ISSalert: ISS Security Alert Summary AS02-12
From: X-Force (xforce@iss.net)Date: 03/26/02
- Previous message: Rouland, Chris (ISSAtlanta): "RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Mar 2002 14:31:31 -0500 (EST) To: alert@iss.net From: X-Force <xforce@iss.net>
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS02-12
March 25, 2002
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-12.php
_____
Contents:
* 39 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 03/15/2002
Brief Description: Qpopper process denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Qpopper 4.0.3 and prior
Vulnerability: qpopper-qpopper-dos
X-Force URL: http://www.iss.net/security_center/static/8458.php
Date Reported: 03/13/2002
Brief Description: Foundry Networks ServerIron Web switches incomplete
URL decoding in pattern matching could reveal
source code
Risk Factor: Low
Attack Type: Network Based
Platforms: Foundry Networks ServerIron All versions
Vulnerability: foundry-serveriron-reveal-source
X-Force URL: http://www.iss.net/security_center/static/8459.php
Date Reported: 03/15/2002
Brief Description: IncrediMail stores attachments in a known directory
Risk Factor: Low
Attack Type: Host Based
Platforms: IncrediMail Xe B618 and prior
Vulnerability: incredimail-insecure-attachment-directory
X-Force URL: http://www.iss.net/security_center/static/8460.php
Date Reported: 03/14/2002
Brief Description: Oblix NetPoint account lockout bypass could allow
brute force password guessing attempts
Risk Factor: Low
Attack Type: Network Based
Platforms: NetPoint 5.2
Vulnerability: netpoint-account-lockout-bypass
X-Force URL: http://www.iss.net/security_center/static/8461.php
Date Reported: 03/14/2002
Brief Description: Windows NT/2000 debugging subsystem allows attacker
to create duplicate handles
Risk Factor: High
Attack Type: Host Based
Platforms: Windows 2000 All versions, Windows NT 4.0
Vulnerability: win-debug-duplicate-handles
X-Force URL: http://www.iss.net/security_center/static/8462.php
Date Reported: 03/13/2002
Brief Description: Linux rsync fails to drop privileges for
supplementary groups in daemon mode
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Mandrake Linux 7.1, Mandrake Linux 7.2, Mandrake
Linux 8.0, Mandrake Linux 8.1, Mandrake Linux
Corporate Server 1.0.1, Mandrake Single Network
Firewall 7.2, rsync 2.5.2 and earlier
Vulnerability: linux-rsync-inherit-privileges
X-Force URL: http://www.iss.net/security_center/static/8463.php
Date Reported: 03/15/2002
Brief Description: x-news world readable users.txt file could allow an
attacker to obtain administrative credentials
Risk Factor: Medium
Attack Type: Network Based
Platforms: x-news 1.1
Vulnerability: xnews-users-world-readable
X-Force URL: http://www.iss.net/security_center/static/8465.php
Date Reported: 03/15/2002
Brief Description: x-stat x_stat_admin.php invalid 'action=' argument
could reveal installation path
Risk Factor: Low
Attack Type: Network Based
Platforms: x-stat 2.3 and earlier
Vulnerability: xstat-action-reveal-path
X-Force URL: http://www.iss.net/security_center/static/8466.php
Date Reported: 03/15/2002
Brief Description: x-stat x_stat_admin.php phpinfo() could reveal
sensitive server information
Risk Factor: Low
Attack Type: Network Based
Platforms: x-stat 2.3 and earlier
Vulnerability: xstat-phpinfo-reveal-info
X-Force URL: http://www.iss.net/security_center/static/8467.php
Date Reported: 03/15/2002
Brief Description: x-stat x_stat_admin.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: x-stat 2.3 and earlier
Vulnerability: xstat-admin-php-css
X-Force URL: http://www.iss.net/security_center/static/8468.php
Date Reported: 03/13/2002
Brief Description: Sketch EPS file preview command execution
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Sketch 0.6.12 and earlier
Vulnerability: sketch-eps-command-execution
X-Force URL: http://www.iss.net/security_center/static/8469.php
Date Reported: 03/18/2002
Brief Description: WinSSHD incomplete connections denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: WinSSHD 1.1
Vulnerability: winsshd-incomplete-connection-dos
X-Force URL: http://www.iss.net/security_center/static/8470.php
Date Reported: 03/16/2002
Brief Description: ARSC non-existent language file reveals Web root
path information
Risk Factor: Low
Attack Type: Network Based
Platforms: ARSC prior to 1.01p1
Vulnerability: arsc-language-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/8472.php
Date Reported: 03/16/2002
Brief Description: BG GUESTBOOK metacharacters in post form allows
cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms: BG GUESTBOOK prior to 1.1
Vulnerability: bgguestbook-post-css
X-Force URL: http://www.iss.net/security_center/static/8474.php
Date Reported: 03/16/2002
Brief Description: board-tnk metacharacters in "Web" input allows
cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms: board-tnk prior to 1.3.1
Vulnerability: boardtnk-web-css
X-Force URL: http://www.iss.net/security_center/static/8475.php
Date Reported: 03/18/2002
Brief Description: phpBB db.php script can be used to execute commands
Risk Factor: High
Attack Type: Network Based
Platforms: phpBB 2.0 RC-3 and earlier
Vulnerability: phpbb-db-command-execution
X-Force URL: http://www.iss.net/security_center/static/8476.php
Date Reported: 03/17/2002
Brief Description: news-tnk metacharacters in "Web" input allows
cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms: news-tnk prior to 1.2.2
Vulnerability: newstnk-web-css
X-Force URL: http://www.iss.net/security_center/static/8477.php
Date Reported: 03/18/2002
Brief Description: Big Sam '$displayBegin' variable denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Big Sam prior to 1.1.09
Vulnerability: bigsam-displaybegin-dos
X-Force URL: http://www.iss.net/security_center/static/8478.php
Date Reported: 03/18/2002
Brief Description: Big Sam "safe_mode" option reveals Web root path
information
Risk Factor: Low
Attack Type: Network Based
Platforms: Big Sam prior to 1.1.09
Vulnerability: bigsam-safemode-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/8479.php
Date Reported: 03/18/2002
Brief Description: Sun Java Runtime Environment and Microsoft Virtual
Machine (VM) Bytecode Verifier could allow a Java
applet to bypass security restrictions
Risk Factor: High
Attack Type: Network Based
Platforms: HP-UX 10.20, HP-UX 11.x, Microsoft Virtual Machine
3802 and earlier, Sun JDK 1.1.8_008 and prior, Sun
JDK 1.1.8_14 and earlier, Sun JRE 1.1.8_008 and
prior, Sun JRE 1.1.8_14 and prior, Sun JRE
1.2.2_010 and prior, Sun JRE 1.3.0_05 and prior,
Sun JRE 1.3.1_01 and prior, Sun JRE 1.3.1_01a and
prior, Sun SDK 1.2.2_010 and prior, Sun SDK
1.3.0_05 and prior, Sun SDK 1.3.1_01 and prior, Sun
SDK 1.3.1_01a and prior
Vulnerability: java-vm-verifier-variant
X-Force URL: http://www.iss.net/security_center/static/8480.php
Date Reported: 03/17/2002
Brief Description: PHP-Nuke and PostNuke account hijacking
Risk Factor: Medium
Attack Type: Network Based
Platforms: PHP-Nuke 5.4 and earlier, PostNuke 0.70 and earlier
Vulnerability: phpnuke-postnuke-account-hijacking
X-Force URL: http://www.iss.net/security_center/static/8481.php
Date Reported: 03/18/2002
Brief Description: PHP Net Toolpack traceroute allows remote attacker
to execute commands
Risk Factor: High
Attack Type: Network Based
Platforms: PHP Net Toolpack 0.1 and prior
Vulnerability: phpnettoolpack-traceroute-command-execution
X-Force URL: http://www.iss.net/security_center/static/8482.php
Date Reported: 03/18/2002
Brief Description: Java Web Start could allow an attacker to access
restricted resources
Risk Factor: High
Attack Type: Network Based
Platforms: Java Web Start 1.0, Java Web Start 1.0.1, Java Web
Start 1.0.1_01, Java Web Start for HP-UX 11.x prior
to 1.0.1.01
Vulnerability: java-webstart-access-resources
X-Force URL: http://www.iss.net/security_center/static/8483.php
Date Reported: 03/18/2002
Brief Description: PHP Net Toolpack traceroute uses insecure path
Risk Factor: High
Attack Type: Host Based
Platforms: PHP Net Toolpack 0.1 and prior
Vulnerability: phpnettoolpack-traceroute-insecure-path
X-Force URL: http://www.iss.net/security_center/static/8484.php
Date Reported: 03/17/2002
Brief Description: BSD broadcast address
Risk Factor: Low
Attack Type: Host Based
Platforms: FreeBSD 2.x, FreeBSD 3.x, FreeBSD 4.x, FreeBSD 5.0,
NetBSD 1.5.2 and prior, OpenBSD 2.x, OpenBSD 3.0
Vulnerability: bsd-broadcast-address
X-Force URL: http://www.iss.net/security_center/static/8485.php
Date Reported: 03/18/2002
Brief Description: Hosting Controller "dot dot" sequences could allow
an attacker to modify directory contents
Risk Factor: Medium
Attack Type: Network Based
Platforms: Hosting Controller 1.4, Hosting Controller 1.4.1
Vulnerability: hosting-controller-modify-directories
X-Force URL: http://www.iss.net/security_center/static/8486.php
Date Reported: 03/16/2002
Brief Description: Eudora stores attachments in a known directory
Risk Factor: Low
Attack Type: Host Based
Platforms: Eudora 5.1 and prior
Vulnerability: eudora-insecure-attachment-directory
X-Force URL: http://www.iss.net/security_center/static/8487.php
Date Reported: 03/18/2002
Brief Description: Internet Explorer JavaScript location.replace loop
denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft Internet Explorer 5.01, Microsoft
Internet Explorer 5.5, Microsoft Internet Explorer
6.0
Vulnerability: ie-javascript-dos
X-Force URL: http://www.iss.net/security_center/static/8488.php
Date Reported: 03/19/2002
Brief Description: MSN Messenger could allow a remote attacker to
spoof messages
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft MSN Messenger 3.6
Vulnerability: msn-messenger-message-spoofing
X-Force URL: http://www.iss.net/security_center/static/8582.php
Date Reported: 03/15/2002
Brief Description: Lotus Domino bindsock Notes_ExecDirectory
environment variable buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Lotus Domino 5.0.4 to 5.0.9
Vulnerability: lotus-domino-notes-execdirectory-bo
X-Force URL: http://www.iss.net/security_center/static/8583.php
Date Reported: 03/19/2002
Brief Description: Macromedia Flash Player FSCommand "save"
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Flash Player 5.0
Vulnerability: flash-fscommand-save
X-Force URL: http://www.iss.net/security_center/static/8584.php
Date Reported: 03/15/2002
Brief Description: Lotus Domino bindsock PATH environment variable
buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Lotus Domino 5.0.4 to 5.0.9
Vulnerability: lotus-domino-path-bo
X-Force URL: http://www.iss.net/security_center/static/8585.php
Date Reported: 03/15/2002
Brief Description: Lotus Domino insecure temp file symlink attack
Risk Factor: Medium
Attack Type: Host Based
Platforms: Lotus Domino 5.0.7
Vulnerability: lotus-domino-tmpfile-symlink
X-Force URL: http://www.iss.net/security_center/static/8586.php
Date Reported: 03/19/2002
Brief Description: Macromedia Flash Player FSCommand "exec" arbitrary command execution
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Flash Player 5.0
Vulnerability: flash-fscommand-exec
X-Force URL: http://www.iss.net/security_center/static/8587.php
Date Reported: 03/19/2002
Brief Description: Linux UDP packets allows remote attacker to
fingerprint operating system
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux kernel 2.4.x
Vulnerability: linux-udp-fingerprint
X-Force URL: http://www.iss.net/security_center/static/8588.php
Date Reported: 03/21/2002
Brief Description: Apache HTTP Server for Windows DOS batch file
remote command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Apache HTTP Server 1.3.23 and earlier, Apache HTTP
Server 2.0.28Beta and prior
Vulnerability: apache-dos-batch-command-execution
X-Force URL: http://www.iss.net/security_center/static/8589.php
Date Reported: 03/20/2002
Brief Description: vBulletin image tag allows cross-site scripting
Risk Factor: Low
Attack Type: Network Based
Platforms: vBulletin 2.2.2 and prior
Vulnerability: vbulletin-img-css
X-Force URL: http://www.iss.net/security_center/static/8590.php
Date Reported: 03/17/2002
Brief Description: PHP move_uploaded_file function could allow an
attacker to create new files on the system
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: PHP 4.1.2 and earlier
Vulnerability: php-moveuploadedfile-create-files
X-Force URL: http://www.iss.net/security_center/static/8591.php
Date Reported: 03/20/2002
Brief Description: Foundry Networks Edgelron switches uses insecure
SNMP community string by default
Risk Factor: Medium
Attack Type: Network Based
Platforms: Edgelron Fast Ethernet Switch 4802F
Vulnerability: edgelron-default-snmp-string
X-Force URL: http://www.iss.net/security_center/static/8592.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail server.
Medium Any vulnerability that provides information that has a high
potential of giving system access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that could contain an
account with a guessable password.
Low Any vulnerability that provides information that could
potentially lead to a compromise. Example: A finger that
allows an intruder to find out who is online and potential
accounts to attempt to crack passwords via brute force
methods.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPKDMhjRfJiV99eG9AQFs0AQAoH4vB8vw4trOay8GgMFA9uxQxlK77gmF
8fLbS4Oz7bEiv3GYAzNCvl1degiOGsyzYgMeArmgWQr7T2od6UnW65hyUPlEKIMJ
7Bqcxs8Dq51JLuOqz3Y8uYTWkB/iqKekGHOREw8ml35DUg07+hBZUEn68o9C1xCW
Jy6kXyTUZ50=
=1CCm
-----END PGP SIGNATURE-----
- Previous message: Rouland, Chris (ISSAtlanta): "RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
