ISSalert: ISS Security Alert Summary AS01-07

From: X-Force (xforce@iss.net)
Date: 11/20/01


Date: Mon, 19 Nov 2001 20:03:11 -0500
Message-Id: <200111200103.UAA23753@amber.iss.net>
To: alert@iss.net
From: X-Force <xforce@iss.net>
Subject: ISSalert: ISS Security Alert Summary AS01-07


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS01-07
November 19, 2001

X-Force Vulnerability and Threat Database: http://xforce.iss.net

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at: http://xforce.iss.net/maillists/index.php

This summary will be posted at the following address:
http://xforce.iss.net/alerts/AS01-07.php
_____
Contents:
* 22 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 11/07/2001
Brief Description: Apache 'mod_usertrack' module generates
                        predictable session ID
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Apache Web Server 1.3.x
Vulnerability: apache-modusertrack-predicticable-sessionid
X-Force URL: http://xforce.iss.net/static/7494.php

Date Reported: 11/07/2001
Brief Description: Slashcode allows session ID to be obtained using
                        brute force attack
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Slashcode 2.0
Vulnerability: slashcode-sessionid-brute-force
X-Force URL: http://xforce.iss.net/static/7493.php

Date Reported: 11/07/2001
Brief Description: Windows 2000 and XP Terminal services allows an
                        attacker to spoof IP addresses
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Windows XP All
                        versions
Vulnerability: win-terminal-spoof-address
X-Force URL: http://xforce.iss.net/static/7538.php

Date Reported: 11/08/2001
Brief Description: IBM HTTP Server discloses source code
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: IBM HTTP Server 1.3.19 and earlier
Vulnerability: ibm-http-source-disclosure
X-Force URL: http://xforce.iss.net/static/7490.php

Date Reported: 11/09/2001
Brief Description: ClearCase db_loader TERM buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms Affected: ClearCase 4.2, ClearCase 3.2+, ClearCase 4.0,
                        ClearCase 4.1
Vulnerability: clearcase-dbloader-term-bo
X-Force URL: http://xforce.iss.net/static/7488.php

Date Reported: 11/10/2001
Brief Description: IMP allows a remote attacker to steal cookie
                        information using cross-site scripting
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: IMP 2.2.6 or earlier
Vulnerability: imp-css-steal-cookies
X-Force URL: http://xforce.iss.net/static/7496.php

Date Reported: 11/12/2001
Brief Description: Multi-vendor CDE dtspcd daemon buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms Affected: AIX 5.1, AIX 4.3, Caldera OpenUnix 8.0, Caldera
                        UnixWare 7, HP-UX 11.04, HP-UX 11.11, HP-UX
                        10.24, HP-UX 11.00, HP-UX 10.20, HP-UX 10.10,
                        Solaris 8, Solaris 7, Tru64 DIGITAL UNIX 5.1a,
                        Tru64 DIGITAL UNIX 5.0a, Tru64 DIGITAL UNIX
                        4.0G, Tru64 DIGITAL UNIX 4.0F
Vulnerability: cde-dtspcd-bo
X-Force URL: http://xforce.iss.net/static/7396.php

Date Reported: 11/12/2001
Brief Description: Windows 2000 RunAs service denial of service
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions
Vulnerability: win2k-runas-dos
X-Force URL: http://xforce.iss.net/static/7533.php

Date Reported: 11/12/2001
Brief Description: Windows 2000 RunAs service allows local attacker
                        to bypass pipe authentication
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions
Vulnerability: win2k-runas-pipe-authentication
X-Force URL: http://xforce.iss.net/static/7532.php

Date Reported: 11/12/2001
Brief Description: Windows 2000 RunAs service reveals sensitive
                        information
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions
Vulnerability: win2k-runas-reveal-information
X-Force URL: http://xforce.iss.net/static/7531.php

Date Reported: 11/13/2001
Brief Description: Thttpd and Mini_Httpd Web server allows remote
                        attacker to bypass permissions
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: mini_httpd 1.15c and earlier
Vulnerability: httpd-bypass-permissions
X-Force URL: http://xforce.iss.net/static/7541.php

Date Reported: 11/13/2001
Brief Description: RADIUS message digest calculation buffer
                        overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: RADIUS All versions
Vulnerability: radius-message-digest-bo
X-Force URL: http://xforce.iss.net/static/7534.php

Date Reported: 11/13/2001
Brief Description: Linux Korean install contains insecure umask
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Red Hat Linux 7.1
Vulnerability: linux-korean-default-umask
X-Force URL: http://xforce.iss.net/static/7549.php

Date Reported: 11/14/2001
Brief Description: Cisco 12000 series routers keyword fragment
                        denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-turbo-acl-dos
X-Force URL: http://xforce.iss.net/static/7552.php

Date Reported: 11/14/2001
Brief Description: Cisco 12000 series router 'ICMP unreachable'
                        packets denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-icmp-unreachable-dos
X-Force URL: http://xforce.iss.net/static/7536.php

Date Reported: 11/14/2001
Brief Description: Cisco 12000 series router has input ACL
                        configured
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-input-acl-configured
X-Force URL: http://xforce.iss.net/static/7554.php

Date Reported: 11/14/2001
Brief Description: Cisco 12000 series routers "deny ip any any"
                        rule ignored in ACL
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-acl-deny-ip
X-Force URL: http://xforce.iss.net/static/7553.php

Date Reported: 11/14/2001
Brief Description: Cisco 12000 series router does not filter
                        keyword fragment
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-acl-fragment-bypass
X-Force URL: http://xforce.iss.net/static/7555.php

Date Reported: 11/14/2001
Brief Description: Cisco 12000 series router non-initial packet
                        fragments denial of service
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-acl-noninital-dos
X-Force URL: http://xforce.iss.net/static/7550.php

Date Reported: 11/14/2001
Brief Description: Cisco allows fragmented packets in outgoing ACL
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Cisco 12000 series router
Vulnerability: cisco-acl-outgoing-fragment
X-Force URL: http://xforce.iss.net/static/7551.php

Date Reported: 11/15/2001
Brief Description: ActivePerl perlIS.dll long filename buffer
                        overflow
Risk Factor: High
Attack Type: Network Based
Platforms Affected: ActivePerl 5.6.1.629 and prior
Vulnerability: activeperl-perlis-filename-bo
X-Force URL: http://xforce.iss.net/static/7539.php

Date Reported: 11/15/2001
Brief Description: Cisco IOS ARP table can be overwritten
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Cisco IOS All versions
Vulnerability: cisco-arp-overwrite-table
X-Force URL: http://xforce.iss.net/static/7547.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed
security services, and strategic consulting and education offerings, ISS
is a trusted security provider to more than 8,000 customers worldwide
including 21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and
the Middle East. For more information, visit the Internet Security
Systems web site at www.iss.net or call 888-901-7477.

Copyright (c) 2001 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent of
the X-Force. If you wish to reprint the whole or any part of this Alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBO/mrTDRfJiV99eG9AQGZogP8D+3nnRRqVVfPxVJS6EFNjm1Khzp8ByR5
GfgmKFXO7Z3a5a9zIChWS1o2U2Khd19KTvxy86MPwktpTqGar7P9jBqmC4yj9NYm
Hwij+C7Kz1FDh91tLBkuUKKpFaZAMe+CNU8CZiDMfb9XLqOwsVN9QYMSX3qzHR0P
Wwj6Z2Azfm4=
=VhtS
-----END PGP SIGNATURE-----