ISSalert: ISS Security Alert Summary AS02-12

From: X-Force (xforce@iss.net)
Date: 03/26/02


Date: Tue, 26 Mar 2002 14:31:31 -0500 (EST)
To: alert@iss.net
From: X-Force <xforce@iss.net>


TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS02-12
March 25, 2002

X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists

This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-12.php
_____
Contents:
* 39 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 03/15/2002
Brief Description: Qpopper process denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Qpopper 4.0.3 and prior
Vulnerability: qpopper-qpopper-dos
X-Force URL: http://www.iss.net/security_center/static/8458.php

Date Reported: 03/13/2002
Brief Description: Foundry Networks ServerIron Web switches incomplete
                    URL decoding in pattern matching could reveal
                    source code
Risk Factor: Low
Attack Type: Network Based
Platforms: Foundry Networks ServerIron All versions
Vulnerability: foundry-serveriron-reveal-source
X-Force URL: http://www.iss.net/security_center/static/8459.php

Date Reported: 03/15/2002
Brief Description: IncrediMail stores attachments in a known directory
Risk Factor: Low
Attack Type: Host Based
Platforms: IncrediMail Xe B618 and prior
Vulnerability: incredimail-insecure-attachment-directory
X-Force URL: http://www.iss.net/security_center/static/8460.php

Date Reported: 03/14/2002
Brief Description: Oblix NetPoint account lockout bypass could allow
                    brute force password guessing attempts
Risk Factor: Low
Attack Type: Network Based
Platforms: NetPoint 5.2
Vulnerability: netpoint-account-lockout-bypass
X-Force URL: http://www.iss.net/security_center/static/8461.php

Date Reported: 03/14/2002
Brief Description: Windows NT/2000 debugging subsystem allows attacker
                    to create duplicate handles
Risk Factor: High
Attack Type: Host Based
Platforms: Windows 2000 All versions, Windows NT 4.0
Vulnerability: win-debug-duplicate-handles
X-Force URL: http://www.iss.net/security_center/static/8462.php

Date Reported: 03/13/2002
Brief Description: Linux rsync fails to drop privileges for
                    supplementary groups in daemon mode
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Mandrake Linux 7.1, Mandrake Linux 7.2, Mandrake
                    Linux 8.0, Mandrake Linux 8.1, Mandrake Linux
                    Corporate Server 1.0.1, Mandrake Single Network
                    Firewall 7.2, rsync 2.5.2 and earlier
Vulnerability: linux-rsync-inherit-privileges
X-Force URL: http://www.iss.net/security_center/static/8463.php

Date Reported: 03/15/2002
Brief Description: x-news world readable users.txt file could allow an
                    attacker to obtain administrative credentials
Risk Factor: Medium
Attack Type: Network Based
Platforms: x-news 1.1
Vulnerability: xnews-users-world-readable
X-Force URL: http://www.iss.net/security_center/static/8465.php

Date Reported: 03/15/2002
Brief Description: x-stat x_stat_admin.php invalid 'action=' argument
                    could reveal installation path
Risk Factor: Low
Attack Type: Network Based
Platforms: x-stat 2.3 and earlier
Vulnerability: xstat-action-reveal-path
X-Force URL: http://www.iss.net/security_center/static/8466.php

Date Reported: 03/15/2002
Brief Description: x-stat x_stat_admin.php phpinfo() could reveal
                    sensitive server information
Risk Factor: Low
Attack Type: Network Based
Platforms: x-stat 2.3 and earlier
Vulnerability: xstat-phpinfo-reveal-info
X-Force URL: http://www.iss.net/security_center/static/8467.php

Date Reported: 03/15/2002
Brief Description: x-stat x_stat_admin.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: x-stat 2.3 and earlier
Vulnerability: xstat-admin-php-css
X-Force URL: http://www.iss.net/security_center/static/8468.php

Date Reported: 03/13/2002
Brief Description: Sketch EPS file preview command execution
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Sketch 0.6.12 and earlier
Vulnerability: sketch-eps-command-execution
X-Force URL: http://www.iss.net/security_center/static/8469.php

Date Reported: 03/18/2002
Brief Description: WinSSHD incomplete connections denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: WinSSHD 1.1
Vulnerability: winsshd-incomplete-connection-dos
X-Force URL: http://www.iss.net/security_center/static/8470.php

Date Reported: 03/16/2002
Brief Description: ARSC non-existent language file reveals Web root
                    path information
Risk Factor: Low
Attack Type: Network Based
Platforms: ARSC prior to 1.01p1
Vulnerability: arsc-language-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/8472.php

Date Reported: 03/16/2002
Brief Description: BG GUESTBOOK metacharacters in post form allows
                    cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms: BG GUESTBOOK prior to 1.1
Vulnerability: bgguestbook-post-css
X-Force URL: http://www.iss.net/security_center/static/8474.php

Date Reported: 03/16/2002
Brief Description: board-tnk metacharacters in "Web" input allows
                    cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms: board-tnk prior to 1.3.1
Vulnerability: boardtnk-web-css
X-Force URL: http://www.iss.net/security_center/static/8475.php

Date Reported: 03/18/2002
Brief Description: phpBB db.php script can be used to execute commands
Risk Factor: High
Attack Type: Network Based
Platforms: phpBB 2.0 RC-3 and earlier
Vulnerability: phpbb-db-command-execution
X-Force URL: http://www.iss.net/security_center/static/8476.php

Date Reported: 03/17/2002
Brief Description: news-tnk metacharacters in "Web" input allows
                    cross-site scripting
Risk Factor: High
Attack Type: Network Based
Platforms: news-tnk prior to 1.2.2
Vulnerability: newstnk-web-css
X-Force URL: http://www.iss.net/security_center/static/8477.php

Date Reported: 03/18/2002
Brief Description: Big Sam '$displayBegin' variable denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Big Sam prior to 1.1.09
Vulnerability: bigsam-displaybegin-dos
X-Force URL: http://www.iss.net/security_center/static/8478.php

Date Reported: 03/18/2002
Brief Description: Big Sam "safe_mode" option reveals Web root path
                    information
Risk Factor: Low
Attack Type: Network Based
Platforms: Big Sam prior to 1.1.09
Vulnerability: bigsam-safemode-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/8479.php

Date Reported: 03/18/2002
Brief Description: Sun Java Runtime Environment and Microsoft Virtual
                    Machine (VM) Bytecode Verifier could allow a Java
                    applet to bypass security restrictions
Risk Factor: High
Attack Type: Network Based
Platforms: HP-UX 10.20, HP-UX 11.x, Microsoft Virtual Machine
                    3802 and earlier, Sun JDK 1.1.8_008 and prior, Sun
                    JDK 1.1.8_14 and earlier, Sun JRE 1.1.8_008 and
                    prior, Sun JRE 1.1.8_14 and prior, Sun JRE
                    1.2.2_010 and prior, Sun JRE 1.3.0_05 and prior,
                    Sun JRE 1.3.1_01 and prior, Sun JRE 1.3.1_01a and
                    prior, Sun SDK 1.2.2_010 and prior, Sun SDK
                    1.3.0_05 and prior, Sun SDK 1.3.1_01 and prior, Sun
                    SDK 1.3.1_01a and prior
Vulnerability: java-vm-verifier-variant
X-Force URL: http://www.iss.net/security_center/static/8480.php

Date Reported: 03/17/2002
Brief Description: PHP-Nuke and PostNuke account hijacking
Risk Factor: Medium
Attack Type: Network Based
Platforms: PHP-Nuke 5.4 and earlier, PostNuke 0.70 and earlier
Vulnerability: phpnuke-postnuke-account-hijacking
X-Force URL: http://www.iss.net/security_center/static/8481.php

Date Reported: 03/18/2002
Brief Description: PHP Net Toolpack traceroute allows remote attacker
                    to execute commands
Risk Factor: High
Attack Type: Network Based
Platforms: PHP Net Toolpack 0.1 and prior
Vulnerability: phpnettoolpack-traceroute-command-execution
X-Force URL: http://www.iss.net/security_center/static/8482.php

Date Reported: 03/18/2002
Brief Description: Java Web Start could allow an attacker to access
                    restricted resources
Risk Factor: High
Attack Type: Network Based
Platforms: Java Web Start 1.0, Java Web Start 1.0.1, Java Web
                    Start 1.0.1_01, Java Web Start for HP-UX 11.x prior
                    to 1.0.1.01
Vulnerability: java-webstart-access-resources
X-Force URL: http://www.iss.net/security_center/static/8483.php

Date Reported: 03/18/2002
Brief Description: PHP Net Toolpack traceroute uses insecure path
Risk Factor: High
Attack Type: Host Based
Platforms: PHP Net Toolpack 0.1 and prior
Vulnerability: phpnettoolpack-traceroute-insecure-path
X-Force URL: http://www.iss.net/security_center/static/8484.php

Date Reported: 03/17/2002
Brief Description: BSD broadcast address
Risk Factor: Low
Attack Type: Host Based
Platforms: FreeBSD 2.x, FreeBSD 3.x, FreeBSD 4.x, FreeBSD 5.0,
                    NetBSD 1.5.2 and prior, OpenBSD 2.x, OpenBSD 3.0
Vulnerability: bsd-broadcast-address
X-Force URL: http://www.iss.net/security_center/static/8485.php

Date Reported: 03/18/2002
Brief Description: Hosting Controller "dot dot" sequences could allow
                    an attacker to modify directory contents
Risk Factor: Medium
Attack Type: Network Based
Platforms: Hosting Controller 1.4, Hosting Controller 1.4.1
Vulnerability: hosting-controller-modify-directories
X-Force URL: http://www.iss.net/security_center/static/8486.php

Date Reported: 03/16/2002
Brief Description: Eudora stores attachments in a known directory
Risk Factor: Low
Attack Type: Host Based
Platforms: Eudora 5.1 and prior
Vulnerability: eudora-insecure-attachment-directory
X-Force URL: http://www.iss.net/security_center/static/8487.php

Date Reported: 03/18/2002
Brief Description: Internet Explorer JavaScript location.replace loop
                    denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft Internet Explorer 5.01, Microsoft
                    Internet Explorer 5.5, Microsoft Internet Explorer
                    6.0
Vulnerability: ie-javascript-dos
X-Force URL: http://www.iss.net/security_center/static/8488.php

Date Reported: 03/19/2002
Brief Description: MSN Messenger could allow a remote attacker to
                    spoof messages
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft MSN Messenger 3.6
Vulnerability: msn-messenger-message-spoofing
X-Force URL: http://www.iss.net/security_center/static/8582.php

Date Reported: 03/15/2002
Brief Description: Lotus Domino bindsock Notes_ExecDirectory
                    environment variable buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Lotus Domino 5.0.4 to 5.0.9
Vulnerability: lotus-domino-notes-execdirectory-bo
X-Force URL: http://www.iss.net/security_center/static/8583.php

Date Reported: 03/19/2002
Brief Description: Macromedia Flash Player FSCommand "save"
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Flash Player 5.0
Vulnerability: flash-fscommand-save
X-Force URL: http://www.iss.net/security_center/static/8584.php

Date Reported: 03/15/2002
Brief Description: Lotus Domino bindsock PATH environment variable
                    buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Lotus Domino 5.0.4 to 5.0.9
Vulnerability: lotus-domino-path-bo
X-Force URL: http://www.iss.net/security_center/static/8585.php

Date Reported: 03/15/2002
Brief Description: Lotus Domino insecure temp file symlink attack
Risk Factor: Medium
Attack Type: Host Based
Platforms: Lotus Domino 5.0.7
Vulnerability: lotus-domino-tmpfile-symlink
X-Force URL: http://www.iss.net/security_center/static/8586.php

Date Reported: 03/19/2002
Brief Description: Macromedia Flash Player FSCommand "exec" arbitrary command execution
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Flash Player 5.0
Vulnerability: flash-fscommand-exec
X-Force URL: http://www.iss.net/security_center/static/8587.php

Date Reported: 03/19/2002
Brief Description: Linux UDP packets allows remote attacker to
                    fingerprint operating system
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux kernel 2.4.x
Vulnerability: linux-udp-fingerprint
X-Force URL: http://www.iss.net/security_center/static/8588.php

Date Reported: 03/21/2002
Brief Description: Apache HTTP Server for Windows DOS batch file
                    remote command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Apache HTTP Server 1.3.23 and earlier, Apache HTTP
                    Server 2.0.28Beta and prior
Vulnerability: apache-dos-batch-command-execution
X-Force URL: http://www.iss.net/security_center/static/8589.php

Date Reported: 03/20/2002
Brief Description: vBulletin image tag allows cross-site scripting
Risk Factor: Low
Attack Type: Network Based
Platforms: vBulletin 2.2.2 and prior
Vulnerability: vbulletin-img-css
X-Force URL: http://www.iss.net/security_center/static/8590.php

Date Reported: 03/17/2002
Brief Description: PHP move_uploaded_file function could allow an
                    attacker to create new files on the system
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: PHP 4.1.2 and earlier
Vulnerability: php-moveuploadedfile-create-files
X-Force URL: http://www.iss.net/security_center/static/8591.php

Date Reported: 03/20/2002
Brief Description: Foundry Networks Edgelron switches uses insecure
                    SNMP community string by default
Risk Factor: Medium
Attack Type: Network Based
Platforms: Edgelron Fast Ethernet Switch 4802F
Vulnerability: edgelron-default-snmp-string
X-Force URL: http://www.iss.net/security_center/static/8592.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPKDMhjRfJiV99eG9AQFs0AQAoH4vB8vw4trOay8GgMFA9uxQxlK77gmF
8fLbS4Oz7bEiv3GYAzNCvl1degiOGsyzYgMeArmgWQr7T2od6UnW65hyUPlEKIMJ
7Bqcxs8Dq51JLuOqz3Y8uYTWkB/iqKekGHOREw8ml35DUg07+hBZUEn68o9C1xCW
Jy6kXyTUZ50=
=1CCm
-----END PGP SIGNATURE-----