Platforms Affected: tinyproxy 1.3.2 and 1.3.3
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Tinyproxy remote buffer overflow
X-Force URL: http://xforce.iss.net/static/5954.php
_____
Date Reported: 1/17/01
Vulnerability: postaci-sql-command-injection
Platforms Affected: PostACI
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Postaci SQL command injection
X-Force URL: http://xforce.iss.net/static/5972.ph p
_____
Date Reported: 1/17/01
Vulnerability: wwwwais-cgi-dos
Platforms Affected: wwwwais.c 25
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: wwwwais CGI based program denial of service
X-Force URL: http://xforce.iss.net/static/5980.php
_____
Date Reported: 1/17/01
Vulnerability: mime-header-attachment
Platforms Affected: MIME 1.0
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: MIME headers could allow spoofed file attachment
X-Force URL: http://xforce.iss.net/static/5991.php
_____
Date Reported: 1/16/01
Vulnerability: ssh-rpc-private-key
Platforms Affected: SSH
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key
X-Force URL: http://xforce.iss.net/static/5963.php
_____
Date Reported: 1/16/01
Vulnerability: linux-glibc-preload-overwrite
Platforms Affected: Linux
Risk Factor: Low
Attack Type: Host Based
Brief Description: Linux glibc LD_PRELOAD file overwrite
X-Force URL: http://xforce.iss.net/static/5971.php
_____
Date Reported: 1/16/01
Vulnerability: inn-tmpfile-symlink
Platforms Affected: InterNet News (INN)
Risk Factor: High
Attack Type: Host Based
Brief Description: INN tmpfile symbolic link
X-Force URL: http://xforce.iss.net/static/5974.php
_____
Date Reported: 1/15/01
Vulnerability: interscan-viruswall-insecure-password
Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x)
Risk Factor: High
Attack Type: Network Based
Brief Description: InterScan VirusWall for Unix password change insecure
X-Force URL: http://xforce.iss.net/static/5944.php
_____
Date Reported: 1/15/01
Vulnerability: interscan-viruswall-weak-authentication
Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: InterScan VirusWall for Unix uses weak authentication
X-Force URL: http://xforce.iss.net/static/5946.php
_____
Date Reported: 1/15/01
Vulnerability: ie-mshtml-dos
Platforms Affected: Internet Explorer 4.0 and later
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Internet Explorer mshtml.dll denial of service
X-Force URL: http://xforce.iss.net/static/5938.php
_____
Date Reported: 1/15/01
Vulnerability: dhcp-format-string
Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)
Risk Factor: High
Attack Type: Network Based
Brief Description: Caldera DHCP format string
X-Force URL: http://xforce.iss.net/static/5953.php
_____
Date Reported: 1/15/01
Vulnerability: win-mediaplayer-arbitrary-code
Platforms Affected: Windows Media Player 7.0
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Windows Media Player skins can be used execute arbitrary code
X-Force URL: http://xforce.iss.net/static/5937.php
_____
Date Reported: 1/15/01
Vulnerability: veritas-backupexec-dos
Platforms Affected: Backup Exec 4.5
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Veritas Backup Exec denial of service
X-Force URL: http://xforce.iss.net/static/5941.php
_____
Date Reported: 1/15/01
Vulnerability: interscan-viruswall-symlink
Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x)
Risk Factor: High
Attack Type: Host Based
Brief Description: InterScan VirusWall for Unix symbolic link
X-Force URL: http://xforce.iss.net/static/5947.php
_____
Date Reported: 1/15/01
Vulnerability: omnihttpd-statsconfig-corrupt-files
Platforms Affected: OmniHTTPd
Risk Factor: Medium
Attack Type: Network Based
Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system
X-Force URL: http://xforce.iss.net/static/5955.php
_____
Date Reported: 1/15/01
Vulnerability: omnihttpd-statsconfig-execute-code
Platforms Affected: OmniHTTPd
Risk Factor: High
Attack Type: Network Based
Brief Description: OmniHTTPD statsconfig.pl allows code execution
X-Force URL: http://xforce.iss.net/static/5956.php
_____
Date Reported: 1/15/01
Vulnerability: icmp-pmtu-dos
Platforms Affected: Linux
BSD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ICMP PMTU denial of service
X-Force URL: http://xforce.iss.net/static/5975.php
_____
Date Reported: 1/15/01
Vulnerability: icmp-pmtu-dos
Platforms Affected: Linux
BSD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ICMP PMTU denial of service
X-Force URL: http://xforce.iss.net/static/5975.php
_____
Date Reported: 1/14/01
Vulnerability: splitvt-perserc-format-string
Platforms Affected: splitvt 1.6.4 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: Splitvt perserc.c module format string
X-Force URL: http://xforce.iss.net/static/5948.php
_____
Date Reported: 1/14/01
Vulnerability: splitvt-perserc-format-string
Platforms Affected: splitvt 1.6.4 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: Splitvt perserc.c module format string
X-Force URL: http://xforce.iss.net/static/5948.php
_____
Date Reported: 1/14/01
Vulnerability: flash-module-bo
Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Flash browser module buffer overflow
X-Force URL: http://xforce.iss.net/static/5952.php
_____
Date Reported: 1/13/01
Vulnerability: rctab-elevate-privileges
Platforms Affected: Linux SuSE
Risk Factor: Medium
Attack Type: Host Based
Brief Description: rctab in SuSE Linux could allow privilege elevation
X-Force URL: http://xforce.iss.net/static/5945.php
_____
Date Reported: 1/12/01
Vulnerability: ultraboard-cgi-perm
Platforms Affected: UltraBoard 2000B
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: UltraBoard CGI weak permissions
X-Force URL: http://xforce.iss.net/static/5931.php
_____
Date Reported: 1/12/01
Vulnerability: compaq-web-management-bo
Platforms Affected: Compaq Web-Based Management
Risk Factor: High
Attack Type: Network Based
Brief Description: Compaq Web-Based Management program buffer overflow
X-Force URL: http://xforce.iss.net/static/5935.php
_____
Date Reported: 1/12/01
Vulnerability: php-htaccess-unauth-access
Platforms Affected: PHP (4.0.0, 4.0.4)
Risk Factor: Low
Attack Type: Network Based
Brief Description: PHP could allow unauthorized access to restricted files
X-Force URL: http://xforce.iss.net/static/5940.php
_____
Date Reported: 1/12/01
Vulnerability: basilix-webmail-retrieve-files
Platforms Affected: Basilix Webmail 0.9.7beta
Risk Factor: Low
Attack Type: Network Based
Brief Description: Basilix Webmail System allows unauthorized users to retrieve files
X-Force URL: http://xforce.iss.net/static/5934.php
_____
Date Reported: 1/12/01
Vulnerability: solaris-arp-bo
Platforms Affected: Solaris
Risk Factor: High
Attack Type: Host Based
Brief Description: Solaris arp buffer overflow
X-Force URL: http://xforce.iss.net/static/5928.php
_____
Date Reported: 1/12/01
Vulnerability: php-view-source-code
Platforms Affected: PHP (4.0.0, 4.0.4)
Risk Factor: Low
Attack Type: Network Based
Brief Description: PHP could allow remote viewing of source code
X-Force URL: http://xforce.iss.net/static/5939.php
_____
Date Reported: 1/11/01
Vulnerability: wec-ntlm-authentication
Platforms Affected: Windows 2000
Microsoft Office 2000
Windows ME
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Web Extender Client (WEC) NTLM authentication
X-Force URL: http://xforce.iss.net/static/5920.php
_____
Date Reported: 1/11/01
Vulnerability: spamcop-url-seq-predict
Platforms Affected: SpamCop
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: SpamCop URL number increment sequence prediction
X-Force URL: http://xforce.iss.net/static/5933.php
_____
Date Reported: 1/10/01
Vulnerability: linux-wuftpd-privatepw-symlink
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux wu-ftpd privatepw symbolic link
X-Force URL: http://xforce.iss.net/static/5915.php
_____
Date Reported: 1/10/01
Vulnerability: rdist-symlink
Platforms Affected: rdist
Risk Factor: High
Attack Type: Host Based
Brief Description: rdist symbolic link
X-Force URL: http://xforce.iss.net/static/5925.php
_____
Date Reported: 1/10/01
Vulnerability: squid-email-symlink
Platforms Affected: squid
Risk Factor: High
Attack Type: Host Based
Brief Description: squid email notification symbolic link
X-Force URL: http://xforce.iss.net/static/5921.php
_____
Date Reported: 1/10/01
Vulnerability: linux-diffutils-sdiff-symlimk
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux diffutils sdiff symbolic link
X-Force URL: http://xforce.iss.net/static/5914.php
_____
Date Reported: 1/10/01
Vulnerability: tcpdump-arpwatch-symlink
Platforms Affected: arpwatch
Risk Factor: High
Attack Type: Host Based
Brief Description: tcpdump arpwatch symbolic link
X-Force URL: http://xforce.iss.net/static/5922.php
_____
Date Reported: 1/10/01
Vulnerability: linuxconf-vpop3d-symlink
Platforms Affected: linuxconf
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linuxconf vpop3d symbolic link
X-Force URL: http://xforce.iss.net/static/5923.php
_____
Date Reported: 1/10/01
Vulnerability: shadow-utils-useradd-symlink
Platforms Affected: shadow-utils
Risk Factor: High
Attack Type: Host Based
Brief Description: shadow-utils useradd symbolic link
X-Force URL: http://xforce.iss.net/static/5927.php
_____
Date Reported: 1/10/01
Vulnerability: linux-glibc-read-files
Platforms Affected: Linux glibc
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux glibc library can allow users to read restricted files
X-Force URL: http://xforce.iss.net/static/5907.php
_____
Date Reported: 1/10/01
Vulnerability: gettyps-symlink
Platforms Affected: gettyps
Risk Factor: High
Attack Type: Host Based
Brief Description: getty_ps symbolic link
X-Force URL: http://xforce.iss.net/static/5924.php
_____
Date Reported: 1/10/01
Vulnerability: linux-gpm-symlink
Platforms Affected: gpm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux gpm symbolic link attack
X-Force URL: http://xforce.iss.net/static/5917.php
_____
Date Reported: 1/10/01
Vulnerability: linux-mgetty-symlink
Platforms Affected: mgetty
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux mgetty symbolic link attack
X-Force URL: http://xforce.iss.net/static/5918.php
_____
Date Reported: 1/10/01
Vulnerability: linux-apache-symlink
Platforms Affected: Apache
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux Apache symbolic link
X-Force URL: http://xforce.iss.net/static/5926.php
_____
Date Reported: 1/10/01
Vulnerability: linux-inn-symlink
Platforms Affected: inn
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux INN tmp directory symbolic link
X-Force URL: http://xforce.iss.net/static/5916.php
_____
Date Reported: 1/10/01
Vulnerability: conferenceroom-developer-dos
Platforms Affected: ConferenceRoom Professional Edition
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: ConferenceRoom Developer Edition denial of service
X-Force URL: http://xforce.iss.net/static/5909.php
_____
Date Reported: 1/9/01
Vulnerability: oracle-xsql-execute-code
Platforms Affected: Oracle 8.1.7
Risk Factor: High
Attack Type: Network Based
Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server
X-Force URL: http://xforce.iss.net/static/5905.php
_____
Date Reported: 1/9/01
Vulnerability: netscreen-webui-bo
Platforms Affected: NetScreen
Risk Factor: Medium
Attack Type: Network Based
Brief Description: NetScreen Firewall WebUI buffer overflow
X-Force URL: http://xforce.iss.net/static/5908.php
_____
Date Reported: 1/9/01
Vulnerability: suse-reiserfs-long-filenames
Platforms Affected: SuSE 7.0
Risk Factor: High
Attack Type: Host Based
Brief Description: SuSE reiserfs long file name denial of service
X-Force URL: http://xforce.iss.net/static/5910.php
_____
Date Reported: 1/9/01
Vulnerability: interbase-backdoor-account
Platforms Affected: InterBase 6.01 and earlier
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: InterBase built-in backdoor account
X-Force URL: http://xforce.iss.net/static/5911.php
_____
Date Reported: 1/9/01
Vulnerability: interbase-hidden-function-dos
Platforms Affected: InterBase 6.01
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: InterBase hidden function denial of service
X-Force URL: http://xforce.iss.net/static/5912.php
_____
Date Reported: 1/9/01
Vulnerability: brickserver-thttpd-dos
Platforms Affected: BRICKServer Small Business
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BRICKServer thttpd denial of service
X-Force URL: http://xforce.iss.net/static/5919.php
_____
Date Reported: 1/9/01
Vulnerability: solaris-exrecover-bo
Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Solaris exrecover buffer overflow
X-Force URL: http://xforce.iss.net/static/5913.php
_____
Date Reported: 1/9/01
Vulnerability: hp-inetd-swait-dos
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP-UX inetd swait denial of service
X-Force URL: http://xforce.iss.net/static/5904.php
_____
Date Reported: 1/8/01
Vulnerability: microsoft-iis-read-files
Platforms Affected: IIS (4.0, 5.0)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL
X-Force URL: http://xforce.iss.net/static/5903.php
_____
Date Reported: 1/8/01
Vulnerability: ibm-websphere-dos
Platforms Affected: IBM Websphere 3.52
IBM HTTP Server 1.3.12
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM WebSphere denial of service
X-Force URL: http://xforce.iss.net/static/5900.php
_____
Date Reported: 1/8/01
Vulnerability: storagesoft-imagecast-dos
Platforms Affected: ImageCast 4.1
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: StorageSoft ImageCast denial of service
X-Force URL: http://xforce.iss.net/static/5901.php
_____
Date Reported: 1/8/01
Vulnerability: nai-pgp-replace-keys
Platforms Affected: PGP 7.0
Risk Factor: Medium
Attack Type: Host Based
Brief Description: PGP users may replace signed exported key blocks with arbitrary keys
X-Force URL: http://xforce.iss.net/static/5902.php
_____
Date Reported: 1/7/01
Vulnerability: http-cgi-bbs-forum
Platforms Affected: WebBBS 1.0
Risk Factor: High
Attack Type: Network Based
Brief Description: bbs_forum.cgi allows remote command execution
X-Force URL: http://xforce.iss.net/static/5906.php
_____
Date Reported: 1/5/01
Vulnerability: lotus-domino-directory-traversal
Platforms Affected: Lotus Domino 5.0.x
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal
X-Force URL: http://xforce.iss.net/static/5899.php
_____
Date Reported: 1/5/01
Vulnerability: http-cgi-fastgraf
Platforms Affected: FASTGRAF
Risk Factor: High
Attack Type: Network Based
Brief Description: Fastgraf CGI scripts allow remote command execution
X-Force URL: http://xforce.iss.net/static/5897.php
_____
Date Reported: 1/4/01
Vulnerability: newsdesk-cgi-read-files
Platforms Affected: Newsdesk 1.2
Risk Factor: High
Attack Type: Network Based
Brief Description: Newsdesk.cgi allows read access to files
X-Force URL: http://xforce.iss.net/static/5898.php
_____
Date Reported: 1/1/01
Vulnerability: gtk-module-execute-code
Platforms Affected: GTK+ 1.2.8 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: GTK+ arbitrary code execution using custom loadable module
X-Force URL: http://xforce.iss.net/static/5832.php
_____
Date Reported: 1/1/01
Vulnerability: linux-tty-writable-dos
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux writable TTY denial of service
X-Force URL: http://xforce.iss.net/static/5896.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
_____
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php.
To receive these Alerts and Advisories:
- - Subscribe to the Alert mailing list from
http://xforce.iss.net/maillists/index.php
- - Or send an email to majordomo@iss.net, and within the body of the
message type:
'subscribe alert' (without the quotes).
About Internet Security Systems (ISS)
Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading
global provider of security management solutions for the Internet.
By combining best of breed products, security management services,
aggressive research and development, and comprehensive educational
and consulting services, ISS is the trusted security advisor for
thousands of organizations around the world looking to protect their
mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this
Alert in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9
7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m
AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge
3mV5zJXCUM4=
=ClrQ
-----END PGP SIGNATURE-----