ISSalert: ISS Security Alert Summary AS01-11

From: X-Force (xforce@iss.net)
Date: 12/18/01


Date: Tue, 18 Dec 2001 02:41:01 -0500
To: alert@iss.net
From: X-Force <xforce@iss.net>


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS01-11
December 17, 2001

X-Force Vulnerability and Threat Database: http://xforce.iss.net

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at: http://xforce.iss.net/maillists/index.php

This summary is available at the following address:
http://xforce.iss.net/alerts/AS01-11.php

IMPORTANT:
X-Force will not deliver an Alert Summary during the holiday week
of December 24, 2001. The next alert summary will be sent on
December 31, 2001. Happy holidays!

____
Contents:
* 26 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 12/05/2001
Brief Description: Axis Network Camera has a default administrator
                        password
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Axis Network Camera 200, Axis Network Camera
                        2100, Axis Network Camera 2110, Axis Network
                        Camera 2120
Vulnerability: axis-default-admin-passwd
X-Force URL: http://xforce.iss.net/static/7665.php

Date Reported: 12/06/2001
Brief Description: CDE xterm could allow an attacker to obtain
                        privileges of previous sessions
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Caldera OpenUnix 8.0.0, Caldera UnixWare 7.1.0,
                        Caldera UnixWare 7.1.1
Vulnerability: cde-xterm-gain-privileges
X-Force URL: http://xforce.iss.net/static/7666.php

Date Reported: 12/07/2001
Brief Description: Windows 2000 IKE UDP packet flood denial of
                        service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions
Vulnerability: win2k-ike-dos
X-Force URL: http://xforce.iss.net/static/7667.php

Date Reported: 12/06/2001
Brief Description: wmtv -e option command execution
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Debian Linux 2.2, wmtv 0.6.5
Vulnerability: wmtv-execute-commands
X-Force URL: http://xforce.iss.net/static/7669.php

Date Reported: 12/04/2001
Brief Description: Microsoft Outlook Express allows blocked
                        attachments to be opened when the message is
                        forwarded
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Microsoft Outlook Express 6.0
Vulnerability: oe-blocked-attachment-forward
X-Force URL: http://xforce.iss.net/static/7670.php

Date Reported: 12/05/2001
Brief Description: ZoneAlarm and Tiny Personal Firewall allows non-
                        standard outbound packets to bypass filtering
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Tiny Personal Firewall 2.0 and earlier,
                        ZoneAlarm 2.6 and earlier, ZoneAlarm Pro 2.6 and
                        earlier
Vulnerability: zonealarm-tiny-bypass-filter
X-Force URL: http://xforce.iss.net/static/7671.php

Date Reported: 12/07/2001
Brief Description: Volition Red Faction game server and client can
                        be crashed with UDP packets
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Red Faction 1.0, Red Faction 1.1
Vulnerability: red-faction-udp-dos
X-Force URL: http://xforce.iss.net/static/7672.php

Date Reported: 12/07/2001
Brief Description: XFree86 buffer overflow using the Konqueror Web
                        browser and file manager
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: XFree86 X11R6 4.0.x
Vulnerability: xfree86-konqueror-bo
X-Force URL: http://xforce.iss.net/static/7673.php

Date Reported: 12/07/2001
Brief Description: Kebi Webmail administrative directory is
                        accessible
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Kebi Community 1.0 academy, Kebi Community 1.0
                        enterprise
Vulnerability: kebi-webmail-admin-dir-access
X-Force URL: http://xforce.iss.net/static/7674.php

Date Reported: 12/06/2001
Brief Description: Allaire JRun '%00' or '%2570' could allow an
                        attacker to view the source code of JSP files
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: JRun 3.0, JRun 3.1
Vulnerability: allaire-jrun-view-jsp-source
X-Force URL: http://xforce.iss.net/static/7676.php

Date Reported: 12/06/2001
Brief Description: Allaire JRun could allow an attacker to access
                        JSP files in the WEB-INF and META-INF
                        directories
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: JRun 3.1
Vulnerability: allaire-jrun-webinf-metainf-jsp
X-Force URL: http://xforce.iss.net/static/7677.php

Date Reported: 12/06/2001
Brief Description: Allaire JRun JWS "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: JRun 2.3.3, JRun 3.0, JRun 3.1
Vulnerability: allaire-jrun-jws-directory-traversal
X-Force URL: http://xforce.iss.net/static/7678.php

Date Reported: 12/06/2001
Brief Description: Allaire JRun appends the jsessionid to a URL if
                        cookies are turned on
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: JRun 3.0, JRun 3.1
Vulnerability: allaire-jrun-jsessionid-appended
X-Force URL: http://xforce.iss.net/static/7679.php

Date Reported: 12/07/2001
Brief Description: Pathways Homecare uses weak encryption on
                        usernames and passwords
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Pathways Homecare 6.5
Vulnerability: pathways-homecare-weak-encryption
X-Force URL: http://xforce.iss.net/static/7682.php

Date Reported: 12/08/2001
Brief Description: XFree86 xterm -title buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms Affected: XFree86 X11R6 4.0.x
Vulnerability: xfree86-xterm-title-bo
X-Force URL: http://xforce.iss.net/static/7683.php

Date Reported: 12/07/2001
Brief Description: Lotus Domino URL database request denial of
                        service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Lotus Domino 5.0.5, Lotus Domino 5.0.8
Vulnerability: lotus-domino-database-dos
X-Force URL: http://xforce.iss.net/static/7684.php

Date Reported: 12/05/2001
Brief Description: Load Sharing Facility (LSF) /tmp file symlink
                        attack
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: LSF 4.0
Vulnerability: lsf-tmp-symlink
X-Force URL: http://xforce.iss.net/static/7685.php

Date Reported: 12/05/2001
Brief Description: Load Sharing Facility (LSF) user configuration
                        file symlink attack
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: LSF 4.0
Vulnerability: lsf-config-file-symlink
X-Force URL: http://xforce.iss.net/static/7686.php

Date Reported: 12/05/2001
Brief Description: Load Sharing Facility (LSF) lsadmin and badmin
                        buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms Affected: LSF 4.0
Vulnerability: lsf-lsadmin-badmin-bo
X-Force URL: http://xforce.iss.net/static/7687.php

Date Reported: 12/05/2001
Brief Description: Load Sharing Facility (LSF) without eauth
                        authentication scheme has multiple buffer
                        overflows
Risk Factor: High
Attack Type: Host Based
Platforms Affected: LSF 4.0
Vulnerability: lsf-no-eauth-bo
X-Force URL: http://xforce.iss.net/static/7688.php

Date Reported: 12/05/2001
Brief Description: Load Sharing Facility (LSF) mbatchd daemon
                        remote buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: LSF 4.0
Vulnerability: lsf-mbatchd-bo
X-Force URL: http://xforce.iss.net/static/7689.php

Date Reported: 12/11/2001
Brief Description: Microsoft IIS HTTP GET request with false
                        "Content-Length" field can cause a denial of
                        service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Microsoft IIS 5.0
Vulnerability: iis-false-content-length-dos
X-Force URL: http://xforce.iss.net/static/7691.php

Date Reported: 12/11/2001
Brief Description: CSVForm.pl could allow remote command execution
Risk Factor: High
Attack Type: Network Based
Platforms Affected: CSVForm 0.1, CSVFormPlus 1.0
Vulnerability: csvform-cgi-execute-commands
X-Force URL: http://xforce.iss.net/static/7692.php

Date Reported: 12/10/2001
Brief Description: FreeBSD AIO library could allow an attacker to
                        overwrite memory and gain elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: FreeBSD 4.4-Stable
Vulnerability: bsd-aio-overwrite-memory
X-Force URL: http://xforce.iss.net/static/7693.php

Date Reported: 12/08/2001
Brief Description: Winsock RSHD/NT daemon standard connection error
                        data denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Windows NT All
                        versions, Winsock RSHD/NT 2.20, Winsock RSHD/NT
                        2.21
Vulnerability: winsock-rshdnt-error-dos
X-Force URL: http://xforce.iss.net/static/7694.php

Date Reported: 12/13/2001
Brief Description: ATPhttpd long URL denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: ATPhttpd 0.4
Vulnerability: atphttpd-long-url-dos
X-Force URL: http://xforce.iss.net/static/7695.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed
security services, and strategic consulting and education offerings, ISS
is a trusted security provider to more than 8,000 customers worldwide
including 21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and
the Middle East. For more information, visit the Internet Security
Systems web site at www.iss.net or call 888-901-7477.

Copyright (c) 2001 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent of
the X-Force. If you wish to reprint the whole or any part of this Alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBPB7y5DRfJiV99eG9AQE2SwP+OMrO9Lkt2nZB9Elc197C+Zezav2AAbBI
7/UTG5VbZ1AFADAKD8CN8Q2RXfIp+CZvPFGWcU0Xu1sCuqmxLVlP7jlqHuIksuuI
CRNAB+qzabyyQEBJdfCuSpImo5MMD2M5kjd3TTLNGq8kYSS1waHfnEoiX2oG+anf
1ibw7+pKZFk=
=jzro
-----END PGP SIGNATURE-----