ISSalert: ISS Security Alert Summary AS02-11

From: X-Force (xforce@iss.net)
Date: 03/19/02


Date: Mon, 18 Mar 2002 18:38:06 -0500
To: alert@iss.net
From: X-Force <xforce@iss.net>


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS02-11
March 18, 2002

X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists

This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-11.php
_____
Contents:
* 35 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 03/06/2002
Brief Description: Windows NT Server with IIS 4.0 could allow users to
                    bypass "User cannot change password" security
                    policy
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: Microsoft IIS 4.0, Windows NT 4.0
Vulnerability: winnt-pw-policy-bypass
X-Force URL: http://www.iss.net/security_center/static/8388.php

Date Reported: 03/07/2002
Brief Description: Norton AntiVirus 2002 incoming email scan can be
                    bypassed using a NULL character
Risk Factor: Medium
Attack Type: Network Based
Platforms: Norton AntiVirus 2002
Vulnerability: nav-nullchar-bypass-protection
X-Force URL: http://www.iss.net/security_center/static/8389.php

Date Reported: 03/07/2002
Brief Description: Norton AntiVirus 2002 incoming email scan can be
                    bypassed by embedding malicious code in non-RFC
                    compliant MIME messages
Risk Factor: Medium
Attack Type: Network Based
Platforms: Norton AntiVirus 2002
Vulnerability: nav-nonrfc-bypass-protection
X-Force URL: http://www.iss.net/security_center/static/8390.php

Date Reported: 03/07/2002
Brief Description: Norton AntiVirus 2002 .nch and .dbx file types can
                    be used to bypass protection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Norton AntiVirus 2002
Vulnerability: nav-filetype-bypass-protection
X-Force URL: http://www.iss.net/security_center/static/8391.php

Date Reported: 03/07/2002
Brief Description: Norton AntiVirus 2002 incoming email scan can be
                    bypassed by changing the file name in the Content-
                    Type header
Risk Factor: Medium
Attack Type: Network Based
Platforms: Norton AntiVirus 2002
Vulnerability: nav-contenttype-bypass-protection
X-Force URL: http://www.iss.net/security_center/static/8392.php

Date Reported: 03/06/2002
Brief Description: mIRC DCC "100 testing" command could reveal the
                    nickname and the number of IRC servers the victim
                    is connected to
Risk Factor: Low
Attack Type: Network Based
Platforms: mIRC All versions
Vulnerability: mirc-dcc-reveal-info
X-Force URL: http://www.iss.net/security_center/static/8393.php

Date Reported: 03/08/2002
Brief Description: Linksys EtherFast BEFVP41 Cable/DSL VPN Router weak
                    key encryption
Risk Factor: Low
Attack Type: Network Based
Platforms: Linksys EtherFast BEFVP41
Vulnerability: linksys-etherfast-weak-encryption
X-Force URL: http://www.iss.net/security_center/static/8397.php

Date Reported: 03/05/2002
Brief Description: Kaffe OpenVM NoClassDefFoundError format string
Risk Factor: Low
Attack Type: Host Based
Platforms: Kaffe OpenVM 1.0.6 and prior
Vulnerability: openvm-class-format-strings
X-Force URL: http://www.iss.net/security_center/static/8399.php

Date Reported: 03/07/2002
Brief Description: Apache HTTP Server mod_frontpage buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: FreeBSD Ports Collection All versions, Mandrake
                    Linux 8.0, Mandrake Linux 8.1
Vulnerability: apache-modfrontpage-bo
X-Force URL: http://www.iss.net/security_center/static/8400.php

Date Reported: 03/07/2002
Brief Description: Windows 2000 allows an attacker to bypass password
                    policy
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows 2000 All versions
Vulnerability: win2k-password-bypass-policy
X-Force URL: http://www.iss.net/security_center/static/8402.php

Date Reported: 03/04/2002
Brief Description: KAME forged packet forwarding
Risk Factor: Low
Attack Type: Network Based
Platforms: FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE, NetBSD
                    1.5.2
Vulnerability: kame-forged-packet-forwarding
X-Force URL: http://www.iss.net/security_center/static/8416.php

Date Reported: 03/08/2002
Brief Description: Xerver multiple 'C:/' requests denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Xerver 2.10
Vulnerability: xerver-multiple-request-dos
X-Force URL: http://www.iss.net/security_center/static/8419.php

Date Reported: 03/08/2002
Brief Description: Xerver "../" directory traversal
Risk Factor: Low
Attack Type: Network Based
Platforms: Xerver 2.10
Vulnerability: xerver-dot-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8421.php

Date Reported: 03/09/2002
Brief Description: XTux server random character denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: XTux 20010601
Vulnerability: xtux-server-dos
X-Force URL: http://www.iss.net/security_center/static/8422.php

Date Reported: 03/08/2002
Brief Description: FireWall-1 SecuRemote/SecuClient authentication
                    allows remote users to bypass "timeouts"
Risk Factor: Low
Attack Type: Network Based
Platforms: Check Point FireWall-1 4.0, Check Point FireWall-1
                    4.1
Vulnerability: fw1-authentication-bypass-timeouts
X-Force URL: http://www.iss.net/security_center/static/8423.php

Date Reported: 03/09/2002
Brief Description: SurfControl SuperScout Email Filter long HELO or
                    RCPT TO: command denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: SuperScout Email Filter 3.5.1
Vulnerability: surfcontrol-superscout-helo-dos
X-Force URL: http://www.iss.net/security_center/static/8424.php

Date Reported: 03/10/2002
Brief Description: InterScan VirusWall could allow virus infected Web
                    pages to bypass the HTTP proxy filtering
Risk Factor: Medium
Attack Type: Network Based
Platforms: InterScan VirusWall 3.6.x
Vulnerability: interscan-viruswall-http-proxy-bypass
X-Force URL: http://www.iss.net/security_center/static/8425.php

Date Reported: 03/09/2002
Brief Description: Citadel/UX long HELO command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Citadel/UX 5.90 and prior
Vulnerability: citadel-helo-bo
X-Force URL: http://www.iss.net/security_center/static/8426.php

Date Reported: 03/11/2002
Brief Description: zlib "double free" memory corruption
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Debian Linux 2.2, EnGarde Secure Linux Community
                    Edition, Mandrake Linux 7.1, Mandrake Linux 7.2,
                    Mandrake Linux 8.0, Mandrake Linux 8.1, Mandrake
                    Linux Corporate Server 1.0.1, Mandrake Single
                    Network Firewall 7.2, OpenPKG 1.0, Red Hat Linux
                    6.2, Red Hat Linux 7.0, Red Hat Linux 7.1, Red Hat
                    Linux 7.2, Red Hat Powertools 6.2, Red Hat
                    Powertools 7.0, Red Hat Powertools 7.1, SuSE eMail
                    Server III All versions, SuSE Linux 6.4, SuSE Linux
                    7.0, SuSE Linux 7.1, SuSE Linux 7.2, SuSE Linux
                    7.3, SuSE Linux Connectivity Server All versions,
                    SuSE Linux Database Server All versions, SuSE Linux
                    Enterprise Server 7, SuSE Linux Firewall All
                    versions, zlib 1.1.3 and earlier
Vulnerability: zlib-doublefree-memory-corruption
X-Force URL: http://www.iss.net/security_center/static/8427.php

Date Reported: 03/10/2002
Brief Description: Pi3Web Server 404 error page Web root directory
                    disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Pi3Web 2.0
Vulnerability: pi3web-error-disclosure
X-Force URL: http://www.iss.net/security_center/static/8428.php

Date Reported: 03/10/2002
Brief Description: Pi3Web asterisk (*) allows remote attacker to view
                    files
Risk Factor: Low
Attack Type: Network Based
Platforms: Pi3Web 2.0
Vulnerability: pi3web-asterisk-view-files
X-Force URL: http://www.iss.net/security_center/static/8429.php

Date Reported: 03/11/2002
Brief Description: CaupoShop user information page cross-site
                    scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: CaupoShop 1.30a
Vulnerability: cauposhop-user-info-css
X-Force URL: http://www.iss.net/security_center/static/8431.php

Date Reported: 03/10/2002
Brief Description: GNU fileutils race condition
Risk Factor: Medium
Attack Type: Host Based
Platforms: GNU fileutils 4.0 up to 4.1.6
Vulnerability: gnu-fileutils-race-condition
X-Force URL: http://www.iss.net/security_center/static/8432.php

Date Reported: 03/11/2002
Brief Description: SMS Server Tools format string attack
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: SMS Server Tools 1.4.7 and earlier
Vulnerability: sms-tools-format-string
X-Force URL: http://www.iss.net/security_center/static/8433.php

Date Reported: 03/12/2002
Brief Description: PHP FirstPost path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: PHP FirstPost 0.1
Vulnerability: phpfirstpost-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/8434.php

Date Reported: 03/11/2002
Brief Description: SunSolve CGI scripts could allow remote command
                    execution
Risk Factor: High
Attack Type: Network Based
Platforms: Solaris 7, Solaris 8
Vulnerability: sunsolve-cd-command-execution
X-Force URL: http://www.iss.net/security_center/static/8435.php

Date Reported: 03/11/2002
Brief Description: ZyXEL ZyWALL 10 malformed ARP packet denial of
                    service
Risk Factor: Low
Attack Type: Network Based
Platforms: ZyWALL 10 prior to V3.50(WA.2)
Vulnerability: zyxel-zywall10-arp-dos
X-Force URL: http://www.iss.net/security_center/static/8436.php

Date Reported: 03/12/2002
Brief Description: Black Tie Project non-existent category ID path
                    disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Black Tie Project (BTP) 0.4b, Black Tie Project
                    (BTP) 0.5, Black Tie Project (BTP) 0.5b
Vulnerability: btp-cid-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/8439.php

Date Reported: 03/10/2002
Brief Description: Marcus Xenakis directory.php allows malicious user
                    to execute commands
Risk Factor: High
Attack Type: Network Based
Platforms: directory.php All versions
Vulnerability: xenakis-directory-execute-commands
X-Force URL: http://www.iss.net/security_center/static/8440.php

Date Reported: 03/11/2002
Brief Description: PHP ImgList "../" directory traversal
Risk Factor: Low
Attack Type: Network Based
Platforms: PHP ImgList prior to 1.2.2
Vulnerability: phpimglist-dot-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/8441.php

Date Reported: 03/11/2002
Brief Description: Caldera OpenServer dlvr_audit buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Caldera OpenServer 5.0.5, Caldera OpenServer 5.0.6
Vulnerability: openserver-dlvraudit-bo
X-Force URL: http://www.iss.net/security_center/static/8442.php

Date Reported: 03/10/2002
Brief Description: Ecartis does not drop root privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Ecartis 1.0.0 and prior
Vulnerability: ecartis-root-privileges
X-Force URL: http://www.iss.net/security_center/static/8444.php

Date Reported: 03/10/2002
Brief Description: Ecartis local buffer overflows in moderate.c and
                    lcgi.c
Risk Factor: High
Attack Type: Host Based
Platforms: Ecartis prior to 1.0.0
Vulnerability: ecartis-local-bo
X-Force URL: http://www.iss.net/security_center/static/8445.php

Date Reported: 03/13/2002
Brief Description: Web+ long WML script request buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Web+ 4.6, Web+ 5.0
Vulnerability: webplus-wml-bo
X-Force URL: http://www.iss.net/security_center/static/8446.php

Date Reported: 03/13/2002
Brief Description: PHProjekt filemanager module allows attacker to
                    include remote files
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: PHProjekt 3.1, PHProjekt 3.1a
Vulnerability: phpprojekt-filemanager-include-files
X-Force URL: http://www.iss.net/security_center/static/8448.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBPJZ6PjRfJiV99eG9AQE77QP+P1SYgMPKR19MovNoxt3dcxOt4yVQ8vEz
MwIblnIJ7HdwxMT/ncSw3LU+02+Xg7+eYezGxqqzRUL0QCiZnVxf2dS5ImTkwcDP
u8t6pTzIAldUgfl1pm+EM/qmRMqQQsGYY8DphCqjpBhhXX6HxH0qSWCYVua/X15R
IXsasnQdLWI=
=jEWz
-----END PGP SIGNATURE-----