ISS Security Alert Summary AS02-37
From: X-Force (xforce@iss.net)Date: 09/16/02
- Previous message: X-Force: "ISS Security Brief: "Slapper" OpenSSL/Apache Worm Propagation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Sep 2002 14:03:03 -0400 (EDT) To: alert@iss.net From: X-Force <xforce@iss.net>
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS02-37
September 16, 2002
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-37.php
**********************************************************************
Internet Security Systems' CONNECT 2002
**********************************************************************
The Premier Conference for Internet, Enterprise and Network Security
September 30 - October 02, Atlanta, Georgia
Register Today http://www.issconnect.net
**********************************************************************
_____
Contents:
* 40 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 09/03/2002
Brief Description: SWS Web Server "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SWS Web Server 0.1.0
Vulnerability: sws-webserver-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/10070.php
Date Reported: 09/03/2002
Brief Description: SWS Web Server invalid file request denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: SWS Web Server 0.1.0, Linux Any version
Vulnerability: sws-webserver-invalid-file-dos
X-Force URL: http://www.iss.net/security_center/static/10071.php
Date Reported: 09/03/2002
Brief Description: SWS Web Server recv() memory overwrite
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SWS Web Server 0.1.0
Vulnerability: sws-webserver-recv-overwrite
X-Force URL: http://www.iss.net/security_center/static/10072.php
Date Reported: 09/06/2002
Brief Description: Netscape zero width GIF heap buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Netscape 6.2.3, Mozilla 1.0.1
Vulnerability: netscape-zero-gif-bo
X-Force URL: http://www.iss.net/security_center/static/10058.php
Date Reported: 09/06/2002
Brief Description: Wordtrans wordtrans-web wordtrans.php cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Debian Linux 2.2, Red Hat Linux 7.3, Wordtrans
1.1pre9 and earlier
Vulnerability: wordtrans-web-php-xss
X-Force URL: http://www.iss.net/security_center/static/10059.php
Date Reported: 09/06/2002
Brief Description: Wordtrans wordtrans-web wordtrans.php could be used
to execute malicious code
Risk Factor: High
Attack Type: Network Based
Platforms: Wordtrans 1.1pre9 and earlier, Red Hat Linux 7.3,
Debian Linux 2.2
Vulnerability: wordtrans-web-code-execution
X-Force URL: http://www.iss.net/security_center/static/10063.php
Date Reported: 09/06/2002
Brief Description: Veritas Backup Exec "RestrictAnonymous" registry
key set to zero
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Backup Exec for Windows Servers 8.5 and earlier,
Microsoft Small Business Server 2000, Windows NT
Any version, Windows XP, Windows 2000 Server,
Windows 2000 Advanced Server, Windows 2000
Datacenter Server, Windows 2000 Professional
Vulnerability: veritas-backupexec-restrictanonymous-zero
X-Force URL: http://www.iss.net/security_center/static/10093.php
Date Reported: 09/07/2002
Brief Description: NETGEAR FM114P IP addresses can bypass URL
filtering
Risk Factor: Medium
Attack Type: Network Based
Platforms: NETGEAR FM114P Any Version
Vulnerability: netgear-fm114p-ip-bypass
X-Force URL: http://www.iss.net/security_center/static/10061.php
Date Reported: 09/07/2002
Brief Description: PHP header() function could allow cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: PHP 4.2.3, Any Web server All versions
Vulnerability: php-header-xss
X-Force URL: http://www.iss.net/security_center/static/10079.php
Date Reported: 09/08/2002
Brief Description: WoltLab Burning Board (wBB) board.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, WoltLab
Burning Board 2.0 RC 1 and earlier
Vulnerability: wbb-board-sql-injection
X-Force URL: http://www.iss.net/security_center/static/10069.php
Date Reported: 09/08/2002
Brief Description: K Desktop Environment (KDE) Konqueror secure cookie
session hijacking
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Konqueror Any Version, K Desktop
Environment (KDE) 3.0, K Desktop Environment (KDE)
3.0.1, K Desktop Environment (KDE) 3.0.2
Vulnerability: kde-konqueror-cookie-hijacking
X-Force URL: http://www.iss.net/security_center/static/10083.php
Date Reported: 09/09/2002
Brief Description: phpGB entry deletion cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Windows Any
version, phpGB 1.10
Vulnerability: phpgb-entry-deletion-xss
X-Force URL: http://www.iss.net/security_center/static/10060.php
Date Reported: 09/09/2002
Brief Description: Microsoft Java implementation could allow malicious
applets to access private native methods
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Outlook All versions,
Microsoft Outlook Express All versions
Vulnerability: ms-java-native-methods
X-Force URL: http://www.iss.net/security_center/static/10064.php
Date Reported: 09/09/2002
Brief Description: phpGB savesettings.php script could allow
unauthorized access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, phpGB 1.20
Vulnerability: phpgb-savesettings-unauth-access
X-Force URL: http://www.iss.net/security_center/static/10065.php
Date Reported: 09/09/2002
Brief Description: Internet Explorer frame/iframe javascript: URL
cross-domain script execution
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
6.0, Microsoft Internet Explorer 5.5
Vulnerability: ie-frame-script-execution
X-Force URL: http://www.iss.net/security_center/static/10066.php
Date Reported: 09/09/2002
Brief Description: Outlook Express "A HREF" denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft Outlook Express 6.0, Microsoft Outlook
Express 5.5, Microsoft Outlook Express 5.0, Windows
Any version
Vulnerability: outlook-express-href-dos
X-Force URL: http://www.iss.net/security_center/static/10067.php
Date Reported: 09/09/2002
Brief Description: phpGB login.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Unix Any version, phpGB 1.20,
Linux Any version
Vulnerability: phpgb-login-sql-injection
X-Force URL: http://www.iss.net/security_center/static/10068.php
Date Reported: 09/09/2002
Brief Description: PHP fopen() and file() CRLF injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any Web server All versions, PHP 4.2.1, PHP 4.2.3,
PHP 4.2.2
Vulnerability: php-fopen-crlf-injection
X-Force URL: http://www.iss.net/security_center/static/10080.php
Date Reported: 09/09/2002
Brief Description: Netris remote connection buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Netris 0.5 and earlier, Unix Any version, BSD Any
version, Linux Any version
Vulnerability: netris-remote-bo
X-Force URL: http://www.iss.net/security_center/static/10081.php
Date Reported: 09/09/2002
Brief Description: VERITAS Cluster Server (VCS) could allow
unauthorized root access
Risk Factor: High
Attack Type: Network Based
Platforms: Veritas Cluster Server 1.3.0 (Solaris), Veritas
Cluster Server 1.3.1 (HP-UX), Veritas Cluster
Server 1.2 (WinNT)
Vulnerability: vcs-unauth-root-access
X-Force URL: http://www.iss.net/security_center/static/10082.php
Date Reported: 09/09/2002
Brief Description: Trillian stores passwords insecurely using weak
encryption algorithm
Risk Factor: Low
Attack Type: Host Based
Platforms: Windows Any version, Trillian 0.73
Vulnerability: trillian-insecure-password-storage
X-Force URL: http://www.iss.net/security_center/static/10092.php
Date Reported: 09/10/2002
Brief Description: Savant Web server long URL buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Savant 3.1 and earlier, Windows Any version
Vulnerability: savant-long-url-bo
X-Force URL: http://www.iss.net/security_center/static/10076.php
Date Reported: 09/10/2002
Brief Description: Apple QuickTime ActiveX pluginspage buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Windows ME, QuickTime 5.02, Windows NT Any version,
Windows 2000 Any version, Windows 98, Windows XP
Vulnerability: quicktime-activex-pluginspage-bo
X-Force URL: http://www.iss.net/security_center/static/10077.php
Date Reported: 09/10/2002
Brief Description: xbreaky $HOME/.breakyhighscores symlink attack
Risk Factor: Medium
Attack Type: Host Based
Platforms: xbreaky 0.0.4, OpenBSD Any version, Linux Any
version, HP-UX Any version
Vulnerability: xbreaky-breakyhighscores-symlink
X-Force URL: http://www.iss.net/security_center/static/10078.php
Date Reported: 09/10/2002
Brief Description: HP Tru64 UNIX ARP packet denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Tru64 UNIX 4.0g, Tru64 UNIX 5.0a
Vulnerability: tru64-arp-packet-dos
X-Force URL: http://www.iss.net/security_center/static/10090.php
Date Reported: 09/10/2002
Brief Description: HP Tru64 UNIX predictable initial random TCP
sequence denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Tru64 UNIX 5.0a, Tru64 UNIX 4.0f, Tru64 UNIX 4.0g
Vulnerability: tru64-tcpip-seq-dos
X-Force URL: http://www.iss.net/security_center/static/10091.php
Date Reported: 09/11/2002
Brief Description: Mozilla "onunload" handler leaks URLs of Web pages
Risk Factor: Low
Attack Type: Network Based
Platforms: Netscape 7.0, Mozilla 1.1, Unix Any version,
Windows Any version, Linux Any version, Mozilla
1.0.1
Vulnerability: mozilla-onunload-url-leak
X-Force URL: http://www.iss.net/security_center/static/10084.php
Date Reported: 09/11/2002
Brief Description: Norton AntiVirus POPROXY username denial of service
Risk Factor: Low
Attack Type: Host Based
Platforms: Windows Any version, Norton AntiVirus 2001
Vulnerability: nav-poproxy-username-dos
X-Force URL: http://www.iss.net/security_center/static/10085.php
Date Reported: 09/11/2002
Brief Description: ssldump RSA key PreMasterSecret buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: ssldump 0.9b2 and earlier, Solaris Any version,
Linux Any version, HP-UX Any version, FreeBSD Any
version
Vulnerability: ssldump-rsa-premastersecret-bo
X-Force URL: http://www.iss.net/security_center/static/10086.php
Date Reported: 09/11/2002
Brief Description: ssldump SSLv2 "challenge" memory corruption
Risk Factor: High
Attack Type: Network Based
Platforms: FreeBSD Any version, HP-UX Any version, Linux Any
version, Solaris Any version, ssldump 0.9b2 and
earlier
Vulnerability: ssldump-sslv2-memory-corruption
X-Force URL: http://www.iss.net/security_center/static/10087.php
Date Reported: 09/12/2002
Brief Description: Multiple vendor SMTP content filtering can be
bypassed using message fragmentation and reassembly
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, Unix Any version, Linux Any
version, InterScan VirusWall 3.5.x for NT, GFI
MailSecurity for Exchange 7.2, GFI MailSecurity for
SMTP 7.2, CanIt prior to 1.2-F17, MIME-Tools
5.411a, MIMEDefang prior to 2.21
Vulnerability: smtp-content-filtering-bypass
X-Force URL: http://www.iss.net/security_center/static/10088.php
Date Reported: 09/12/2002
Brief Description: ht://Check "Server:" header cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: ht://Check 1.1, Linux Any version
Vulnerability: htcheck-server-header-xss
X-Force URL: http://www.iss.net/security_center/static/10089.php
Date Reported: 09/12/2002
Brief Description: BRU xbru component has a race condition
Risk Factor: High
Attack Type: Host Based
Platforms: BRU 17.0, Unix Any version
Vulnerability: bru-xbru-race-condition
X-Force URL: http://www.iss.net/security_center/static/10101.php
Date Reported: 09/13/2002
Brief Description: Enterasys Networks SmartSwitch Router port scan
denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Firmware E8.2.0.0, Firmware E8.3.0.4
Vulnerability: smartswitch-portscan-dos
X-Force URL: http://www.iss.net/security_center/static/10096.php
Date Reported: 09/13/2002
Brief Description: Apple MacOS X NetInfo Manager unauthorized root
access
Risk Factor: Medium
Attack Type: Host Based
Platforms: MacOS X 10.2
Vulnerability: macos-netinfo-root-access
X-Force URL: http://www.iss.net/security_center/static/10097.php
Date Reported: 09/13/2002
Brief Description: Slapper worm targets OpenSSL/Apache systems
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Mandrake Linux Any version, Gentoo Linux Any
version, Debian Linux Any version, Apache HTTP
Server 1.3.17, Apache HTTP Server 1.3.14, Apache
HTTP Server 1.3.19, Apache HTTP Server 1.3.26,
Apache HTTP Server 1.3.6, Apache HTTP Server 1.3.9,
Apache HTTP Server 1.3.12, Apache HTTP Server
1.3.20, Apache HTTP Server 1.3.23, Slackware Linux
Any version, SuSE Linux All versions, Red Hat Linux
Any version
Vulnerability: slapper-worm
X-Force URL: http://www.iss.net/security_center/static/10098.php
Date Reported: 09/13/2002
Brief Description: Debian Linux purity package buffer overflows
Risk Factor: Medium
Attack Type: Host Based
Platforms: Debian Linux 3.0, Debian Linux 2.2
Vulnerability: linux-purity-bo
X-Force URL: http://www.iss.net/security_center/static/10100.php
Date Reported: 09/13/2002
Brief Description: Savant Web server cgitest.exe buffer overflow can
crash the server
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, Savant 3.1 and earlier
Vulnerability: savant-cgitest-bo
X-Force URL: http://www.iss.net/security_center/static/10102.php
Date Reported: 09/13/2002
Brief Description: Savant Web server negative Content-Length denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Savant 3.1 and earlier, Windows Any version
Vulnerability: savant-neg-content-dos
X-Force URL: http://www.iss.net/security_center/static/10103.php
Date Reported: 09/13/2002
Brief Description: Savant Web server could allow an attacker to access
protected folders
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Savant 3.1 and earlier
Vulnerability: savant-protected-folder-access
X-Force URL: http://www.iss.net/security_center/static/10104.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail server.
Medium Any vulnerability that provides information that has a high
potential of giving system access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that could contain an
account with a guessable password.
Low Any vulnerability that provides information that could
potentially lead to a compromise. Example: A finger that
allows an intruder to find out who is online and potential
accounts to attempt to crack passwords via brute force
methods.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user’s risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPYYctTRfJiV99eG9AQG3cQQAuYYkfdWERvqbYePQRhDMMTMYkH+3yOJp
ETqPRzlFqXKY04UQ6R5L21/QiahiM8vxd6fVoYN23+zP3xXp5asuAM2laXuDkq2t
73yeSDdjd/nibDfDrvKEl6Ds3fBBAmxuQ55XHSlfydU9WAGCEm3KfJT30u2pyjoe
IIb7/CABqPM=
=C8Ky
-----END PGP SIGNATURE-----
- Previous message: X-Force: "ISS Security Brief: "Slapper" OpenSSL/Apache Worm Propagation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
