From xforce@iss.net Thu Oct 9 17:09:29 1997 Date: Thu, 9 Oct 1997 10:06:39 -0400 (EDT) From: X-Force To: alert@iss.net Subject: ISSalert: ISS Security Alert Summary v1 n4 ISS Security Alert Summary October 8, 1997 Volume 1 Number 4 To receive these Alert Summaries, subscribe to the ISS Alert mailing list by sending an email to majordomo@iss.net and within the body of the message type: 'subscribe alert'. --- Index ISS X-Force Announcement 8 Reported New Vulnerabilities - HP-mediainit - BSD-lpd - samba - vacation - HP-telnetDoS - Cisco-CHAP - ssh/x11 - imapd-DoS 2 Reported Incidents - SANS Hacked - AirTran Airways (ValuJet) Hacked 2 Updates - SGI-nls - majordomo ISS Internet Scanner 5.0 Announcement Risk Factor Key --- Internet Security Systems, Inc. announces the ISS X-Force Computer Vulnerability and Threat Database (http://www.iss.net/xforce). It is a free public service providing network and security administrators and users with information regarding online dangers. This database details hundreds of network security vulnerabilities and threats, including information on the relative severity of each risk, and recommended corrective actions and fix information to tighten security holes. --- Date Reported: 10/2/97 Vulnerability: HP-mediainit Affected Platforms: HP-UX (9.x, 10.x) Risk Factor: High A vulnerability exists in HP-UX's mediainit which is used to prepare storage media for use. Local users can exploit this vulnerability to perform unauthorized activities. Reference: HP Security Bulletin #00071 - http://us-support.external.hp.com/ --- Date Reported: 10/2/97 Vulnerability: BSD-lpd Affected Platforms: (see reference for exact versions and vulnerability conditions) BSD/OS (2.1, 3.0) FreeBSD Linux OpenBSD Risk Factor: High A number of vulnerabilities exist in the line printer daemon (lpd) that, given a number of existing conditions, allows remote users to create files, and remove files. In addition, remote users can execute commands and obtain a shell with the privileges of the user running lpd. Reference: ftp://ftp.secnet.com/advisories/SNI-19.BSD.lpd.advisory --- Date Reported: 9/26/97 Vulnerability: samba Affected Platforms: Intel based UNIX systems running Samba (pre 1.9.17p2) Risk Factor: High A security hole exists in all versions of Samba (pre 1.9.17p2) that is being widely exploited over the Internet. It allows remote users to obtain root access on the system running Samba. Although this vulnerability is restricted to Intel based systems, it is believed to be possible to produce an exploit on other architectures. References: http://ciac.llnl.gov/ciac/bulletins/h-110.shtml New release with security hole fixed: ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz --- Date Reported: 9/1/97 Vulnerability: vacation Affected Platforms: (see reference for exact versions) AIX FreeBSD HP-UX Linux NetBSD OpenBSD Solaris Risk Factor: High The vacation program is used by users to automatically reply to incoming email such as "out of office" replies, etc. It contains a vulnerability that allows remote users to obtain access to the account running vacation. References: ftp://ftp.secnet.com/advisories/SNI-18.VACATION.advisory --- Date: 10/1/97 Vulnerability: Cisco-CHAP Affected Platforms: Cisco IOS (10.3, 11.0, 11.1, 11.2) Risk Factor: Medium A vulnerability existsin all classic Cisco IOS software versions that support CHAP. An intruder can set up an unathorized PPP connection to the system running the IOS software. Cisco believes that the "cracker community" does not widely understand the vulnerability and that it would be very difficult to exploit. Reference: http://www.cisco.com/warp/public/770/chapvuln-pub.shtml --- Date: 10/1/97 Vulnerability: HP-telnetDoS Affected Platforms: HP-UX (10.30) Risk Factor: Medium A vulnerability has been found in HP-UX's telnet service that, if exploited, can lead to a denial of service attack. Patches are avaliable that corrects this problem, see ref. Reference: HP Security Bulletin #00070 - http://us-support.external.hp.com/ --- Date Reported: 9/30/97 Vulnerability: ssh/x11 Affected Platforms: All systems running SSH and X11 Risk Factor: Medium Secure Shell (SSH) clients contain a vulnerability that allows user which have access to foreign .Xauthority files on SSH servers to access the X server on the machine running SSH. This opens the door for a wide variety of attacks. Reference: http://home.braunschweig.netsurf.de/~ulrich.flegel/pub/ssh-x11.ps.gz --- Date Reported: 9/22/97 Vulnerability: imapd-DoS Affected Platforms: UNIX platforms running imapd Risk Factor: Medium The imap daemon written by Mark Crispin of Washington University contains a denial of service attack. Anyone with shell access to the server running imapd can prevent all other users from picking up their mail. No patch or web reference exists at this time. --- Date reported: 10/1/97 Incident: SANS Hacked SANS Network Security Digest, which distributes news on the latest security holes and bugs, was hacked and a mailing was sent to all its subscribers. It contained various pornographic material as well as various hacker lingo. SANS followed up with a report saying, "Every byte in this file is refuse. We strongly reccommend that you do not try to use any sample codes." SANS hack post (pornography omitted): http://www.infowar.com/hacker/hack_100197a.html-ssi SANS update: http://www.infowar.com/hacker/hack_100297b.html-ssi Short Reference: http://www.zdnet.com/pcweek/spencer/spencer.html --- Date reported: 9/30/97 Incident: AirTran Hacked The airline formerly known as ValuJet, AirTran Airways had their web page hacked. The intruder changed their web pages and made reference to their crash in 1996 that killed 110 people. Copies of the original web pages and hacked pages as well as a short summary of the attack are avaliable on 2600 magazine's web page. Reference: http://www.2600.com/value_jet/ --- Date: 9/23/97 Update: SGI-nls Vendor: Silicon Graphics Inc. Platform: IRIX (5.0.x, 5.1.x, 5.2, 5.3, 6.0.x, 6.1, 6.2, 6.3, 6.4) Silicon Graphics has released patches that correct the Natural Language Service (nls) vulnerability in which a set of arguments can overflow the buffer and result in the execution of arbitrary commands with elevated privileges. References: ftp://sgigate.sgi.com/security/19970901-01-PX ftp://info.cert.org/pub/cert_advisories/CA-97.10.nls --- Date: 10/2/97 Update: majordomo (ISS Security Alert Summary v1 n2) Author: Brent Chapman Platforms: Any platform running majordomo server A new version of majordomo has been released that fixes many security flaws as well as other bugs. This corrects the advertise or noadvertise problem as reported in v1 n2. Obtain newest version of majordomo or a patch from: ftp://ftp.greatcircle.com/pub/majordomo/1.94.1/ --- ISS is preparing to release a new version of its leading Windows NT-based flagship product, Internet Scanner 5.0. It includes new, state-of-the-art security reporting capabilities, and a significant number of new Windows NT and UNIX network vulnerability checks, making it the world's most comprehensive solution for network security assessment and management. The reporting is powered by an ODBC database that allows users to tailor their data and reports. If you would like to participate in Beta Testing, please send your request to jjohnson@iss.net. --- Risk Factor Key: High any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium any vulnerability that provides information that has a high potential of giving access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that possibly can contain an account with a guessable password. Low any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce. Developed and maintained by renown security experts, the X-Force Computer Vulnerability and Threat Database is the world's most comprehensive on-line source for information on network security risks. It details hundreds of network security vulnerabilities and threats, including information on the relative severity of each risk, and recommended corrective actions to tighten security holes. Visit it at http://www.iss.net/xforce Internet Security Systems, Inc., (ISS) is the pioneer and world's leading supplier of network security assessment and monitoring tools, providing comprehensive software that enables organizations to proactively manage and minimize their network security risks. For more information, contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site at http://www.iss.net. -------- Copyright (c) 1997 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please email xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Please send suggestions, updates, and comments to: X Force of Internet Security Systems, Inc.