ISSalert: ISS Security Alert Summary AS01-03

From: X-Force (xforce@iss.net)
Date: 10/23/01


Date: Mon, 22 Oct 2001 19:30:41 -0400
Message-Id: <200110222330.TAA28388@amber.iss.net>
To: alert@iss.net
From: X-Force <xforce@iss.net>
Subject: ISSalert: ISS Security Alert Summary AS01-03


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS01-03
October 22, 2001
X-Force Vulnerability and Threat Database: http://xforce.iss.net

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at: http://xforce.iss.net/maillists/index.php

This summary can be found at the following address:
http://xforce.iss.net/alerts/AS01-03.php

_____
Contents:
* 23 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 10/09/2001
Brief Description: Open Projects Network IRCd DNS spoofing
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Open Projects Network IRCd u2.10.05.18
Vulnerability: irc-openprojects-dns-spoofing
X-Force URL: http://xforce.iss.net/static/7283.php

Date Reported: 10/11/2001
Brief Description: Atomz search engines allow cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Atomz Prime Search 1.0, Atomz Enterprise Search
                        1.0, Atomz Express Search 1.0
Vulnerability: atomz-search-crosssite-scripting
X-Force URL: http://xforce.iss.net/static/7285.php

Date Reported: 10/11/2001
Brief Description: Caldera OpenServer scoadmin/sysadm buffer
                        overflow
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Caldera OpenServer 5.0.6a and earlier
Vulnerability: openserver-scoadmin-sysadm-bo
X-Force URL: http://xforce.iss.net/static/7281.php

Date Reported: 10/13/2001
Brief Description: PostNuke getusrinfo() allows an attacker to
                        bypass authentication
Risk Factor: High
Attack Type: Network Based
Platforms Affected: PostNuke 0.62, PostNuke 0.64, PostNuke 0.63
Vulnerability: postnuke-getusrinfo-bypass-authentication
X-Force URL: http://xforce.iss.net/static/7280.php

Date Reported: 10/15/2001
Brief Description: Novell GroupWise Web front-end directory
                        traversal could allow arbitrary file retrieval
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Novell GroupWise 5.5, Novell Groupwise 6.0
Vulnerability: novell-groupwise-directory-traversal
X-Force URL: http://xforce.iss.net/static/7287.php

Date Reported: 10/15/2001
Brief Description: Caldera UnixWare and OpenUnix dtterm command
                        buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Caldera UnixWare 7, Caldera OpenUnix 8.0
Vulnerability: unixware-openunix-dtterm-bo
X-Force URL: http://xforce.iss.net/static/7282.php

Date Reported: 10/16/2001
Brief Description: Snes9x long ROM names buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Snes9x 1.3.4, Snes9x 1.3.7
Vulnerability: snes9x-rom-bo
X-Force URL: http://xforce.iss.net/static/7295.php

Date Reported: 10/16/2001
Brief Description: OfficeScan/Virus Buster could allow attackers to
                        obtain the configuration file
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Virus Buster Corporate Edition 3.53, OfficeScan
                        Corporate Edition 3.53
Vulnerability: officescan-config-file-access
X-Force URL: http://xforce.iss.net/static/7286.php

Date Reported: 10/17/2001
Brief Description: Apple MacOS NetInfo Manager could allow root
                        privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: MacOS X 10.0.1, MacOS X 10.1, MacOS X 10.0.4,
                        MacOS X 10.0.3, MacOS X 10.0.2
Vulnerability: macos-netinfo-root-privileges
X-Force URL: http://xforce.iss.net/static/7303.php

Date Reported: 10/17/2001
Brief Description: Windows ME SSDP service denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows ME All versions
Vulnerability: winme-ssdp-dos
X-Force URL: http://xforce.iss.net/static/7318.php

Date Reported: 10/18/2001
Brief Description: Linux ptrace race condition allows a local
                        attacker to gain root privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Trustix Secure Linux 1.5, Trustix Secure Linux
                        1.2, Caldera OpenLinux Server 3.1, Caldera
                        OpenLinux Workstation 3.1, Caldera OpenLinux
                        eBuilder All versions, Red Hat Linux 7.1,
                        Trustix Secure Linux 1.01, Immunix Linux 6.2,
                        Caldera OpenLinux eServer 2.3.1, Immunix Linux
                        7.0, Caldera OpenLinux 2.3, Trustix Secure Linux
Vulnerability: linux-ptrace-race-condition
X-Force URL: http://xforce.iss.net/static/7311.php

Date Reported: 10/18/2001
Brief Description: Orace9i Application server administration
                        interface port denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Oracle9i Application Server 2.0.0.1.0
Vulnerability: oracle-appserver-admin-dos
X-Force URL: http://xforce.iss.net/static/7310.php

Date Reported: 10/18/2001
Brief Description: Oracle9i Application Server HTTP header denial
                        of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Oracle9i Application Server 2.0.0.1.0
Vulnerability: oracle-appserver-header-dos
X-Force URL: http://xforce.iss.net/static/7309.php

Date Reported: 10/18/2001
Brief Description: Oracle9i Application Server Web services exits
                        process unexpectedly
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Oracle9i Application Server 2.0.0.1.0
Vulnerability: oracle-appserver-http-exit
X-Force URL: http://xforce.iss.net/static/7307.php

Date Reported: 10/18/2001
Brief Description: Oracle9i Application Server Web service long
                        string denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Oracle9i Application Server 2.0.0.1.0
Vulnerability: oracle-appserver-string-dos
X-Force URL: http://xforce.iss.net/static/7308.php

Date Reported: 10/18/2001
Brief Description: Windows NT and 2000 Terminal Server malformed
                        RDP packet series denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Windows NT 4.0
Vulnerability: win-rdp-packet-dos
X-Force URL: http://xforce.iss.net/static/7302.php

Date Reported: 10/18/2001
Brief Description: Linux gFTP displays password in plaintext during
                        login
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Debian Linux 2.2, gFTP 2.0.6a
Vulnerability: gftp-plaintext-password
X-Force URL: http://xforce.iss.net/static/7319.php

Date Reported: 10/18/2001
Brief Description: Oracle9i Application Server Web services buffer
                        overflow
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Oracle9i Application Server 2.0.0.1.0
Vulnerability: oracle-appserver-http-bo
X-Force URL: http://xforce.iss.net/static/7306.php

Date Reported: 10/18/2001
Brief Description: Linux multiple symlinks denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Caldera OpenLinux 2.3, Trustix Secure Linux 1.1,
                        Caldera OpenLinux eDesktop 2.4, Immunix Linux
                        6.2, Caldera OpenLinux eServer 2.3.1, Immunix
                        Linux 7.0, Engarde Secure Linux 1.0.1, Caldera
                        OpenLinux eBuilder All versions, Trustix Secure
                        Linux 1.01, Trustix Secure Linux 1.2, Caldera
                        OpenLinux Server 3.1, Caldera OpenLinux
Vulnerability: linux-multiple-symlink-dos
X-Force URL: http://xforce.iss.net/static/7312.php

Date Reported: 10/19/2001
Brief Description: Claris Emailer long filename buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Macintosh All versions, Claris Emailer 2.0v2
Vulnerability: claris-long-filename-bo
X-Force URL: http://xforce.iss.net/static/7314.php

Date Reported: 10/19/2001
Brief Description: WebCart Webcart.cgi allows command execution
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WebCart 8.4
Vulnerability: webcart-cgi-command-execution
X-Force URL: http://xforce.iss.net/static/7315.php

Date Reported: 10/20/2001
Brief Description: Linux nvi format string attack
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Debian Linux 2.2
Vulnerability: nvi-format-string
X-Force URL: http://xforce.iss.net/static/7317.php

Date Reported: 10/21/2001
Brief Description: Internet Explorer allows JavaScript to spoof
                        dialog boxes
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Microsoft Internet Explorer 5.5, Microsoft
                        Internet Explorer 6
Vulnerability: ie-javascript-spoof-dialog
X-Force URL: http://xforce.iss.net/static/7313.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed
security services, and strategic consulting and education offerings, ISS
is a trusted security provider to more than 8,000 customers worldwide
including 21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and
the Middle East. For more information, visit the Internet Security
Systems web site at www.iss.net or call 888-901-7477.

Copyright (c) 2001 Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent of
the X-Force. If you wish to reprint the whole or any part of this Alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBO9Sr2zRfJiV99eG9AQHdmAP/VkhUoAxocbGVXztA4Aq8QS2XATev+ZSr
lIMFwTZBnGGq8KRt+wvRkd9J8ijRVXKG7CxF4RAXBzfaRAmp16crlwTb/VkarZNW
Va04UgVG7yhAidDcUihpRQt7TvSOlez9QdZ2xVxlcRUuYWtFMtO/Tt8KJxfrkzDX
X2Qdgb9MO5g=
=red9
-----END PGP SIGNATURE-----