ISS Security Alert Summary AS02-42

From: X-Force (xforce@iss.net)
Date: 10/21/02 

To: alert@iss.net
From: X-Force <xforce@iss.net>
Date: Mon, 21 Oct 2002 14:15:40 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS02-42
October 21, 2002

X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists

This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-42.php

Try RealSecure® Network Sensor for free for 30 days. Download a 30-day evaluation copy at http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php

_____
Contents:
* 48 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 10/08/2002
Brief Description: Red Hat Linux dvips system() function could allow
                    an attacker to execute commands
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Red Hat Linux 6.2, Red Hat Linux 7.0, Red Hat Linux
                    7.1, Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat
                    Linux 8.0
Vulnerability: dvips-system-execute-commands
X-Force URL: http://www.iss.net/security_center/static/10365.php

Date Reported: 10/08/2002
Brief Description: Webmin ships with identical SSL keys
Risk Factor: Medium
Attack Type: Network Based
Platforms: FreeBSD Ports Collection prior to 2002-10-10,
                    Webmin prior to 1.020
Vulnerability: webmin-identical-ssl-keys
X-Force URL: http://www.iss.net/security_center/static/10381.php

Date Reported: 10/09/2002
Brief Description: Apache Tomcat invoker servlet used in conjunction
                    with the default servlet reveals source code
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, Tomcat 4.0.x through 4.1.12
Vulnerability: tomcat-invoker-source-code
X-Force URL: http://www.iss.net/security_center/static/10376.php

Date Reported: 10/10/2002
Brief Description: phpRank banner URL cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, phpRank Pro, phpRank 1.8
Vulnerability: phprank-banner-url-xss
X-Force URL: http://www.iss.net/security_center/static/10351.php

Date Reported: 10/10/2002
Brief Description: phpRank stores administrative password in plain
                    text
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, phpRank 1.8
Vulnerability: phprank-admin-plaintext-password
X-Force URL: http://www.iss.net/security_center/static/10352.php

Date Reported: 10/10/2002
Brief Description: phpRank NULL password could allow an attacker to
                    bypass authentication
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, phpRank 1.8
Vulnerability: phprank-null-bypass-authentication
X-Force URL: http://www.iss.net/security_center/static/10353.php

Date Reported: 10/10/2002
Brief Description: PHP-Nuke multiple cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, PHP-Nuke 6.0
Vulnerability: phpnuke-multiple-xss
X-Force URL: http://www.iss.net/security_center/static/10354.php

Date Reported: 10/11/2002
Brief Description: Windows XP and 2000 administrative alerts fail when
                    security event log is full
Risk Factor: Low
Attack Type: Host Based
Platforms: Windows 2000 Server, Windows 2000 Advanced Server,
                    Windows XP Home, Windows XP Professional, Windows
                    2000 Professional
Vulnerability: win-admin-alerts-fail
X-Force URL: http://www.iss.net/security_center/static/10377.php

Date Reported: 10/12/2002
Brief Description: PHP phpinfo() cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any Web server All versions, PHP 4.2.3
Vulnerability: php-phpinfo-xss
X-Force URL: http://www.iss.net/security_center/static/10355.php

Date Reported: 10/12/2002
Brief Description: GazTek HTTP Daemon (ghttpd) log() buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, ghttpd 1.4-3
Vulnerability: gaztek-httpd-log-bo
X-Force URL: http://www.iss.net/security_center/static/10361.php

Date Reported: 10/12/2002
Brief Description: ATP HTTP Daemon (ATPhttpd) sock_gets() buffer
                    overflow
Risk Factor: High
Attack Type: Network Based
Platforms: BSD Any version, Linux Any version, ATPhttpd 0.4b
Vulnerability: atphttpd-sockgets-bo
X-Force URL: http://www.iss.net/security_center/static/10362.php

Date Reported: 10/13/2002
Brief Description: Polycom ViaVideo Web server GET request buffer
                    overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, Polycom ViaVideo 2.2, Polycom
                    ViaVideo 3.0
Vulnerability: viavideo-webserver-get-bo
X-Force URL: http://www.iss.net/security_center/static/10359.php

Date Reported: 10/13/2002
Brief Description: Polycom ViaVideo Web server multiple incomplete
                    requests denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Polycom ViaVideo 3.0, Windows Any version, Polycom
                    ViaVideo 2.2
Vulnerability: viavideo-inc-request-dos
X-Force URL: http://www.iss.net/security_center/static/10360.php

Date Reported: 10/13/2002
Brief Description: Mini Server "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Mini Server 2.1.6
Vulnerability: mini-server-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/10366.php

Date Reported: 10/13/2002
Brief Description: SimpleWebServer overly long URL denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, SimpleWebServer 2.06.20817
                    Build3128
Vulnerability: simplewebserver-long-url-dos
X-Force URL: http://www.iss.net/security_center/static/10367.php

Date Reported: 10/14/2002
Brief Description: Linux-HA heartbeat package remote buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: heartbeat 0.4.9[a-d], SuSE Linux 8.0, Debian Linux
                    3.0, heartbeat 0.4.9.1
Vulnerability: linuxha-heartbeat-bo
X-Force URL: http://www.iss.net/security_center/static/10357.php

Date Reported: 10/14/2002
Brief Description: Simple, secure webserver could disclose network
                    topology
Risk Factor: Medium
Attack Type: Network Based
Platforms: Raptor Firewall 6.5, Symantec Enterprise Firewall
                    (SEP) 6.5.2, Simple, secure webserver 1.1, Raptor
                    Firewall 6.5.3
Vulnerability: simple-webserver-topology-disclosure
X-Force URL: http://www.iss.net/security_center/static/10363.php

Date Reported: 10/14/2002
Brief Description: Simple, secure webserver malformed URL denial of
                    service
Risk Factor: Low
Attack Type: Network Based
Platforms: Raptor Firewall 6.5, Symantec Enterprise Firewall
                    (SEP) 7.0, Symantec Enterprise Firewall (SEP)
                    6.5.2, Simple, secure webserver 1.1, Raptor
                    Firewall 6.5.3, Symantec VelociRaptor 500/700/1000,
                    Symantec VelociRaptor 1100/1200/1300, Symantec
                    Gateway Security 5110/5200/5300
Vulnerability: simple-webserver-url-dos
X-Force URL: http://www.iss.net/security_center/static/10364.php

Date Reported: 10/14/2002
Brief Description: Meunity Community System forum message IMG tag
                    cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Meunity
                    Community System 1.1 (stable)
Vulnerability: meunity-forum-image-xss
X-Force URL: http://www.iss.net/security_center/static/10369.php

Date Reported: 10/14/2002
Brief Description: Ingenium Learning Management System config.txt
                    stores sensitive information insecurely
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Ingenium Learning Management
                    System 5.1, Ingenium Learning Management System 6.1
Vulnerability: ingenium-config-sensitive-information
X-Force URL: http://www.iss.net/security_center/static/10387.php

Date Reported: 10/14/2002
Brief Description: Ingenium Learning Management System uses weak
                    encryption algorithm
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Ingenium Learning Management
                    System 5.1, Ingenium Learning Management System 6.1
Vulnerability: ingenium-weak-encryption
X-Force URL: http://www.iss.net/security_center/static/10389.php

Date Reported: 10/15/2002
Brief Description: Microsoft IIS HTTP HOST header denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows NT Any version, Windows 2000 Any version,
                    Microsoft IIS 5.0, Microsoft IIS 5.1
Vulnerability: iis-http-host-dos
X-Force URL: http://www.iss.net/security_center/static/10370.php

Date Reported: 10/15/2002
Brief Description: Internet Explorer oIFrameElement.Document cross-
                    domain script execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
                    5.5, Microsoft Internet Explorer 6.0
Vulnerability: ie-iframe-document-script-execution
X-Force URL: http://www.iss.net/security_center/static/10371.php

Date Reported: 10/15/2002
Brief Description: Web Server 4 Everyone long file name request buffer
                    overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, Web Server 4 Everyone 1.23,
                    Web Server 4 Everyone 1.27
Vulnerability: webserver-4everyone-filename-bo
X-Force URL: http://www.iss.net/security_center/static/10372.php

Date Reported: 10/15/2002
Brief Description: Web Server 4 Everyone hexadecimal URL encoded
                    forward-slash directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Web Server 4 Everyone 1.23,
                    Web Server 4 Everyone 1.27
Vulnerability: webserver-4everyone-encoded-traversal
X-Force URL: http://www.iss.net/security_center/static/10373.php

Date Reported: 10/15/2002
Brief Description: Avaya Cajun default passwords
Risk Factor: High
Attack Type: Network Based
Platforms: Avaya P882 MultiService Switch 5.2.14 and earlier,
                    Avaya P580 MultiService Switch 5.2.14 and earlier,
                    Avaya P550R MultiService Switch 5.2.14 and earlier,
                    Avaya P880 MultiService Switch 5.2.14 and earlier
Vulnerability: avaya-cajun-default-passwords
X-Force URL: http://www.iss.net/security_center/static/10374.php

Date Reported: 10/15/2002
Brief Description: WebLogic security policy is ignored when migrating
                    certain applications
Risk Factor: Low
Attack Type: Network Based
Platforms: WebLogic Server 6.0, WebLogic Server 6.1, WebLogic
                    Server 7.0, WebLogic Server 7.0.0.1, WebLogic
                    Express 6.1, WebLogic Express 7.0, WebLogic Express
                    7.0.0.1, WebLogic Express 6.0, WebLogic Integration
                    7.0, WebLogic Integration 7.0 SP1
Vulnerability: weblogic-security-policy-ignored
X-Force URL: http://www.iss.net/security_center/static/10392.php

Date Reported: 10/16/2002
Brief Description: Sabre Desktop Reservation Software Sabserv client
                    denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows 95, Windows 98 Second Edition, Sabre
                    Desktop Reservation Software 4.2, Sabre Desktop
                    Reservation Software 4.3, Sabre Desktop Reservation
                    Software 4.4
Vulnerability: sabre-sabserv-client-dos
X-Force URL: http://www.iss.net/security_center/static/10378.php

Date Reported: 10/16/2002
Brief Description: ZoneAlarm Pro synflooding denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, ZoneAlarm Pro 3.0, ZoneAlarm
                    Pro 3.1
Vulnerability: zonealerm-synflood-dos
X-Force URL: http://www.iss.net/security_center/static/10379.php

Date Reported: 10/16/2002
Brief Description: SkyStream EMR5000 Linux kernel panic denial of
                    service
Risk Factor: Medium
Attack Type: Network Based
Platforms: SkyStream EMR5000 1.16, SkyStream EMR5000 1.17,
                    SkyStream EMR5000 1.18
Vulnerability: skystream-emr5000-kernel-dos
X-Force URL: http://www.iss.net/security_center/static/10380.php

Date Reported: 10/16/2002
Brief Description: Cisco Catalyst CatOS CiscoView buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco Catalyst Switches Any version, Cisco CatOS
                    5.4 to 7.3
Vulnerability: cisco-catalyst-ciscoview-bo
X-Force URL: http://www.iss.net/security_center/static/10382.php

Date Reported: 10/16/2002
Brief Description: Microsoft SQL Server Web tasks could allow elevated
                    privileges
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Windows NT Any version, Windows 2000 Any version,
                    Microsoft SQL Server 7.0, Microsoft SQL Server
                    2000, Microsoft MSDE 1.0, Microsoft MSDE 2000
Vulnerability: mssql-webtask-gain-privileges
X-Force URL: http://www.iss.net/security_center/static/10388.php

Date Reported: 10/16/2002
Brief Description: Sun Solaris NFS denial of service caused by
                    lockd(1M) daemon
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: Solaris 2.5.1, Solaris 2.6, Solaris 7, Solaris 8,
                    Solaris 9
Vulnerability: solaris-nfs-lockd-dos
X-Force URL: http://www.iss.net/security_center/static/10394.php

Date Reported: 10/16/2002
Brief Description: myPHPNuke phptonuke.php script could allow an
                    attacker to view files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, myPHPNuke 1.8.8
Vulnerability: myphpnuke-phptonuke-view-files
X-Force URL: http://www.iss.net/security_center/static/10396.php

Date Reported: 10/16/2002
Brief Description: HP OnLineJFS improper sticky bit security
Risk Factor: Medium
Attack Type: Host Based
Platforms: HP-UX 11.00, HP-UX 10.20, HP OnLineJFS 3.1
Vulnerability: hp-onlinejfs-improper-security
X-Force URL: http://www.iss.net/security_center/static/10399.php

Date Reported: 10/17/2002
Brief Description: PlanetWeb long URL buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: PlanetWeb 1.14, Windows Any version
Vulnerability: planetweb-long-url-bo
X-Force URL: http://www.iss.net/security_center/static/10391.php

Date Reported: 10/17/2002
Brief Description: Pirch and RusPirch auto-log function denial of
                    service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, Pirch IRC Any version,
                    RusPirch Any Version
Vulnerability: pirch-auto-log-dos
X-Force URL: http://www.iss.net/security_center/static/10395.php

Date Reported: 10/17/2002
Brief Description: PAM (Pluggable Authentication Module) disabled
                    passwords could allow an attacker to bypass
                    authentication
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux 3.0, PAM 0.76
Vulnerability: pam-disabled-bypass-authentication
X-Force URL: http://www.iss.net/security_center/static/10405.php

Date Reported: 10/18/2002
Brief Description: Molly $host variable could allow a remote attacker
                    to execute commands
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Molly 0.5
Vulnerability: molly-host-execute-commands
X-Force URL: http://www.iss.net/security_center/static/10397.php

Date Reported: 10/18/2002
Brief Description: Microsoft Windows Media Player world-writable
                    executables
Risk Factor: High
Attack Type: Host Based
Platforms: Solaris Any version, Windows Media Player 6.3
Vulnerability: mediaplayer-world-writable-executables
X-Force URL: http://www.iss.net/security_center/static/10398.php

Date Reported: 10/18/2002
Brief Description: Windows 2000 RPC TCP port 135 denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows 2000 Server, Windows 2000 Advanced Server,
                    Windows 2000 Datacenter Server, Windows 2000
                    Professional
Vulnerability: win2k-rpc-tcp135-dos
X-Force URL: http://www.iss.net/security_center/static/10400.php

Date Reported: 10/18/2002
Brief Description: Perlbot remote shell command execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, Perlbot 1.0 beta
Vulnerability: perlbot-shell-command-execution
X-Force URL: http://www.iss.net/security_center/static/10401.php

Date Reported: 10/18/2002
Brief Description: Perlbot email sending command execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, Perlbot 1.0 beta
Vulnerability: perlbot-email-command-execution
X-Force URL: http://www.iss.net/security_center/static/10402.php

Date Reported: 10/18/2002
Brief Description: Perlbot $text variable remote shell command
                    execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, Perlbot 1.9.2
Vulnerability: perlbot-text-command-execution
X-Force URL: http://www.iss.net/security_center/static/10403.php

Date Reported: 10/18/2002
Brief Description: Perlbot $filename variable remote command execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, Perlbot 1.9.2
Vulnerability: perlbot-filename-command-execution
X-Force URL: http://www.iss.net/security_center/static/10404.php

Date Reported: 10/18/2002
Brief Description: YaBB (Yet Another Bulletin Board) index.php cross-
                    site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, YaBB 1.40, YaBB 1.41
Vulnerability: yabb-index-xss
X-Force URL: http://www.iss.net/security_center/static/10406.php

Date Reported: 10/18/2002
Brief Description: vBulletin usercp.php script cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
                    version, vBulletin 2.0 rc 3, vBulletin 2.0 rc 2,
                    vBulletin 2.2.0 thru 2.2.8
Vulnerability: vBulletin-usercp-xss
X-Force URL: http://www.iss.net/security_center/static/10407.php

Date Reported: 10/18/2002
Brief Description: 602Pro LAN SUITE 2002 could allow an attacker to
                    gain administrative privileges
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, 602Pro LAN SUITE 2002 (Czech)
Vulnerability: 602pro-admin-priviliges
X-Force URL: http://www.iss.net/security_center/static/10408.php

_____

Risk Factor Key:

     High Any vulnerability that provides an attacker with immediate
              access into a machine, gains superuser access, or bypasses
              a firewall. Example: A vulnerable Sendmail 8.6.5 version
              that allows an intruder to execute commands on mail server.
     Medium Any vulnerability that provides information that has a high
              potential of giving system access to an intruder. Example:
              A misconfigured TFTP or vulnerable NIS server that allows
              an intruder to get the password file that could contain an
              account with a guessable password.
     Low Any vulnerability that provides information that could
              potentially lead to a compromise. Example: A finger that
              allows an intruder to find out who is online and potential
              accounts to attempt to crack passwords via brute force
              methods.

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user’s risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php

Please send suggestions, updates, and comments to: X-Force

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPbREGjRfJiV99eG9AQGEPAP/Ztont1pCyI8B5Y9HsJwceIscjIosEyx8
HwAYfk8X9QbzI59ygt+phl10EEgnArFP6pu63H27DG3gWCt1RI18prK2ZQ8kT/VB
vEjdDZvvLevDSKNFRzfBKP5Cu0f5tN8Xxucy1b+8wxNb0hn0TAa4TR8OTlzWdc1n
Mw5zijh3aBs=
=+Jsm
-----END PGP SIGNATURE-----