ISSalert: ISS Security Alert Summary AS02-10
From: X-Force (xforce@iss.net)Date: 03/11/02
- Previous message: Brass, Phil (ISS Atlanta): "RE: Social Engineering Formal Methodology"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Mar 2002 15:45:22 -0500 To: alert@iss.net From: X-Force <xforce@iss.net>
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS02-10
March 11, 2002
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-10.php
_____
Contents:
* 33 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 02/28/2002
Brief Description: RealPlayer for Windows invalid .mp3 file denial of
service
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: RealPlayer 8.0, Windows 2000 All versions
Vulnerability: realplayer-mp3-invalid-dos
X-Force URL: http://www.iss.net/security_center/static/8320.php
Date Reported: 02/28/2002
Brief Description: Cobalt RaQ alert.cgi and service.cgi cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cobalt RaQ 4
Vulnerability: cobalt-raq-css
X-Force URL: http://www.iss.net/security_center/static/8321.php
Date Reported: 02/28/2002
Brief Description: Cobalt RaQ "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cobalt RaQ 4
Vulnerability: cobalt-raq-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8322.php
Date Reported: 02/28/2002
Brief Description: Cobalt RaQ service.cgi long parameter denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Cobalt RaQ 4
Vulnerability: cobalt-raq-service-dos
X-Force URL: http://www.iss.net/security_center/static/8323.php
Date Reported: 02/28/2002
Brief Description: Tiny Personal Firewall popup alert allows attacker
to gain access
Risk Factor: Medium
Attack Type: Host Based
Platforms: Tiny Personal Firewall 2.0.15a
Vulnerability: tinyfw-popup-gain-access
X-Force URL: http://www.iss.net/security_center/static/8324.php
Date Reported: 02/28/2002
Brief Description: Hotline Connect client stores password in plain
text
Risk Factor: Low
Attack Type: Host Based
Platforms: Hotline Connect 1.8.5 client
Vulnerability: hotline-connect-plaintext-password
X-Force URL: http://www.iss.net/security_center/static/8327.php
Date Reported: 02/28/2002
Brief Description: HP Procurve port scan telnet denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: HP Procurve Switch 4000M firmware C.08.22, HP
Procurve Switch 4000M firmware C.09.09
Vulnerability: hp-procurve-portscan-dos
X-Force URL: http://www.iss.net/security_center/static/8329.php
Date Reported: 03/02/2002
Brief Description: CFS (Cryptographic File System) has multiple buffer
overflows
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: CFS prior to 1.3.3, Debian Linux 2.2
Vulnerability: cfs-bo
X-Force URL: http://www.iss.net/security_center/static/8330.php
Date Reported: 03/01/2002
Brief Description: Zope object created with proxy roles allows an
attacker to gain elevated privileges
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Zope 2.2.0 to 2.5.x
Vulnerability: zope-proxy-role-privileges
X-Force URL: http://www.iss.net/security_center/static/8334.php
Date Reported: 03/02/2002
Brief Description: RealPlayer Port 1275 directory traversal
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: RealPlayer 6.0.7
Vulnerability: realplayer-http-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8336.php
Date Reported: 03/02/2002
Brief Description: SPHEREserver client connections denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: SPHEREserver 0.55x, SPHEREserver 0.99x
Vulnerability: sphereserver-connections-dos
X-Force URL: http://www.iss.net/security_center/static/8338.php
Date Reported: 03/02/2002
Brief Description: Phorum /admin/stats.php exposes active users
information
Risk Factor: Low
Attack Type: Network Based
Platforms: Phorum 3.3.2
Vulnerability: phorum-admin-users-information
X-Force URL: http://www.iss.net/security_center/static/8344.php
Date Reported: 03/03/2002
Brief Description: AeroMail attachments could allow an attacker to
obtain sensitive files
Risk Factor: Medium
Attack Type: Network Based
Platforms: AeroMail prior to 1.45
Vulnerability: aeromail-obtain-files
X-Force URL: http://www.iss.net/security_center/static/8345.php
Date Reported: 03/03/2002
Brief Description: AeroMail Subject header cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: AeroMail prior to 1.45
Vulnerability: aeromail-subject-css
X-Force URL: http://www.iss.net/security_center/static/8346.php
Date Reported: 03/04/2002
Brief Description: Ntop traceEvent() function format string
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: ntop 2.0
Vulnerability: ntop-traceevent-format-string
X-Force URL: http://www.iss.net/security_center/static/8347.php
Date Reported: 02/27/2002
Brief Description: Multiple Web browsers for MacOS and MacOS X could
allow automatic file downloads
Risk Factor: Medium
Attack Type: Network Based
Platforms: iCab Pre 2.7, iCab Pre 2.71, Microsoft Internet
Explorer 4.5 for Macintosh, Microsoft Internet
Explorer 5.0 for Macintosh, Netscape 4.77 Mac,
Netscape 4.78 Mac, OmniWeb 4.0.6, OmniWeb
4.1beta11, Opera Web Browser 5.0 Mac
Vulnerability: macos-auto-file-download
X-Force URL: http://www.iss.net/security_center/static/8348.php
Date Reported: 03/04/2002
Brief Description: Sun Java Runtime Environment and Microsoft Virtual
Machine (VM) Java applet could be used to redirect
browser traffic when using a proxy
Risk Factor: Medium
Attack Type: Network Based
Platforms: HP Java JRE/JDK prior to 1.1.8.06, HP Java JRE/JDK
prior to 1.2.2.12, HP Java JRE/JDK prior to
1.3.1.00, HP-UX 10.20, HP-UX 11.x, Microsoft
Internet Explorer 4.x, Microsoft Internet Explorer
5.x, Microsoft Virtual Machine 3802 and earlier,
Sun JDK 1.1.8_007 and prior, Sun JDK 1.1.8_13 and
prior, Sun JRE 1.1.8_007 and prior, Sun JRE
1.1.8_13 and prior, Sun JRE 1.2.2_010 and prior,
Sun JRE 1.3.0_02 and prior, Sun SDK 1.2.2_010 and
prior, Sun SDK 1.3.0_02 and prior
Vulnerability: java-vm-session-hijacking
X-Force URL: http://www.iss.net/security_center/static/8351.php
Date Reported: 03/04/2002
Brief Description: ReBB <IMG> tag cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: ReBB All versions
Vulnerability: rebb-img-css
X-Force URL: http://www.iss.net/security_center/static/8353.php
Date Reported: 03/05/2002
Brief Description: Endymion MailMan ALTERNATE_TEMPLATES "dot dot" null
byte directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: MailMan 3.0.35 and earlier
Vulnerability: mailman-alternate-templates-traversal
X-Force URL: http://www.iss.net/security_center/static/8357.php
Date Reported: 03/05/2002
Brief Description: Endymion Saké Mail param_name "dot dot" null byte
directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Saké Mail 1.0.36 and earlier
Vulnerability: sakemail-paramname-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8358.php
Date Reported: 03/05/2002
Brief Description: Microsoft SQL Server xp_dirtree buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Microsoft SQL Server 7.0
Vulnerability: mssql-xp-dirtree-bo
X-Force URL: http://www.iss.net/security_center/static/8359.php
Date Reported: 03/03/2002
Brief Description: Unreal IRCd format string in "cio_main.c" file
Risk Factor: Medium
Attack Type: Network Based
Platforms: Unreal IRCd 3.1.1
Vulnerability: unreal-ircd-format-string
X-Force URL: http://www.iss.net/security_center/static/8360.php
Date Reported: 03/01/2002
Brief Description: Web+ webpsvc.exe buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Web+ 4.6, Web+ 5.0
Vulnerability: webplus-webpsvc-bo
X-Force URL: http://www.iss.net/security_center/static/8361.php
Date Reported: 03/05/2002
Brief Description: CVS improperly initialized global variable can
cause a denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: CVS prior to 1.10.7-9, Debian Linux 2.2
Vulnerability: cvs-global-var-dos
X-Force URL: http://www.iss.net/security_center/static/8366.php
Date Reported: 03/06/2002
Brief Description: MTR MTR_OPTIONS environment variable buffer
overflow
Risk Factor: High
Attack Type: Host Based
Platforms: MTR 0.45, MTR 0.46
Vulnerability: mtr-options-bo
X-Force URL: http://www.iss.net/security_center/static/8367.php
Date Reported: 03/05/2002
Brief Description: SH39 MailServer port 25 denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: SH39 MailServer 1.21
Vulnerability: sh39-mailserver-dos
X-Force URL: http://www.iss.net/security_center/static/8379.php
Date Reported: 03/06/2002
Brief Description: efingerd reverse-lookup buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: efingerd 1.3, efingerd 1.6.1
Vulnerability: efingerd-reverse-lookup-bo
X-Force URL: http://www.iss.net/security_center/static/8380.php
Date Reported: 03/06/2002
Brief Description: efingerd .efingerd file execution
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: efingerd 1.3, efingerd 1.6.1
Vulnerability: efingerd-file-execution
X-Force URL: http://www.iss.net/security_center/static/8381.php
Date Reported: 03/04/2002
Brief Description: IIS authentication error messages reveal
configuration information
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft IIS
5.1
Vulnerability: iis-authentication-error-messages
X-Force URL: http://www.iss.net/security_center/static/8382.php
Date Reported: 03/07/2002
Brief Description: OpenSSH off-by-one error in channel code
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Conectiva Linux 5.0, Conectiva Linux 5.1, Conectiva
Linux 6.0, Conectiva Linux 7.0, Conectiva Linux
ecommerce, Conectiva Linux prg graficos, EnGarde
Secure Linux Community Edition, FreeBSD 4.4-
Release, FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE,
OpenPKG 1.0, OpenSSH 2.0 up to 3.0.2, OpenSSH All
versions, Red Hat Linux 7.0, Red Hat Linux 7.1, Red
Hat Linux 7.2, SuSE eMail Server III All versions,
SuSE Linux 6.4, SuSE Linux 7.0, SuSE Linux 7.1,
SuSE Linux 7.2, SuSE Linux 7.3, SuSE Linux
Connectivity Server All versions, SuSE Linux
Database Server All versions, SuSE Linux Enterprise
Server 7, SuSE Linux Firewall All versions
Vulnerability: openssh-channel-error
X-Force URL: http://www.iss.net/security_center/static/8383.php
Date Reported: 03/07/2002
Brief Description: Microsoft Windows Shell buffer overflow can occur
when an application has been improperly removed
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Windows 2000 All versions, Windows 98 All versions,
Windows 98 Second Edition, Windows NT 4.0, Windows
NT 4.0 TSE
Vulnerability: win-shell-bo
X-Force URL: http://www.iss.net/security_center/static/8384.php
Date Reported: 03/04/2002
Brief Description: IIS specially-crafted request reveals IP address
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft IIS
5.1
Vulnerability: iis-request-ip-disclosure
X-Force URL: http://www.iss.net/security_center/static/8385.php
Date Reported: 03/05/2002
Brief Description: PureTLS could allow injection attacks
Risk Factor: Medium
Attack Type: Network Based
Platforms: PureTLS 0.9b1
Vulnerability: puretls-injection-attack
X-Force URL: http://www.iss.net/security_center/static/8386.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail server.
Medium Any vulnerability that provides information that has a high
potential of giving system access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that could contain an
account with a guessable password.
Low Any vulnerability that provides information that could
potentially lead to a compromise. Example: A finger that
allows an intruder to find out who is online and potential
accounts to attempt to crack passwords via brute force
methods.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBPI0XSDRfJiV99eG9AQG33wQApYA9kAbp2FV9g1rUFeQ4BpVTWeg6lU1b
Oea2dJs/iUSVrNUU2xiQd0TDtJ0Xi6fC/8NUUEV+AxdKmKLnlSE10bc/3K8h/4Jk
qaczNTz5uD1YsdRWkT6OjqtQa0JUlCveZj88uF3i6GmqGOG+LyNMYJLR4r4hH42H
ioyspv2G138=
=ppCb
-----END PGP SIGNATURE-----
- Previous message: Brass, Phil (ISS Atlanta): "RE: Social Engineering Formal Methodology"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
