ISS Security Alert Summary for June 1, 1999.
ad94337565ffa86d848580f957fc905becb474a28c09e5d095bfc4c78cc5eef6
It is possible, through a well orchestrated attack using the finger service against multiple NIS clients, to disrupt an entire NIS based network and/or starve the NIS servers for resources. The problem is in the finger service but the attack causes long duration, network-wide, congestion and resource exhaustion on NIS servers.
fa81f6478363a1eee24a603ee9270f6cbc8bf7f87d3a364dc878c59eb9318b26
An attacker can disrupt an organization by crashing Microsoft Exchange Server over the network. This attack will stop e-mail and other services that Exchange provides for the organization.
ee6d49084fd3a96fe73b1d0c335c6c498cdbe2b8cea6b497818f0d2587caf588
Internet Security Systems (ISS) X-Force has discovered a security hole in many WebTrends products that allows access to service account and MAPI usernames and passwords. WebTrends specializes in providing enterprise management solutions software.
bcaf5bdc2c7a11e87cbab882244f6d63f1b863b52f7c803a3abffe8cdeb7d172
Internet Security Systems (ISS) X-Force is issuing the third of our quarterly updates on backdoors for Windows 95, 98, and NT. Because of the number of backdoors mentioned in this advisory, there is only a brief description of each backdoor's features and communications protocol. Instead, this update will focus on detection and removal information. This update contains information on DeepThroat 1, 2 and 3, NetSphere 1.30, GateCrasher 1.2, Portal of Doom, GirlFriend 1.3, HackaTack, EvilFTP, phAse Zero, ExploreZip.worm, and SubSeven. ISS X-Force would like to remind you to not run any executables you receive in e-mail, over IRC or ICQ, or via any other means of Internet-based communications.
c551d042af38495db52de152579e419914c9e2e6161204955d6cd2c38fdf9be3
Back Orifice is a client/server application that can gather information, perform system commands, reconfigure machines, and redirect network traffic. By executing the Back Orifice server program on a machine, a user can connect remotely to that specific IP address and perform any of the above actions. Although Back Orifice can be used as a simple monitoring tool, its main purpose is to maintain control over another machine for reconfiguration and data collection. The features of Back Orifice, combined with anonymous, and possibly malicious, control of machines makes it especially dangerous in a networked environment. The specific commands available in Back Orifice are listed later in this alert.
365bea7d8d7bca428a4eecde29a4ae3d6bb15002521201138ea6c41c0db573f7
Internet Security Systems (ISS) X-Force is issuing the third of our quarterly updates on backdoors for Windows 95, 98, and NT. Because of the number of backdoors mentioned in this advisory, there is only a brief description of each backdoor's features and communications protocol. Instead, this update will focus on detection and removal information. This update contains information on DeepThroat 1, 2 and 3, NetSphere 1.30, GateCrasher 1.2, Portal of Doom, GirlFriend 1.3, HackaTack, EvilFTP, phAse Zero, ExploreZip.worm, and SubSeven. ISS X-Force would like to remind you to not run any executables you receive in e-mail, over IRC or ICQ, or via any other means of Internet-based communications.
ff83e9521ec25ffa9f30f69de23ab96c810d551861c794b421c6aef0dbb4da25
slackware 3.1 exploit - minicom local root compromise.
e0b40018c6d6766e3514ba855b7473ec759aff99644824446ac075ef23a2fdb7
Super allows an admin to control access to files and functions for users. It is similar to sudo, but uses a different approach in the configuration file. Super acts as a SetUID wrapper around system commands to make sure the commands are executed safely, and only by authorized users.
31070e35a62f5ec45f8ae48851d0c8b60b561e1a6dc97870a6c7945535b7e936
des3-42.jpg
80c5de6910f8e26303958868e24683659e6f1043cff1bc582c3d57927602ce7d
Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design
9a2e01292fc3a18041728e342847635d9b6faae18b5ac386b2b571e80681815b
des3-41.jpg
2212ea1eeddb92543da342c6b96ffbfe2a13cf699b7ed62d586e94c235c9b3b0
des3-4.jpg
3903a8142a3bb8884b5c80cf2aa194faf59360b74d99d86356bd287d2b6f9d19
des3-33.jpg
34b15c4c1e142bb933f5d968df677f4f5d466dc29c781f85159ec26405bdfa78
des3-32.jpg
69415f342f6781d23a47af690b73e97d7b5d31e85fc848d3d096caf48197a2d5
des3-31.jpg
abd79bae63ac2f95511efd5f207f974c61940111e8269cbde3f46bc135bb21d8
des3-3.jpg
cdeddbd13f59ea34f59ac667ac56ea5f59a060058fd6f9b8021439fef508925d
des3-2.jpg
10b63f3ab845c5575db7aa0dc53f95e826f70d63c0681e44abc2e4f34eae30b0
des3-1.jpg
c4d08a0d7b1e2b315ea3cd22ee8c7cbacc503d1e8fcdfff9af5b303ad9455771
Internet Security Systems (ISS) X-Force has discovered a security hole in many WebTrends products that allows access to service account and MAPI usernames and passwords. WebTrends specializes in providing enterprise management solutions software.
1873b6655e56c776c3863791d66b41661b892dc6632158e702885b124e3c9ba8
ISS Security Alert Summary for July 1, 1999.
2da4f8de5ce57a104d6df17d0e7e51376be5f5bb4c7a5493af4ab9c0cc1772e0