ISSalert: ISS Security Alert Summary AS02-10

From: X-Force (xforce@iss.net)
Date: 03/11/02


Date: Mon, 11 Mar 2002 15:45:22 -0500
To: alert@iss.net
From: X-Force <xforce@iss.net>


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS02-10
March 11, 2002

X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists

This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-10.php
_____
Contents:
* 33 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 02/28/2002
Brief Description: RealPlayer for Windows invalid .mp3 file denial of
                    service
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: RealPlayer 8.0, Windows 2000 All versions
Vulnerability: realplayer-mp3-invalid-dos
X-Force URL: http://www.iss.net/security_center/static/8320.php

Date Reported: 02/28/2002
Brief Description: Cobalt RaQ alert.cgi and service.cgi cross-site
                    scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cobalt RaQ 4
Vulnerability: cobalt-raq-css
X-Force URL: http://www.iss.net/security_center/static/8321.php

Date Reported: 02/28/2002
Brief Description: Cobalt RaQ "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cobalt RaQ 4
Vulnerability: cobalt-raq-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8322.php

Date Reported: 02/28/2002
Brief Description: Cobalt RaQ service.cgi long parameter denial of
                    service
Risk Factor: Low
Attack Type: Network Based
Platforms: Cobalt RaQ 4
Vulnerability: cobalt-raq-service-dos
X-Force URL: http://www.iss.net/security_center/static/8323.php

Date Reported: 02/28/2002
Brief Description: Tiny Personal Firewall popup alert allows attacker
                    to gain access
Risk Factor: Medium
Attack Type: Host Based
Platforms: Tiny Personal Firewall 2.0.15a
Vulnerability: tinyfw-popup-gain-access
X-Force URL: http://www.iss.net/security_center/static/8324.php

Date Reported: 02/28/2002
Brief Description: Hotline Connect client stores password in plain
                    text
Risk Factor: Low
Attack Type: Host Based
Platforms: Hotline Connect 1.8.5 client
Vulnerability: hotline-connect-plaintext-password
X-Force URL: http://www.iss.net/security_center/static/8327.php

Date Reported: 02/28/2002
Brief Description: HP Procurve port scan telnet denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: HP Procurve Switch 4000M firmware C.08.22, HP
                    Procurve Switch 4000M firmware C.09.09
Vulnerability: hp-procurve-portscan-dos
X-Force URL: http://www.iss.net/security_center/static/8329.php

Date Reported: 03/02/2002
Brief Description: CFS (Cryptographic File System) has multiple buffer
                    overflows
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: CFS prior to 1.3.3, Debian Linux 2.2
Vulnerability: cfs-bo
X-Force URL: http://www.iss.net/security_center/static/8330.php

Date Reported: 03/01/2002
Brief Description: Zope object created with proxy roles allows an
                    attacker to gain elevated privileges
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Zope 2.2.0 to 2.5.x
Vulnerability: zope-proxy-role-privileges
X-Force URL: http://www.iss.net/security_center/static/8334.php

Date Reported: 03/02/2002
Brief Description: RealPlayer Port 1275 directory traversal
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: RealPlayer 6.0.7
Vulnerability: realplayer-http-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8336.php

Date Reported: 03/02/2002
Brief Description: SPHEREserver client connections denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: SPHEREserver 0.55x, SPHEREserver 0.99x
Vulnerability: sphereserver-connections-dos
X-Force URL: http://www.iss.net/security_center/static/8338.php

Date Reported: 03/02/2002
Brief Description: Phorum /admin/stats.php exposes active users
                    information
Risk Factor: Low
Attack Type: Network Based
Platforms: Phorum 3.3.2
Vulnerability: phorum-admin-users-information
X-Force URL: http://www.iss.net/security_center/static/8344.php

Date Reported: 03/03/2002
Brief Description: AeroMail attachments could allow an attacker to
                    obtain sensitive files
Risk Factor: Medium
Attack Type: Network Based
Platforms: AeroMail prior to 1.45
Vulnerability: aeromail-obtain-files
X-Force URL: http://www.iss.net/security_center/static/8345.php

Date Reported: 03/03/2002
Brief Description: AeroMail Subject header cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: AeroMail prior to 1.45
Vulnerability: aeromail-subject-css
X-Force URL: http://www.iss.net/security_center/static/8346.php

Date Reported: 03/04/2002
Brief Description: Ntop traceEvent() function format string
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: ntop 2.0
Vulnerability: ntop-traceevent-format-string
X-Force URL: http://www.iss.net/security_center/static/8347.php

Date Reported: 02/27/2002
Brief Description: Multiple Web browsers for MacOS and MacOS X could
                    allow automatic file downloads
Risk Factor: Medium
Attack Type: Network Based
Platforms: iCab Pre 2.7, iCab Pre 2.71, Microsoft Internet
                    Explorer 4.5 for Macintosh, Microsoft Internet
                    Explorer 5.0 for Macintosh, Netscape 4.77 Mac,
                    Netscape 4.78 Mac, OmniWeb 4.0.6, OmniWeb
                    4.1beta11, Opera Web Browser 5.0 Mac
Vulnerability: macos-auto-file-download
X-Force URL: http://www.iss.net/security_center/static/8348.php

Date Reported: 03/04/2002
Brief Description: Sun Java Runtime Environment and Microsoft Virtual
                    Machine (VM) Java applet could be used to redirect
                    browser traffic when using a proxy
Risk Factor: Medium
Attack Type: Network Based
Platforms: HP Java JRE/JDK prior to 1.1.8.06, HP Java JRE/JDK
                    prior to 1.2.2.12, HP Java JRE/JDK prior to
                    1.3.1.00, HP-UX 10.20, HP-UX 11.x, Microsoft
                    Internet Explorer 4.x, Microsoft Internet Explorer
                    5.x, Microsoft Virtual Machine 3802 and earlier,
                    Sun JDK 1.1.8_007 and prior, Sun JDK 1.1.8_13 and
                    prior, Sun JRE 1.1.8_007 and prior, Sun JRE
                    1.1.8_13 and prior, Sun JRE 1.2.2_010 and prior,
                    Sun JRE 1.3.0_02 and prior, Sun SDK 1.2.2_010 and
                    prior, Sun SDK 1.3.0_02 and prior
Vulnerability: java-vm-session-hijacking
X-Force URL: http://www.iss.net/security_center/static/8351.php

Date Reported: 03/04/2002
Brief Description: ReBB <IMG> tag cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: ReBB All versions
Vulnerability: rebb-img-css
X-Force URL: http://www.iss.net/security_center/static/8353.php

Date Reported: 03/05/2002
Brief Description: Endymion MailMan ALTERNATE_TEMPLATES "dot dot" null
                    byte directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: MailMan 3.0.35 and earlier
Vulnerability: mailman-alternate-templates-traversal
X-Force URL: http://www.iss.net/security_center/static/8357.php

Date Reported: 03/05/2002
Brief Description: Endymion Saké Mail param_name "dot dot" null byte
                    directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Saké Mail 1.0.36 and earlier
Vulnerability: sakemail-paramname-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8358.php

Date Reported: 03/05/2002
Brief Description: Microsoft SQL Server xp_dirtree buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Microsoft SQL Server 7.0
Vulnerability: mssql-xp-dirtree-bo
X-Force URL: http://www.iss.net/security_center/static/8359.php

Date Reported: 03/03/2002
Brief Description: Unreal IRCd format string in "cio_main.c" file
Risk Factor: Medium
Attack Type: Network Based
Platforms: Unreal IRCd 3.1.1
Vulnerability: unreal-ircd-format-string
X-Force URL: http://www.iss.net/security_center/static/8360.php

Date Reported: 03/01/2002
Brief Description: Web+ webpsvc.exe buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Web+ 4.6, Web+ 5.0
Vulnerability: webplus-webpsvc-bo
X-Force URL: http://www.iss.net/security_center/static/8361.php

Date Reported: 03/05/2002
Brief Description: CVS improperly initialized global variable can
                    cause a denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: CVS prior to 1.10.7-9, Debian Linux 2.2
Vulnerability: cvs-global-var-dos
X-Force URL: http://www.iss.net/security_center/static/8366.php

Date Reported: 03/06/2002
Brief Description: MTR MTR_OPTIONS environment variable buffer
                    overflow
Risk Factor: High
Attack Type: Host Based
Platforms: MTR 0.45, MTR 0.46
Vulnerability: mtr-options-bo
X-Force URL: http://www.iss.net/security_center/static/8367.php

Date Reported: 03/05/2002
Brief Description: SH39 MailServer port 25 denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: SH39 MailServer 1.21
Vulnerability: sh39-mailserver-dos
X-Force URL: http://www.iss.net/security_center/static/8379.php

Date Reported: 03/06/2002
Brief Description: efingerd reverse-lookup buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: efingerd 1.3, efingerd 1.6.1
Vulnerability: efingerd-reverse-lookup-bo
X-Force URL: http://www.iss.net/security_center/static/8380.php

Date Reported: 03/06/2002
Brief Description: efingerd .efingerd file execution
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: efingerd 1.3, efingerd 1.6.1
Vulnerability: efingerd-file-execution
X-Force URL: http://www.iss.net/security_center/static/8381.php

Date Reported: 03/04/2002
Brief Description: IIS authentication error messages reveal
                    configuration information
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft IIS
                    5.1
Vulnerability: iis-authentication-error-messages
X-Force URL: http://www.iss.net/security_center/static/8382.php

Date Reported: 03/07/2002
Brief Description: OpenSSH off-by-one error in channel code
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Conectiva Linux 5.0, Conectiva Linux 5.1, Conectiva
                    Linux 6.0, Conectiva Linux 7.0, Conectiva Linux
                    ecommerce, Conectiva Linux prg graficos, EnGarde
                    Secure Linux Community Edition, FreeBSD 4.4-
                    Release, FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE,
                    OpenPKG 1.0, OpenSSH 2.0 up to 3.0.2, OpenSSH All
                    versions, Red Hat Linux 7.0, Red Hat Linux 7.1, Red
                    Hat Linux 7.2, SuSE eMail Server III All versions,
                    SuSE Linux 6.4, SuSE Linux 7.0, SuSE Linux 7.1,
                    SuSE Linux 7.2, SuSE Linux 7.3, SuSE Linux
                    Connectivity Server All versions, SuSE Linux
                    Database Server All versions, SuSE Linux Enterprise
                    Server 7, SuSE Linux Firewall All versions
Vulnerability: openssh-channel-error
X-Force URL: http://www.iss.net/security_center/static/8383.php

Date Reported: 03/07/2002
Brief Description: Microsoft Windows Shell buffer overflow can occur
                    when an application has been improperly removed
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Windows 2000 All versions, Windows 98 All versions,
                    Windows 98 Second Edition, Windows NT 4.0, Windows
                    NT 4.0 TSE
Vulnerability: win-shell-bo
X-Force URL: http://www.iss.net/security_center/static/8384.php

Date Reported: 03/04/2002
Brief Description: IIS specially-crafted request reveals IP address
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft IIS
                    5.1
Vulnerability: iis-request-ip-disclosure
X-Force URL: http://www.iss.net/security_center/static/8385.php

Date Reported: 03/05/2002
Brief Description: PureTLS could allow injection attacks
Risk Factor: Medium
Attack Type: Network Based
Platforms: PureTLS 0.9b1
Vulnerability: puretls-injection-attack
X-Force URL: http://www.iss.net/security_center/static/8386.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBPI0XSDRfJiV99eG9AQG33wQApYA9kAbp2FV9g1rUFeQ4BpVTWeg6lU1b
Oea2dJs/iUSVrNUU2xiQd0TDtJ0Xi6fC/8NUUEV+AxdKmKLnlSE10bc/3K8h/4Jk
qaczNTz5uD1YsdRWkT6OjqtQa0JUlCveZj88uF3i6GmqGOG+LyNMYJLR4r4hH42H
ioyspv2G138=
=ppCb
-----END PGP SIGNATURE-----