exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

iss.summary.6.4

iss.summary.6.4
Posted Mar 13, 2001
Site xforce.iss.net

ISS Security Alert Summary for March 5, 2001 - Volume 6 Number 4. 90 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: a1-server-dos, a1-server-directory-traversal, webreflex-web-server-dos, sedum-http-dos, tru64-inetd-dos, outlook-vcard-bo, ultimatebb-cookie-member-number, ultimatebb-cookie-gain-privileges, sendmail-elevate-privileges, jre-jdk-execute-commands, licq-remote-port-dos, pgp4pine-expired-keys, chilisoft-asp-view-files, win2k-domain-controller-dos, asx-remote-dos, vshell-port-forwarding-rule, pi3web-isapi-bo, pi3web-reveal-path, bajie-execute-shell, bajie-directory-traversal, resin-directory-traversal, netware-mitm-recover-passwords, firebox-pptp-dos, hp-virtualvault-iws-dos, kicq-execute-commands, hp-text-editor-bo, sendtemp-pl-read-files, analog-alias-bo, elm-long-string-bo, winnt-pptp-dos, startinnfeed-format-string, his-auktion-cgi-url, wayboard-cgi-view-files, muskat-empower-url-dir, icq-icu-rtf-dos, commerce-cgi-view-files, roads-search-view-files, webpage-cgi-view-info, webspirs-cgi-view-files, webpals-library-cgi-url, cobol-apptrack-nolicense-permissions, cobol-apptrack-nolicense-symlink, vixie-crontab-bo, novell-groupwise-bypass-policies, infobot-calc-gain-access, linux-sysctl-read-memory, openssh-bypass-authentication, lotus-notes-stored-forms, linux-ptrace-modify-process, ssh-deattack-overwrite-memory, dc20ctrl-port-bo, ja-xklock-bo, ja-elvis-elvrec-bo, ko-helvis-elvrec-bo, serverworx-directory-traversal, ntlm-ssp-elevate-privileges, ssh-session-key-recovery, aolserver-directory-traversal, chilisoft-asp-elevate-privileges, win-udp-dos, ssh-daemon-failed-login, picserver-directory-traversal, biblioweb-directory-traversal, biblioweb-get-dos, ibm-netcommerce-reveal-information, win-dde-elevate-privileges, hsweb-directory-browsing, sedum-directory-traversal, free-java-directory-traversal, goahead-directory-traversal, gnuserv-tcp-cookie-overflow, xmail-ctrlserver-bo, netscape-webpublisher-acl-permissions, cups-httpgets-dos, prospero-get-pin, and prospero-weak-permissions.

tags | java, remote, web, overflow, shell, cgi, udp, tcp, vulnerability, asp
systems | linux, windows
SHA-256 | f4fbe9aa6da45d6ad92758968dd0ab869052729b5eac867ded6c3608c03adbee

iss.summary.6.4

Change Mirror Download

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.

Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4

X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php

This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____

Contents

90 Reported Vulnerabilities

Risk Factor Key

_____

Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php

_____

Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php

_____

Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php

_____

Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php

_____

Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php

_____

Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php

_____

Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php

_____

Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php

_____

Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php

_____

Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php

_____

Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php

_____

Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php

_____

Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php

_____

Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php

_____

Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php

_____

Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php

_____

Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php

_____

Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php

_____

Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php

_____

Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php

_____

Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php

_____

Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php

_____

Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php

_____

Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php

_____

Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php

_____

Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php

_____

Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php

_____

Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php

_____

Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php

_____

Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php

_____

Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php

_____

Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php

_____

Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php

_____

Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php

_____

Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php

_____

Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php

_____

Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php

_____

Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php

_____

Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php

_____

Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php

_____

Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php

_____

Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php

_____

Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php

_____

Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php

_____

Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php

_____

Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php

_____

Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php

_____

Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php

_____

Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php

_____

Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php

_____

Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php

_____

Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php

_____

Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php

_____

Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php

_____

Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php

_____

Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php

_____

Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php

_____

Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php

_____

Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php

_____

Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php

_____

Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php

_____

Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php

_____

Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php

_____

Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php

_____

Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php

_____

Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php

_____

Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php

_____

Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php

_____

Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php

_____

Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php

_____

Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php

_____

Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php

_____

Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php

_____

Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php

_____

Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php

_____

Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php

_____

Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php

_____

Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php

_____

Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php

_____

Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php

_____

Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php

_____

Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php

_____

Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php

_____

Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php

_____

Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php

_____

Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php

_____

Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php

_____

Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php

_____

Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php

_____

Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php

_____

Risk Factor Key:

High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.

________


ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.

Copyright (c) 2001 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.



X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close