I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary October 22, 1997 Volume 1 Number 5 - - --- Index 7 Reported New Vulnerabilities [10]Back to Alert List [11] - IBM-xdat [12] - www-count [13] - IE-spy [14] - smurf-dos [15] - NT-reg [16] - NEC-nosuid [17] - imapd-core Risk Factor Key - - --- Date Reported: 10/21/97 Vulnerability: IBM-xdat Affected Platforms: AIX (4.1, 4.2) Risk Factor: High The xdat command starts Set Date and Time, Schedule a Job, or Remove or View Scheduled Jobs on AIX 4.x platforms. It does not check the length of the "TZ" environment variable which can result in a buffer overflow. Local users can exploit this vulnerability and gain root privileges. Reference: [18]http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:004.1 .txt [19]Top of Page || [20]Back to Alert List - - --- Date Reported: 10/16/97 Vulnerability: www-count Affected Platforms: All platforms running count.cgi 2.3 Risk Factor: High Count.cgi is a popular web cgi program that displays the number of raw hits on web pages as an in-line image. People use it to keep track of how many hits their web pages have received, etc. It contains a buffer overflow that can allow remote http users to execute commands on the system running count.cgi. The author has released a patch and the problem has been corrected in the upcoming release of count.cgi 2.4. Patch: [21]http://www.fccc.edu/users/muquit/Count.html Reference: [22]http://www.iss.net/xforce/advisories/wwwcount.asc [23]Top of Page || [24]Back to Alert List - - --- Date Reported: 10/16/97 Vulnerability: IE-spy Affected Platforms: Windows NT, 95 Risk Factor: High A security flaw exists that allows unauthorized users to "spy" on the contents of files on the system running Microsoft Internet Explorer 4.0. Malicious web pages can contain an IFRAME, which can copy HTML or text files from the system to any other system for later viewing. A patch is available to correct the vulnerable Internet Explorer version. Patch: [25]http://www.microsoft.com/ie/security/?/ie/security/freiburg.htm Reference: [26]http://www.jabadoo.de/press/ie4_old.html [27]http://www.iss.net/xforce/advisories/ie4-spy.asc (English Translation) [28]Top of Page || [29]Back to Alert List - - --- Date Reported: 10/13/97 Vulnerability: smurf-dos Affected Platforms: Any platform on the Internet Risk Factor: Medium The smurf denial of service attack is being widely used because of the exploit program being available on the Internet. The attack consists of sending out hundreds of ICMP echo packets to broadcast addresses, from a spoofed source (the victim). All of these hosts then reply to the victim with ICMP echo replies. Reference: [30]http://www.quadrunner.com/~chuegen/smurf.txt [31]Top of Page || [32]Back to Alert List - - --- Date Reported: 10/10/97 Vulnerability: NT-reg Affected Platforms: Windows NT (workstation and server 3.5, 3.5.1, 4.0) Risk Factor: High A security vulnerability has been found on Windows NT that allows malicious users to install a trojan horse in the registry. The permissions give access to "Everyone", thus users can create a program and have the system execute it on start-up. This can result in users obtaining unauthorized administrator rights on the system or performing other unauthorized tasks. References: [33]http://support.microsoft.com/support/kb/articles/q126/7/13.asp [34]http://www.infoworld.com/cgi-bin/displayStory.pl?971014.wntsecurity.htm [35]Top of Page || [36]Back to Alert List - - --- Date Reported: 10/10/97 Vulnerability: NEC-nosuid Affected Platforms: EWS-UX/V Rel4.2 (R7.x, R8.x, R9.x, R10.x) EWS-UX/V Rel4.2MP (R10.x) UP-UX/V Rel4.2MP (R5.x, R6.x, R7.x) UX/4800 (R11.x, R12.1) Risk Factor: High NEC Corporation has found and released patches for a vulnerability that exists in the "nosuid" mount(1) option. On file systems that are mounted with "nosuid", it still allows setuid and setgid program execution. This vulnerability can allow local users to execute commands as other users or even obtain root privileges. Patches: [37]ftp://ftp.meshnet.or.jp/pub/48pub/security Reference: [38]http://ciac.llnl.gov/ciac/bulletins/i-004.shtml [39]Top of Page || [40]Back to Alert List - - --- Date Reported: 10/8/97 Vulnerability: imapd-core Affected Platforms: Any running imap 4.1b Risk Factor: High A vulnerability in the University of Washington's imap daemon allows remote users to obtain a copy of the password file. A publicly available exploit causes the imapd server to leave a core file containing the password file and shadowed password file. Reference: [41]http://www.l0pht.com/advisories/imapd.txt [42]Top of Page || [43]Back to Alert List --- Risk Factor Key: High any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium any vulnerability that provides information that has a high potential of giving access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that possibly can contain an account with a guessable password. Low any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce. Developed and maintained by renown security experts, the X-Force Computer Vulnerability and Threat Database is the world's most comprehensive on-line source for information on network security risks. It details hundreds of network security vulnerabilities and threats, including information on the relative severity of each risk, and recommended corrective actions to tighten security holes. Visit it at [44]http://www.iss.net/xforce Internet Security Systems, Inc., (ISS) is the pioneer and world's leading supplier of network security assessment and monitoring tools, providing comprehensive software that enables organizations to proactively manage and minimize their network security risks. For more information, contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site at [45]http://www.iss.net [46]Top of Page || [47]Back to Alert List -------- Copyright (c) 1997 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [48]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Please send suggestions, updates, and comments to: X Force [49]xforce@iss.net of Internet Security Systems, Inc. [50]Top of Page || [51]Back to Alert List [52]News | [53]Serious Fun | [54]Mail Lists | [55]Security Library [56]Protoworx | [57]Alerts | [58]Submissions | [59]Feedback [60]Advanced Search [61]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [62]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [63]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://xforce.iss.net/alerts/alerts.php3 11. http://xforce.iss.net/alerts/vol-1_num-5.php3#ibm 12. http://xforce.iss.net/alerts/vol-1_num-5.php3#count 13. http://xforce.iss.net/alerts/vol-1_num-5.php3#spy 14. http://xforce.iss.net/alerts/vol-1_num-5.php3#smurf 15. http://xforce.iss.net/alerts/vol-1_num-5.php3#reg 16. http://xforce.iss.net/alerts/vol-1_num-5.php3#nec 17. http://xforce.iss.net/alerts/vol-1_num-5.php3#imapd 18. http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:004.1.txt 19. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 20. http://xforce.iss.net/alerts/alerts.php3 21. http://www.fccc.edu/users/muquit/Count.html 22. http://www.iss.net/xforce/advisories/wwwcount.asc 23. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 24. http://xforce.iss.net/alerts/alerts.php3 25. http://www.microsoft.com/ie/security/?/ie/security/freiburg.htm 26. http://www.jabadoo.de/press/ie4_old.html 27. http://www.iss.net/xforce/advisories/ie4-spy.asc 28. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 29. http://xforce.iss.net/alerts/alerts.php3 30. http://www.quadrunner.com/~chuegen/smurf.txt 31. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 32. http://xforce.iss.net/alerts/alerts.php3 33. http://support.microsoft.com/support/kb/articles/q126/7/13.asp 34. http://www.infoworld.com/cgi-bin/displayStory.pl?971014.wntsecurity.htm 35. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 36. http://xforce.iss.net/alerts/alerts.php3 37. ftp://ftp.meshnet.or.jp/pub/48pub/security 38. http://ciac.llnl.gov/ciac/bulletins/i-004.shtml 39. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 40. http://xforce.iss.net/alerts/alerts.php3 41. http://www.l0pht.com/advisories/imapd.txt 42. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 43. http://xforce.iss.net/alerts/alerts.php3 44. http://www.iss.net/xforce 45. http://www.iss.net/ 46. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 47. http://xforce.iss.net/alerts/alerts.php3 48. mailto:xforce@iss.net 49. mailto:xforce@iss.net 50. http://xforce.iss.net/alerts/vol-1_num-5.php3#list 51. http://xforce.iss.net/alerts/alerts.php3 52. http://xforce.iss.net/news.php3 53. http://xforce.iss.net/seriousfun/ 54. http://xforce.iss.net/maillists/ 55. http://xforce.iss.net/library/ 56. http://xforce.iss.net/protoworx/ 57. http://xforce.iss.net/alerts/ 58. http://xforce.iss.net/submission.php3 59. http://xforce.iss.net/feedback.php3 60. http://xforce.iss.net/search.php3 61. http://xforce.iss.net/about.php3 62. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 63. http://xforce.iss.net/privacy.php3