ISS Security Alert Summary AS02-46
From: X-Force (xforce@iss.net)
Date: 11/18/02
- Previous message: ISS Customer Relations: "[Customerconnect] Announcing System Scanner Service Release 3.09 Now Available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: alert@iss.net From: X-Force <xforce@iss.net> Date: Mon, 18 Nov 2002 14:24:44 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS02-46
November 18, 2002
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-46.php
_____
Contents:
* 57 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 11/05/2002
Brief Description: Cisco PIX Firewall TCP SYN packets denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Cisco PIX Firewall 6.2.2
Vulnerability: cisco-pix-packet-dos
X-Force URL: http://www.iss.net/security_center/static/10566.php
Date Reported: 11/05/2002
Brief Description: Safe.pm could allow an attacker to bypass access
restrictions
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Safe.pm prior to 2.08
Vulnerability: safe-pm-bypass-restrictions
X-Force URL: http://www.iss.net/security_center/static/10574.php
Date Reported: 11/06/2002
Brief Description: RhinoSoft Serv-U FTP Server MKD command denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, Serv-U FTP Server 4.0.0.4 and
earlier
Vulnerability: servu-mkd-command-dos
X-Force URL: http://www.iss.net/security_center/static/10573.php
Date Reported: 11/06/2002
Brief Description: Apache mod_php module could allow an attacker to
take over the httpd process
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Apache HTTP Server 1.3.26
Vulnerability: apache-modphp-process-hijack
X-Force URL: http://www.iss.net/security_center/static/10575.php
Date Reported: 11/06/2002
Brief Description: Linux kernel TF flag denial of service
Risk Factor: Low
Attack Type: Host Based
Platforms: Linux kernel 2.4.18 and earlier
Vulnerability: linux-kernel-tf-dos
X-Force URL: http://www.iss.net/security_center/static/10576.php
Date Reported: 11/07/2002
Brief Description: SquirrelMail strip_tags function PHP_SELF value
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Debian Linux 3.0, SquirrelMail 1.2.8
Vulnerability: squirrelmail-striptags-phpself-xss
X-Force URL: http://www.iss.net/security_center/static/10634.php
Date Reported: 11/08/2002
Brief Description: nss_ldap DNS query denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Mandrake
Linux 7.2, Mandrake Linux 8.0, Mandrake Single
Network Firewall 7.2, Mandrake Linux 8.1, Mandrake
Linux 8.2, Mandrake Linux 9.0
Vulnerability: nssldap-dns-query-dos
X-Force URL: http://www.iss.net/security_center/static/10578.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM URL redirect cross-domain Java Applet
execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-java-applet-redirect
X-Force URL: http://www.iss.net/security_center/static/10579.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM Java Applet class loader buffer
overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-class-loader-bo
X-Force URL: http://www.iss.net/security_center/static/10580.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM INativeServices could allow
unauthorized memory access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-inativeservices-memory-access
X-Force URL: http://www.iss.net/security_center/static/10582.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM INativeServices could be used to
access clipboard contents
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-inativeservices-clipboard-access
X-Force URL: http://www.iss.net/security_center/static/10583.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM Java Applet codebase tag could be used
to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-codebase-read-files
X-Force URL: http://www.iss.net/security_center/static/10584.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM StandardSecurityManager class
restriction bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-ssm-restriction-bypass
X-Force URL: http://www.iss.net/security_center/static/10585.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM CabCracker class could allow an
attacker to load .cab archives
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-cabcracker-load-archive
X-Force URL: http://www.iss.net/security_center/static/10586.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM passed HTML object denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-html-object-dos
X-Force URL: http://www.iss.net/security_center/static/10587.php
Date Reported: 11/08/2002
Brief Description: Microsoft VM HTML Applet tag denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Microsoft Internet Explorer
All versions, Microsoft Virtual Machine Any version
Vulnerability: msvm-html-applet-dos
X-Force URL: http://www.iss.net/security_center/static/10588.php
Date Reported: 11/08/2002
Brief Description: Solaris network interface TCP denial of service
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: Solaris 8, Solaris 9
Vulnerability: solaris-tcp-interface-dos
X-Force URL: http://www.iss.net/security_center/static/10600.php
Date Reported: 11/09/2002
Brief Description: MailScanner overly long file name could allow an
attacker to bypass virus protection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, MailScanner prior to 3.2 6-1, MailScanner
prior 4.0 5-1
Vulnerability: mailscanner-filename-protection-bypass
X-Force URL: http://www.iss.net/security_center/static/10609.php
Date Reported: 11/09/2002
Brief Description: CVSup cvsupd.out symlink attack
Risk Factor: Medium
Attack Type: Host Based
Platforms: BSD Any version, Linux Any version, Unix Any
version, CVSup 1.2
Vulnerability: cvsup-cvsupd-out-symlink
X-Force URL: http://www.iss.net/security_center/static/10610.php
Date Reported: 11/10/2002
Brief Description: eZ httpbench could allow an attacker to view files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, eZ httpbench 1.1
Vulnerability: ez-httpbench-view-files
X-Force URL: http://www.iss.net/security_center/static/10589.php
Date Reported: 11/10/2002
Brief Description: Hotfoon stores usernames and passwords in plain
text
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Hotfoon 4.00
Vulnerability: hotfoon-plaintext-passwords
X-Force URL: http://www.iss.net/security_center/static/10591.php
Date Reported: 11/10/2002
Brief Description: Hotfoon "phone number to be dialed" text field
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Hotfoon 4.00
Vulnerability: hotfoon-phone-number-bo
X-Force URL: http://www.iss.net/security_center/static/10593.php
Date Reported: 11/10/2002
Brief Description: XOOPS quiz module cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, XOOPS 1.0 RC3
Vulnerability: xoops-quiz-module-xss
X-Force URL: http://www.iss.net/security_center/static/10594.php
Date Reported: 11/11/2002
Brief Description: iSMTP MAIL FROM: command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: iSMTP 5.0.1, Banyan VINES Any version
Vulnerability: ismtp-mailfrom-command-bo
X-Force URL: http://www.iss.net/security_center/static/10577.php
Date Reported: 11/11/2002
Brief Description: KDE kdenetwork resLISa module LOGNAME buffer
overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Gentoo Linux Any version, KDE prior to 3.0.5, LISa
prior to 0.2.2, Debian Linux 3.0
Vulnerability: kde-kdenetwork-reslisa-bo
X-Force URL: http://www.iss.net/security_center/static/10592.php
Date Reported: 11/11/2002
Brief Description: Tiny HTTPd "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Tiny HTTPd 0.1.0
Vulnerability: tinyhttpd-dotdot-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/10596.php
Date Reported: 11/11/2002
Brief Description: KDE kdenetwork LISa buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Linux Any version, SuSE Linux 7.2, SuSE Linux 7.3,
SuSE eMail Server III Any version, SuSE Linux
Connectivity Server Any version, SuSE Linux
Enterprise Server 7, SuSE Linux Office Server Any
Version, SuSE eMail Server 3.1, KDE prior to 3.0.5,
LISa prior to 0.2.2
Vulnerability: kde-kdenetwork-lisa-bo
X-Force URL: http://www.iss.net/security_center/static/10597.php
Date Reported: 11/11/2002
Brief Description: KDE kdenetwork lan:// URL handler buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: SuSE Linux 7.2, SuSE Linux 7.3, SuSE eMail Server
III Any version, SuSE Linux Connectivity Server Any
version, SuSE Linux Enterprise Server 7, SuSE Linux
Office Server Any Version, SuSE eMail Server 3.1,
KDE prior to 3.0.5, LISa prior to 0.2.2
Vulnerability: kde-kdenetwork-lan-bo
X-Force URL: http://www.iss.net/security_center/static/10598.php
Date Reported: 11/11/2002
Brief Description: KDE kdelib KIO rlogin:// URL handler remote shell
command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Gentoo Linux Any version, KDE
prior to 3.0.5
Vulnerability: kde-rlogin-command-execution
X-Force URL: http://www.iss.net/security_center/static/10602.php
Date Reported: 11/11/2002
Brief Description: KDE kdelib KIO telnet:// URL handler remote shell
command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, KDE 2.1 to 2.2.2
Vulnerability: kde-telnet-command-execution
X-Force URL: http://www.iss.net/security_center/static/10603.php
Date Reported: 11/11/2002
Brief Description: KGPG wizard creates keys with an empty password
Risk Factor: Medium
Attack Type: Host Based
Platforms: Gentoo Linux Any version, Kpng 0.6 to 0.8.2, KPNG
0.6 to 0.8.2
Vulnerability: kgpg-wizard-empty-password
X-Force URL: http://www.iss.net/security_center/static/10629.php
Date Reported: 11/12/2002
Brief Description: ISC BIND SIG cached resource records (RR) heap
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Solaris 2.6,
HP-UX 10.20, Solaris 7, BIND 8.2, BIND 8.2.1, BIND
8.1, BIND 8.1.1, BIND 8.1.2, BIND 8.2.2, Solaris 8,
AIX 4.0, HP-UX 11, SuSE Linux 7.0, BIND 4.x, SuSE
Linux 7.1, Compaq Tru64 UNIX, SuSE Linux 7.2, SuSE
Linux 7.3, SuSE Linux 8.0, Red Hat Linux 7.x, BIND
8.3.3, BIND 8.3.2, BIND 8.3.1, BIND 8.3.0, BIND
8.2.6, BIND 8.2.5, BIND 8.2.4, BIND 8.2.3, BIND
8.2.2-P7, BIND 8.2.2-P5, BIND 8.2.2-P3, FreeBSD <
4.7-RELEASE, SuSE Linux 8.1
Vulnerability: bind-sig-rr-bo
X-Force URL: http://www.iss.net/security_center/static/10304.php
Date Reported: 11/12/2002
Brief Description: ISC BIND OPT resource record (RR) denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Solaris 2.6,
HP-UX 10.20, Solaris 7, BIND 8.2, BIND 8.2.1, BIND
8.1, BIND 8.1.1, BIND 8.1.2, BIND 8.2.2, Solaris 8,
AIX 4.0, HP-UX 11, SuSE Linux 7.0, SuSE Linux 7.1,
Compaq Tru64 UNIX, SuSE Linux 7.3, SuSE Linux 8.0,
Red Hat Linux 7.x, BIND 8.3.3, BIND 8.3.2, BIND
8.3.1, BIND 8.3.0, BIND 8.2.6, BIND 8.2.5, BIND
8.2.4, BIND 8.2.3, BIND 8.2.2-P7, BIND 8.2.2-P5,
BIND 8.2.2-P3, FreeBSD < 4.7-RELEASE, SuSE Linux
8.1
Vulnerability: bind-opt-rr-dos
X-Force URL: http://www.iss.net/security_center/static/10332.php
Date Reported: 11/12/2002
Brief Description: ISC BIND SIG null pointer dereference denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, BIND 8.2, BIND
8.2.1, BIND 8.1, BIND 8.1.1, BIND 8.1.2, BIND
8.2.2, SuSE Linux 7.0, SuSE Linux 7.1, SuSE Linux
7.2, SuSE Linux 7.3, SuSE Linux 8.0, BIND 8.3.3,
BIND 8.3.2, BIND 8.3.1, BIND 8.3.0, BIND 8.2.6,
BIND 8.2.5, BIND 8.2.4, BIND 8.2.3, BIND 8.2.2-P7,
BIND 8.2.2-P5, BIND 8.2.2-P3, FreeBSD < 4.7-
RELEASE, SuSE Linux 8.1
Vulnerability: bind-null-dereference-dos
X-Force URL: http://www.iss.net/security_center/static/10333.php
Date Reported: 11/12/2002
Brief Description: Hyperion FTP Server "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Hyperion FTP Server 2.8.1
Vulnerability: hyperion-dotdot-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/10599.php
Date Reported: 11/12/2002
Brief Description: INweb Mail Server HELO command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, INweb Mail Server 2.01
Vulnerability: inweb-helo-command-bo
X-Force URL: http://www.iss.net/security_center/static/10601.php
Date Reported: 11/12/2002
Brief Description: MasqMail multiple buffer overflows
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, MasqMail Any version
Vulnerability: masqmail-bo
X-Force URL: http://www.iss.net/security_center/static/10605.php
Date Reported: 11/12/2002
Brief Description: XOOPS WebChat module SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, XOOPS 1.0 RC3
Vulnerability: xoops-webchat-sql-injection
X-Force URL: http://www.iss.net/security_center/static/10606.php
Date Reported: 11/12/2002
Brief Description: Light HTTPd (LHTTPd) remote buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, LHTTPd 0.1
Vulnerability: light-httpd-bo
X-Force URL: http://www.iss.net/security_center/static/10607.php
Date Reported: 11/12/2002
Brief Description: Traceroute NANOG implementation buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: SuSE Linux 7.0, SuSE Linux 7.1, SuSE Linux 7.2,
SuSE Linux 7.3, SuSE Linux Firewall Any version,
SuSE eMail Server III Any version, SuSE Linux
Connectivity Server Any version, SuSE Linux
Enterprise Server 7, SuSE Linux 8.0, SuSE Linux
Office Server Any Version, SuSE eMail Server 3.1
Vulnerability: traceroute-nanog-bo
X-Force URL: http://www.iss.net/security_center/static/10608.php
Date Reported: 11/12/2002
Brief Description: APBoard PHP forum could allow an attacker to post
to protected forums
Risk Factor: Low
Attack Type: Network Based
Platforms: BSD Any version, Linux Any version, Unix Any
version, APBoard 2.02, APBoard 2.03
Vulnerability: apboard-protected-forum-bypass
X-Force URL: http://www.iss.net/security_center/static/10611.php
Date Reported: 11/12/2002
Brief Description: W3Mail invalid file argument could allow an
attacker to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Unix Any version, W3Mail Any version
Vulnerability: w3mail-argument-read-files
X-Force URL: http://www.iss.net/security_center/static/10612.php
Date Reported: 11/12/2002
Brief Description: ISC BIND DNS stub resolver library (libresolv.a)
stack buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, BIND 4.9.2 to
4.9.10
Vulnerability: bind-dns-libresolv-bo
X-Force URL: http://www.iss.net/security_center/static/10624.php
Date Reported: 11/13/2002
Brief Description: LibHTTPD httpdProcessRequest() function buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, LibHTTPD 1.2
Vulnerability: libhttpd-httpdprocessrequest-bo
X-Force URL: http://www.iss.net/security_center/static/10615.php
Date Reported: 11/13/2002
Brief Description: phpBB quick_reply.php script could allow an
attacker to include PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, phpBB Any version
Vulnerability: phpbb-quickreply-file-include
X-Force URL: http://www.iss.net/security_center/static/10617.php
Date Reported: 11/13/2002
Brief Description: libpcap and tcpdump downloads could contain a
backdoor
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, tcpdump 3.6.2, tcpdump 3.7.1,
libcap 0.7.1
Vulnerability: libpcap-tcpdump-backdoor
X-Force URL: http://www.iss.net/security_center/static/10620.php
Date Reported: 11/13/2002
Brief Description: SURECOM Internet Mini Broadband Router EP-4501
default SNMP
Risk Factor: High
Attack Type: Network Based
Platforms: SURECOM Internet Mini Broadband Router EP-4501
Vulnerability: surecom-default-snmp-string
X-Force URL: http://www.iss.net/security_center/static/10621.php
Date Reported: 11/13/2002
Brief Description: KeyFocus GET request directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, KF Web server 1.x
Vulnerability: keyfocus-get-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/10622.php
Date Reported: 11/13/2002
Brief Description: AirStation WLA-L11G access point port scan denial
of service
Risk Factor: Low
Attack Type: Network Based
Platforms: AirStation WLA-L11G 2.31
Vulnerability: airstation-wla-l11g-ap-dos
X-Force URL: http://www.iss.net/security_center/static/10623.php
Date Reported: 11/13/2002
Brief Description: IBM HTTP Server could disclose the Web root path
Risk Factor: Low
Attack Type: Network Based
Platforms: AS/400 Any version, IBM HTTP Server 1.0
Vulnerability: ibm-http-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/10628.php
Date Reported: 11/14/2002
Brief Description: IISPop EMail Server buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, IISPop EMail Server 1.161 and
1.181
Vulnerability: iispop-email-server-bo
X-Force URL: http://www.iss.net/security_center/static/10632.php
Date Reported: 11/14/2002
Brief Description: LiteServe CGI script source disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows NT Any version, Windows 95, Windows 2000
Any version, Windows CE, LiteServe prior to 2.03
Vulnerability: liteserve-script-source-disclosure
X-Force URL: http://www.iss.net/security_center/static/10635.php
Date Reported: 11/14/2002
Brief Description: Mozilla and Netscape jar URL handler heap buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, Netscape Navigator Any
version, Mozilla Any version
Vulnerability: mozilla-netscape-jar-bo
X-Force URL: http://www.iss.net/security_center/static/10636.php
Date Reported: 11/15/2002
Brief Description: Zeroo HTTP Server buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Zeroo HTTP
Server 1.5
Vulnerability: zeroo-http-server-bo
X-Force URL: http://www.iss.net/security_center/static/10642.php
Date Reported: 11/15/2002
Brief Description: Courier mail transport agent (MTA) fails to
properly enforce permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms: Debian Linux 3.0, Courier Any version
Vulnerability: courier-mta-insecure-permissions
X-Force URL: http://www.iss.net/security_center/static/10643.php
Date Reported: 11/16/2002
Brief Description: GNU Compiler Collection (GCC) memset() function
results in weaker security
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, GNU Compiler
Collection (GCC) 3.2
Vulnerability: gcc-memset-weak-security
X-Force URL: http://www.iss.net/security_center/static/10641.php
Date Reported: 11/17/2002
Brief Description: LiteServe percent characters denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, LiteServe bla
Vulnerability: liteserve-percent-character-dos
X-Force URL: http://www.iss.net/security_center/static/10644.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail server.
Medium Any vulnerability that provides information that has a high
potential of giving system access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that could contain an
account with a guessable password.
Low Any vulnerability that provides information that could
potentially lead to a compromise. Example: A finger that
allows an intruder to find out who is online and potential
accounts to attempt to crack passwords via brute force
methods.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user’s risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPdk+QTRfJiV99eG9AQEsQgP/bGYcccRWHQiN3qyfQ1CRSqZMn1M+blBU
xUInAcOZ8RH0kLChXI91S14FhiF/3lzxyq9ciAqMlPrAXaEGhafdI1Op5DbpWNNQ
0Y+gWrmFVYhobFiYc4D867v57UN9m/9rECBqVwz9lyhhq7kGeuMierVfS85OOyiG
gWUUcBBzW3s=
=eE+J
-----END PGP SIGNATURE-----
