ISS Security Alert Summary AS02-25
From: X-Force (xforce@iss.net)Date: 06/24/02
- Previous message: Klaus, Chris (ISSAtlanta): "ISS Apache Advisory Response"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Jun 2002 14:02:12 -0400 (EDT) To: alert@iss.net From: X-Force <xforce@iss.net>
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS02-25
June 24, 2002
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-25.php
_____
Contents:
* 39 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 06/17/2002
Brief Description: Apache HTTP Server chunked encoding heap buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Apache HTTP Server 1.2, Apache HTTP Server 1.3,
Apache HTTP Server 2.0, Caldera OpenLinux Server
3.1, Caldera OpenLinux Server 3.1.1, Caldera
OpenLinux Workstation 3.1, Caldera OpenLinux
Workstation 3.1.1, Conectiva Linux 6.0, Conectiva
Linux 7.0, Conectiva Linux 8.0, Debian Linux 2.2,
EnGarde Secure Linux Community Edition, Mandrake
Linux 7.1, Mandrake Linux 7.2, Mandrake Linux 8.0,
Mandrake Linux 8.1, Mandrake Linux 8.2, Mandrake
Linux Corporate Server 1.0.1, Mandrake Single
Network Firewall 7.2, OpenBSD All versions,
Oracle9i Application Server All versions, Red Hat
Linux 6.2, Red Hat Linux 7.0, Red Hat Linux 7.1, Red
Hat Linux 7.2, Red Hat Linux 7.3, SuSE Linux 6.4,
SuSE Linux 7.0, SuSE Linux 7.1, SuSE Linux 7.2,
SuSE Linux 7.3, SuSE Linux 8.0, Trustix Secure Linux
1.01, Trustix Secure Linux 1.1, Trustix Secure Linux
1.2, Trustix Secure Linux 1.5, Windows All versions
Vulnerability: apache-chunked-encoding-bo
X-Force URL: http://www.iss.net/security_center/static/9249.php
Date Reported: 06/17/2002
Brief Description: Resin 'view_source.jsp' sample script directory
traversal
Risk Factor: Low
Attack Type: Network Based
Platforms: Resin 2.1.2, Windows 2000 Server
Vulnerability: resin-viewsource-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/9351.php
Date Reported: 06/17/2002
Brief Description: Resin large variable denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Resin 2.1.1, Windows 2000 Server
Vulnerability: resin-large-variable-dos
X-Force URL: http://www.iss.net/security_center/static/9352.php
Date Reported: 06/14/2002
Brief Description: Cisco Secure ACS Web server component cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco Secure ACS 3.0.1
Vulnerability: ciscosecure-web-css
X-Force URL: http://www.iss.net/security_center/static/9353.php
Date Reported: 06/14/2002
Brief Description: nCipher ConsoleCallBack Class leaks smart card
passphrases
Risk Factor: Medium
Attack Type: Host Based
Platforms: ConsoleCallBack Class All versions, Java Runtime
Environment (JRE) 1.4.0, Windows 2000 All versions,
Windows NT All versions
Vulnerability: ncipher-consolecallback-passphrase-leak
X-Force URL: http://www.iss.net/security_center/static/9354.php
Date Reported: 06/13/2002
Brief Description: Netscape Composer Font Face field buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux All versions, Netscape Communicator 4.77
Vulnerability: netscape-composer-font-bo
X-Force URL: http://www.iss.net/security_center/static/9355.php
Date Reported: 06/13/2002
Brief Description: simpleinit leaves file descriptor open with
read/write privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Linux All versions, simpleinit 2.0.2
Vulnerability: simpleinit-file-descriptor-open
X-Force URL: http://www.iss.net/security_center/static/9357.php
Date Reported: 06/12/2002
Brief Description: Active! mail allows <script> tags in the header
Risk Factor: Medium
Attack Type: Network Based
Platforms: Active! Mail 1.422, Active! Mail 2.0, Unix All
versions
Vulnerability: activemail-script-tag-header
X-Force URL: http://www.iss.net/security_center/static/9358.php
Date Reported: 06/13/2002
Brief Description: <Body>Builder allows user to modify SQL
authentication request
Risk Factor: High
Attack Type: Network Based
Platforms: <Body>Builder All versions
Vulnerability: bodybuilder-bypass-authentication
X-Force URL: http://www.iss.net/security_center/static/9359.php
Date Reported: 06/13/2002
Brief Description: ColdFusion default missing template page allows
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: ColdFusion MX, Microsoft IIS 5.0, Windows 2000 All
versions
Vulnerability: coldfusion-missing-template-css
X-Force URL: http://www.iss.net/security_center/static/9360.php
Date Reported: 06/14/2002
Brief Description: MIT cgiemail can be used as an open mail relay
Risk Factor: Low
Attack Type: Network Based
Platforms: cgiemail 1.6, Unix All versions
Vulnerability: cgiemail-open-mail-relay
X-Force URL: http://www.iss.net/security_center/static/9361.php
Date Reported: 06/13/2002
Brief Description: Microsoft Visual Studio .NET (Korean version)
includes a Nimda-infected file
Risk Factor: Low
Attack Type: Host Based
Platforms: Microsoft Visual Studio .NET (Korean), Windows All
versions
Vulnerability: vsnet-korean-nimda-file
X-Force URL: http://www.iss.net/security_center/static/9362.php
Date Reported: 06/14/2002
Brief Description: PHP Classifieds URL parameters allow cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: PHP Classifieds 6.05, Unix All versions, Windows
All versions
Vulnerability: phpclassifieds-parameters-css
X-Force URL: http://www.iss.net/security_center/static/9363.php
Date Reported: 06/14/2002
Brief Description: NetAuction URL parameters allow cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux All versions, NetAuction 3.0, Windows All
versions
Vulnerability: netauction-parameters-css
X-Force URL: http://www.iss.net/security_center/static/9365.php
Date Reported: 06/15/2002
Brief Description: Zeroboard allows remote attacker to include remote
PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Unix All versions, Windows All versions, Zeroboard
4.x
Vulnerability: zeroboard-include-remote-file
X-Force URL: http://www.iss.net/security_center/static/9366.php
Date Reported: 06/15/2002
Brief Description: Internet Explorer Cascading Style-*** (CSS) bold
font denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft Internet Explorer 5.x, Microsoft Internet
Explorer 6.0, Windows All versions
Vulnerability: ie-css-bold-dos
X-Force URL: http://www.iss.net/security_center/static/9367.php
Date Reported: 06/17/2002
Brief Description: Cisco Universal Broadband Routers allow attackers
to bypass DOCSIS Message Integrity Check (MIC)
Risk Factor: Medium
Attack Type: Host Based
Platforms: Cisco IOS 11.3(x), Cisco IOS 12.0(x), Cisco IOS
12.1(x), Cisco IOS 12.2(x), Cisco uBR7100 Series
Routers All versions, Cisco uBR7200 Series Routers
All versions
Vulnerability: cisco-ubr-mic-bypass
X-Force URL: http://www.iss.net/security_center/static/9368.php
Date Reported: 06/16/2002
Brief Description: osCommerce allows remote attacker to include remote
PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: osCommerce Preview Release 2.1, Unix All versions,
Windows All versions
Vulnerability: oscommerce-include-remote-files
X-Force URL: http://www.iss.net/security_center/static/9369.php
Date Reported: 06/16/2002
Brief Description: phpBB allows remote attacker to include remote PHP
files
Risk Factor: Medium
Attack Type: Network Based
Platforms: phpBB 2.0 up to 2.0.1, Unix All versions, Windows
All versions
Vulnerability: phpbb-include-remote-files
X-Force URL: http://www.iss.net/security_center/static/9370.php
Date Reported: 06/17/2002
Brief Description: NetGear RP114 Web Safe Router allows external
access by default
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: NETGEAR RP114 Firmware 3.26
Vulnerability: netgear-default-external-access
X-Force URL: http://www.iss.net/security_center/static/9371.php
Date Reported: 06/17/2002
Brief Description: ZyXEL Prestige 642R malformed TCP packet denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: ZyXEL Prestige 642R
Vulnerability: zyxel-tcp-packet-dos
X-Force URL: http://www.iss.net/security_center/static/9372.php
Date Reported: 06/17/2002
Brief Description: webMathematica "dot dot" directory traversal
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux All versions, Macintosh All versions, Unix
All versions, webMathematica 4.0 Amateur,
webMathematica 4.0 Professional, Windows All
versions
Vulnerability: webmathematica-dot-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/9373.php
Date Reported: 06/18/2002
Brief Description: 4D Server long HTTP request buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: 4D Server 6.7.3, Macintosh All versions, Windows
All versions
Vulnerability: 4d-long-http-bo
X-Force URL: http://www.iss.net/security_center/static/9374.php
Date Reported: 06/19/2002
Brief Description: Cisco VPN Client for Unix profile name vulnerable
to buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Cisco VPN Client 3.5.1 and earlier, Linux All
versions, MacOS X All versions, Solaris All
versions
Vulnerability: ciscovpn-profile-name-bo
X-Force URL: http://www.iss.net/security_center/static/9376.php
Date Reported: 06/19/2002
Brief Description: Cisco ONS15454 TCC LAN interface denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Cisco ONS 3.1.0 up to 3.2.0, Cisco ONS15454 All
versions
Vulnerability: cisco-ons-tcc-dos
X-Force URL: http://www.iss.net/security_center/static/9377.php
Date Reported: 06/18/2002
Brief Description: WebBBS followup allows remote attacker to execute
commands
Risk Factor: Medium
Attack Type: Network Based
Platforms: Unix All versions, WebBBS 5.0 and earlier, Windows
All versions
Vulnerability: webbs-followup-execute-commands
X-Force URL: http://www.iss.net/security_center/static/9378.php
Date Reported: 06/17/2002
Brief Description: PHP Address allows remote attacker to include
remote PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: PHP Address prior to 0.2f, Unix All versions
Vulnerability: phpaddress-include-remote-files
X-Force URL: http://www.iss.net/security_center/static/9379.php
Date Reported: 06/18/2002
Brief Description: ppptalk allows local attacker to gain elevated
privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Caldera OpenUnix 8.0.0, Caldera UnixWare 7.1.1
Vulnerability: ppptalk-local-elevated-privileges
X-Force URL: http://www.iss.net/security_center/static/9380.php
Date Reported: 06/18/2002
Brief Description: BasiliX Webmail subject and message headers allow
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: BasiliX Webmail 1.1.0 and earlier, Linux All
versions, Unix All versions, Windows All versions
Vulnerability: basilix-webmail-headers-css
X-Force URL: http://www.iss.net/security_center/static/9384.php
Date Reported: 06/18/2002
Brief Description: BasiliX Webmail vulnerable to SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: BasiliX Webmail 1.1.0 and earlier, Linux All
versions, Unix All versions, Windows All versions
Vulnerability: basilix-webmail-sql-injection
X-Force URL: http://www.iss.net/security_center/static/9385.php
Date Reported: 06/18/2002
Brief Description: BasiliX Webmail allows remote attacker to obtain
sensitive files
Risk Factor: Low
Attack Type: Host Based
Platforms: BasiliX Webmail 1.1.0 and earlier, Linux All
versions, Unix All versions, Windows All versions
Vulnerability: basilix-webmail-attach-files
X-Force URL: http://www.iss.net/security_center/static/9386.php
Date Reported: 06/18/2002
Brief Description: BasiliX Webmail allows malicious user to view
attachments in the /tmp/BasiliX folder
Risk Factor: Low
Attack Type: Host Based
Platforms: BasiliX Webmail 1.1.0 and earlier, Linux All
versions, Unix All versions, Windows All versions
Vulnerability: basilix-webmail-view-attachments
X-Force URL: http://www.iss.net/security_center/static/9387.php
Date Reported: 06/17/2002
Brief Description: Mandrake Linux msec allows users to view other
users' home directories
Risk Factor: Low
Attack Type: Host Based
Platforms: Mandrake Linux 8.2
Vulnerability: mandrake-msec-home-permissions
X-Force URL: http://www.iss.net/security_center/static/9389.php
Date Reported: 06/17/2002
Brief Description: DeepMetrix LiveStats allows remote attacker to
embed script code when generating reports
Risk Factor: Medium
Attack Type: Network Based
Platforms: LiveStats 5.03 up to 6.2.1, Windows All versions
Vulnerability: livestats-report-execute-code
X-Force URL: http://www.iss.net/security_center/static/9390.php
Date Reported: 06/18/2002
Brief Description: Borland InterBase "INTERBASE" environment variable
buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: InterBase 6.0, Mandrake Linux 7.2
Vulnerability: interbase-interbase-variable-bo
X-Force URL: http://www.iss.net/security_center/static/9392.php
Date Reported: 06/18/2002
Brief Description: MetaCart2.sql insecure database access
Risk Factor: Medium
Attack Type: Network Based
Platforms: MetaCart2.sql All versions, Windows NT All versions
Vulnerability: metacart2sql-insecure-database-access
X-Force URL: http://www.iss.net/security_center/static/9393.php
Date Reported: 06/19/2002
Brief Description: Apache Tomcat HTTP request for LPT9 reveals Web
root path
Risk Factor: Low
Attack Type: Network Based
Platforms: Tomcat 4.0.3, Windows 2000 All versions
Vulnerability: tomcat-lpt9-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/9394.php
Date Reported: 06/19/2002
Brief Description: irssi long topic denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: irssi 0.8.4, Unix All versions
Vulnerability: irssi-long-topic-dos
X-Force URL: http://www.iss.net/security_center/static/9395.php
Date Reported: 06/20/2002
Brief Description: Apache Tomcat null character to threads denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Tomcat 4.0.3, Windows 2000 All versions
Vulnerability: tomcat-null-thread-dos
X-Force URL: http://www.iss.net/security_center/static/9396.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail server.
Medium Any vulnerability that provides information that has a high
potential of giving system access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that could contain an
account with a guessable password.
Low Any vulnerability that provides information that could
potentially lead to a compromise. Example: A finger that
allows an intruder to find out who is online and potential
accounts to attempt to crack passwords via brute force
methods.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPRdZdTRfJiV99eG9AQF3DAP/ZyQ8+F3r/mOMn51YBD00dtVGC87Zz808
JKbg92EHJMfsIE9IqG9mUO2/JZs9U5oDkCdia0hK5tDLNnLfLUF6C6MFdEC5+FEP
vIOFF4gztjJgdoPXeXEhy3ohP5rgUjwR7u7zFwSksizozarLdCQW9f5Jcn5PEkNd
dV8XysvK1m4=
=PenV
-----END PGP SIGNATURE-----
- Previous message: Klaus, Chris (ISSAtlanta): "ISS Apache Advisory Response"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
