ISS Security Alert Summary AS02-46

From: X-Force (xforce@iss.net)
Date: 11/18/02

  • Next message: X-Force: "ISS Security Brief: Microsoft MDAC Remote Compromise Vulnerability"
    To: alert@iss.net
    From: X-Force <xforce@iss.net>
    Date: Mon, 18 Nov 2002 14:24:44 -0500 (EST)
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary AS02-46
    November 18, 2002

    X-Force Vulnerability and Threat Database:
    http://www.iss.net/security_center

    To receive these Alert Summaries, as well as other Alerts and
    Advisories, subscribe to the Internet Security Systems Alert
    mailing list at:
    http://www.iss.net/security_center/maillists

    This summary is available at the following address:
    http://www.iss.net/security_center/alerts/AS02-46.php
    _____
    Contents:
    * 57 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 11/05/2002
    Brief Description: Cisco PIX Firewall TCP SYN packets denial of
                        service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, Cisco PIX Firewall 6.2.2
    Vulnerability: cisco-pix-packet-dos
    X-Force URL: http://www.iss.net/security_center/static/10566.php

    Date Reported: 11/05/2002
    Brief Description: Safe.pm could allow an attacker to bypass access
                        restrictions
    Risk Factor: Medium
    Attack Type: Host Based / Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, Safe.pm prior to 2.08
    Vulnerability: safe-pm-bypass-restrictions
    X-Force URL: http://www.iss.net/security_center/static/10574.php

    Date Reported: 11/06/2002
    Brief Description: RhinoSoft Serv-U FTP Server MKD command denial of
                        service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, Serv-U FTP Server 4.0.0.4 and
                        earlier
    Vulnerability: servu-mkd-command-dos
    X-Force URL: http://www.iss.net/security_center/static/10573.php

    Date Reported: 11/06/2002
    Brief Description: Apache mod_php module could allow an attacker to
                        take over the httpd process
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Apache HTTP Server 1.3.26
    Vulnerability: apache-modphp-process-hijack
    X-Force URL: http://www.iss.net/security_center/static/10575.php

    Date Reported: 11/06/2002
    Brief Description: Linux kernel TF flag denial of service
    Risk Factor: Low
    Attack Type: Host Based
    Platforms: Linux kernel 2.4.18 and earlier
    Vulnerability: linux-kernel-tf-dos
    X-Force URL: http://www.iss.net/security_center/static/10576.php

    Date Reported: 11/07/2002
    Brief Description: SquirrelMail strip_tags function PHP_SELF value
                        cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Debian Linux 3.0, SquirrelMail 1.2.8
    Vulnerability: squirrelmail-striptags-phpself-xss
    X-Force URL: http://www.iss.net/security_center/static/10634.php

    Date Reported: 11/08/2002
    Brief Description: nss_ldap DNS query denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, Solaris Any version, Mandrake
                        Linux 7.2, Mandrake Linux 8.0, Mandrake Single
                        Network Firewall 7.2, Mandrake Linux 8.1, Mandrake
                        Linux 8.2, Mandrake Linux 9.0
    Vulnerability: nssldap-dns-query-dos
    X-Force URL: http://www.iss.net/security_center/static/10578.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM URL redirect cross-domain Java Applet
                        execution
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-java-applet-redirect
    X-Force URL: http://www.iss.net/security_center/static/10579.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM Java Applet class loader buffer
                        overflow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-class-loader-bo
    X-Force URL: http://www.iss.net/security_center/static/10580.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM INativeServices could allow
                        unauthorized memory access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-inativeservices-memory-access
    X-Force URL: http://www.iss.net/security_center/static/10582.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM INativeServices could be used to
                        access clipboard contents
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-inativeservices-clipboard-access
    X-Force URL: http://www.iss.net/security_center/static/10583.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM Java Applet codebase tag could be used
                        to read files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-codebase-read-files
    X-Force URL: http://www.iss.net/security_center/static/10584.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM StandardSecurityManager class
                        restriction bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-ssm-restriction-bypass
    X-Force URL: http://www.iss.net/security_center/static/10585.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM CabCracker class could allow an
                        attacker to load .cab archives
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-cabcracker-load-archive
    X-Force URL: http://www.iss.net/security_center/static/10586.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM passed HTML object denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-html-object-dos
    X-Force URL: http://www.iss.net/security_center/static/10587.php

    Date Reported: 11/08/2002
    Brief Description: Microsoft VM HTML Applet tag denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        All versions, Microsoft Virtual Machine Any version
    Vulnerability: msvm-html-applet-dos
    X-Force URL: http://www.iss.net/security_center/static/10588.php

    Date Reported: 11/08/2002
    Brief Description: Solaris network interface TCP denial of service
    Risk Factor: Low
    Attack Type: Host Based / Network Based
    Platforms: Solaris 8, Solaris 9
    Vulnerability: solaris-tcp-interface-dos
    X-Force URL: http://www.iss.net/security_center/static/10600.php

    Date Reported: 11/09/2002
    Brief Description: MailScanner overly long file name could allow an
                        attacker to bypass virus protection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, MailScanner prior to 3.2 6-1, MailScanner
                        prior 4.0 5-1
    Vulnerability: mailscanner-filename-protection-bypass
    X-Force URL: http://www.iss.net/security_center/static/10609.php

    Date Reported: 11/09/2002
    Brief Description: CVSup cvsupd.out symlink attack
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: BSD Any version, Linux Any version, Unix Any
                        version, CVSup 1.2
    Vulnerability: cvsup-cvsupd-out-symlink
    X-Force URL: http://www.iss.net/security_center/static/10610.php

    Date Reported: 11/10/2002
    Brief Description: eZ httpbench could allow an attacker to view files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, eZ httpbench 1.1
    Vulnerability: ez-httpbench-view-files
    X-Force URL: http://www.iss.net/security_center/static/10589.php

    Date Reported: 11/10/2002
    Brief Description: Hotfoon stores usernames and passwords in plain
                        text
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, Hotfoon 4.00
    Vulnerability: hotfoon-plaintext-passwords
    X-Force URL: http://www.iss.net/security_center/static/10591.php

    Date Reported: 11/10/2002
    Brief Description: Hotfoon "phone number to be dialed" text field
                        buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, Hotfoon 4.00
    Vulnerability: hotfoon-phone-number-bo
    X-Force URL: http://www.iss.net/security_center/static/10593.php

    Date Reported: 11/10/2002
    Brief Description: XOOPS quiz module cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, XOOPS 1.0 RC3
    Vulnerability: xoops-quiz-module-xss
    X-Force URL: http://www.iss.net/security_center/static/10594.php

    Date Reported: 11/11/2002
    Brief Description: iSMTP MAIL FROM: command buffer overflow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: iSMTP 5.0.1, Banyan VINES Any version
    Vulnerability: ismtp-mailfrom-command-bo
    X-Force URL: http://www.iss.net/security_center/static/10577.php

    Date Reported: 11/11/2002
    Brief Description: KDE kdenetwork resLISa module LOGNAME buffer
                        overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Gentoo Linux Any version, KDE prior to 3.0.5, LISa
                        prior to 0.2.2, Debian Linux 3.0
    Vulnerability: kde-kdenetwork-reslisa-bo
    X-Force URL: http://www.iss.net/security_center/static/10592.php

    Date Reported: 11/11/2002
    Brief Description: Tiny HTTPd "dot dot" directory traversal
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, Tiny HTTPd 0.1.0
    Vulnerability: tinyhttpd-dotdot-directory-traversal
    X-Force URL: http://www.iss.net/security_center/static/10596.php

    Date Reported: 11/11/2002
    Brief Description: KDE kdenetwork LISa buffer overflow
    Risk Factor: High
    Attack Type: Host Based / Network Based
    Platforms: Linux Any version, SuSE Linux 7.2, SuSE Linux 7.3,
                        SuSE eMail Server III Any version, SuSE Linux
                        Connectivity Server Any version, SuSE Linux
                        Enterprise Server 7, SuSE Linux Office Server Any
                        Version, SuSE eMail Server 3.1, KDE prior to 3.0.5,
                        LISa prior to 0.2.2
    Vulnerability: kde-kdenetwork-lisa-bo
    X-Force URL: http://www.iss.net/security_center/static/10597.php

    Date Reported: 11/11/2002
    Brief Description: KDE kdenetwork lan:// URL handler buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: SuSE Linux 7.2, SuSE Linux 7.3, SuSE eMail Server
                        III Any version, SuSE Linux Connectivity Server Any
                        version, SuSE Linux Enterprise Server 7, SuSE Linux
                        Office Server Any Version, SuSE eMail Server 3.1,
                        KDE prior to 3.0.5, LISa prior to 0.2.2
    Vulnerability: kde-kdenetwork-lan-bo
    X-Force URL: http://www.iss.net/security_center/static/10598.php

    Date Reported: 11/11/2002
    Brief Description: KDE kdelib KIO rlogin:// URL handler remote shell
                        command execution
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Gentoo Linux Any version, KDE
                        prior to 3.0.5
    Vulnerability: kde-rlogin-command-execution
    X-Force URL: http://www.iss.net/security_center/static/10602.php

    Date Reported: 11/11/2002
    Brief Description: KDE kdelib KIO telnet:// URL handler remote shell
                        command execution
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, KDE 2.1 to 2.2.2
    Vulnerability: kde-telnet-command-execution
    X-Force URL: http://www.iss.net/security_center/static/10603.php

    Date Reported: 11/11/2002
    Brief Description: KGPG wizard creates keys with an empty password
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Gentoo Linux Any version, Kpng 0.6 to 0.8.2, KPNG
                        0.6 to 0.8.2
    Vulnerability: kgpg-wizard-empty-password
    X-Force URL: http://www.iss.net/security_center/static/10629.php

    Date Reported: 11/12/2002
    Brief Description: ISC BIND SIG cached resource records (RR) heap
                        buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, Solaris 2.6,
                        HP-UX 10.20, Solaris 7, BIND 8.2, BIND 8.2.1, BIND
                        8.1, BIND 8.1.1, BIND 8.1.2, BIND 8.2.2, Solaris 8,
                        AIX 4.0, HP-UX 11, SuSE Linux 7.0, BIND 4.x, SuSE
                        Linux 7.1, Compaq Tru64 UNIX, SuSE Linux 7.2, SuSE
                        Linux 7.3, SuSE Linux 8.0, Red Hat Linux 7.x, BIND
                        8.3.3, BIND 8.3.2, BIND 8.3.1, BIND 8.3.0, BIND
                        8.2.6, BIND 8.2.5, BIND 8.2.4, BIND 8.2.3, BIND
                        8.2.2-P7, BIND 8.2.2-P5, BIND 8.2.2-P3, FreeBSD <
                        4.7-RELEASE, SuSE Linux 8.1
    Vulnerability: bind-sig-rr-bo
    X-Force URL: http://www.iss.net/security_center/static/10304.php

    Date Reported: 11/12/2002
    Brief Description: ISC BIND OPT resource record (RR) denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, Solaris 2.6,
                        HP-UX 10.20, Solaris 7, BIND 8.2, BIND 8.2.1, BIND
                        8.1, BIND 8.1.1, BIND 8.1.2, BIND 8.2.2, Solaris 8,
                        AIX 4.0, HP-UX 11, SuSE Linux 7.0, SuSE Linux 7.1,
                        Compaq Tru64 UNIX, SuSE Linux 7.3, SuSE Linux 8.0,
                        Red Hat Linux 7.x, BIND 8.3.3, BIND 8.3.2, BIND
                        8.3.1, BIND 8.3.0, BIND 8.2.6, BIND 8.2.5, BIND
                        8.2.4, BIND 8.2.3, BIND 8.2.2-P7, BIND 8.2.2-P5,
                        BIND 8.2.2-P3, FreeBSD < 4.7-RELEASE, SuSE Linux
                        8.1
    Vulnerability: bind-opt-rr-dos
    X-Force URL: http://www.iss.net/security_center/static/10332.php

    Date Reported: 11/12/2002
    Brief Description: ISC BIND SIG null pointer dereference denial of
                        service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, BIND 8.2, BIND
                        8.2.1, BIND 8.1, BIND 8.1.1, BIND 8.1.2, BIND
                        8.2.2, SuSE Linux 7.0, SuSE Linux 7.1, SuSE Linux
                        7.2, SuSE Linux 7.3, SuSE Linux 8.0, BIND 8.3.3,
                        BIND 8.3.2, BIND 8.3.1, BIND 8.3.0, BIND 8.2.6,
                        BIND 8.2.5, BIND 8.2.4, BIND 8.2.3, BIND 8.2.2-P7,
                        BIND 8.2.2-P5, BIND 8.2.2-P3, FreeBSD < 4.7-
                        RELEASE, SuSE Linux 8.1
    Vulnerability: bind-null-dereference-dos
    X-Force URL: http://www.iss.net/security_center/static/10333.php

    Date Reported: 11/12/2002
    Brief Description: Hyperion FTP Server "dot dot" directory traversal
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Hyperion FTP Server 2.8.1
    Vulnerability: hyperion-dotdot-directory-traversal
    X-Force URL: http://www.iss.net/security_center/static/10599.php

    Date Reported: 11/12/2002
    Brief Description: INweb Mail Server HELO command buffer overflow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, INweb Mail Server 2.01
    Vulnerability: inweb-helo-command-bo
    X-Force URL: http://www.iss.net/security_center/static/10601.php

    Date Reported: 11/12/2002
    Brief Description: MasqMail multiple buffer overflows
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, MasqMail Any version
    Vulnerability: masqmail-bo
    X-Force URL: http://www.iss.net/security_center/static/10605.php

    Date Reported: 11/12/2002
    Brief Description: XOOPS WebChat module SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, XOOPS 1.0 RC3
    Vulnerability: xoops-webchat-sql-injection
    X-Force URL: http://www.iss.net/security_center/static/10606.php

    Date Reported: 11/12/2002
    Brief Description: Light HTTPd (LHTTPd) remote buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, LHTTPd 0.1
    Vulnerability: light-httpd-bo
    X-Force URL: http://www.iss.net/security_center/static/10607.php

    Date Reported: 11/12/2002
    Brief Description: Traceroute NANOG implementation buffer overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: SuSE Linux 7.0, SuSE Linux 7.1, SuSE Linux 7.2,
                        SuSE Linux 7.3, SuSE Linux Firewall Any version,
                        SuSE eMail Server III Any version, SuSE Linux
                        Connectivity Server Any version, SuSE Linux
                        Enterprise Server 7, SuSE Linux 8.0, SuSE Linux
                        Office Server Any Version, SuSE eMail Server 3.1
    Vulnerability: traceroute-nanog-bo
    X-Force URL: http://www.iss.net/security_center/static/10608.php

    Date Reported: 11/12/2002
    Brief Description: APBoard PHP forum could allow an attacker to post
                        to protected forums
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: BSD Any version, Linux Any version, Unix Any
                        version, APBoard 2.02, APBoard 2.03
    Vulnerability: apboard-protected-forum-bypass
    X-Force URL: http://www.iss.net/security_center/static/10611.php

    Date Reported: 11/12/2002
    Brief Description: W3Mail invalid file argument could allow an
                        attacker to read files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Unix Any version, W3Mail Any version
    Vulnerability: w3mail-argument-read-files
    X-Force URL: http://www.iss.net/security_center/static/10612.php

    Date Reported: 11/12/2002
    Brief Description: ISC BIND DNS stub resolver library (libresolv.a)
                        stack buffer overflows
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, BIND 4.9.2 to
                        4.9.10
    Vulnerability: bind-dns-libresolv-bo
    X-Force URL: http://www.iss.net/security_center/static/10624.php

    Date Reported: 11/13/2002
    Brief Description: LibHTTPD httpdProcessRequest() function buffer
                        overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, LibHTTPD 1.2
    Vulnerability: libhttpd-httpdprocessrequest-bo
    X-Force URL: http://www.iss.net/security_center/static/10615.php

    Date Reported: 11/13/2002
    Brief Description: phpBB quick_reply.php script could allow an
                        attacker to include PHP files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, phpBB Any version
    Vulnerability: phpbb-quickreply-file-include
    X-Force URL: http://www.iss.net/security_center/static/10617.php

    Date Reported: 11/13/2002
    Brief Description: libpcap and tcpdump downloads could contain a
                        backdoor
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, tcpdump 3.6.2, tcpdump 3.7.1,
                        libcap 0.7.1
    Vulnerability: libpcap-tcpdump-backdoor
    X-Force URL: http://www.iss.net/security_center/static/10620.php

    Date Reported: 11/13/2002
    Brief Description: SURECOM Internet Mini Broadband Router EP-4501
                        default SNMP
    Risk Factor: High
    Attack Type: Network Based
    Platforms: SURECOM Internet Mini Broadband Router EP-4501
    Vulnerability: surecom-default-snmp-string
    X-Force URL: http://www.iss.net/security_center/static/10621.php

    Date Reported: 11/13/2002
    Brief Description: KeyFocus GET request directory traversal
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, KF Web server 1.x
    Vulnerability: keyfocus-get-directory-traversal
    X-Force URL: http://www.iss.net/security_center/static/10622.php

    Date Reported: 11/13/2002
    Brief Description: AirStation WLA-L11G access point port scan denial
                        of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: AirStation WLA-L11G 2.31
    Vulnerability: airstation-wla-l11g-ap-dos
    X-Force URL: http://www.iss.net/security_center/static/10623.php

    Date Reported: 11/13/2002
    Brief Description: IBM HTTP Server could disclose the Web root path
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: AS/400 Any version, IBM HTTP Server 1.0
    Vulnerability: ibm-http-path-disclosure
    X-Force URL: http://www.iss.net/security_center/static/10628.php

    Date Reported: 11/14/2002
    Brief Description: IISPop EMail Server buffer overflow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, IISPop EMail Server 1.161 and
                        1.181
    Vulnerability: iispop-email-server-bo
    X-Force URL: http://www.iss.net/security_center/static/10632.php

    Date Reported: 11/14/2002
    Brief Description: LiteServe CGI script source disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows NT Any version, Windows 95, Windows 2000
                        Any version, Windows CE, LiteServe prior to 2.03
    Vulnerability: liteserve-script-source-disclosure
    X-Force URL: http://www.iss.net/security_center/static/10635.php

    Date Reported: 11/14/2002
    Brief Description: Mozilla and Netscape jar URL handler heap buffer
                        overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Windows Any version, Netscape Navigator Any
                        version, Mozilla Any version
    Vulnerability: mozilla-netscape-jar-bo
    X-Force URL: http://www.iss.net/security_center/static/10636.php

    Date Reported: 11/15/2002
    Brief Description: Zeroo HTTP Server buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Zeroo HTTP
                        Server 1.5
    Vulnerability: zeroo-http-server-bo
    X-Force URL: http://www.iss.net/security_center/static/10642.php

    Date Reported: 11/15/2002
    Brief Description: Courier mail transport agent (MTA) fails to
                        properly enforce permissions
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, Courier Any version
    Vulnerability: courier-mta-insecure-permissions
    X-Force URL: http://www.iss.net/security_center/static/10643.php

    Date Reported: 11/16/2002
    Brief Description: GNU Compiler Collection (GCC) memset() function
                        results in weaker security
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, GNU Compiler
                        Collection (GCC) 3.2
    Vulnerability: gcc-memset-weak-security
    X-Force URL: http://www.iss.net/security_center/static/10641.php

    Date Reported: 11/17/2002
    Brief Description: LiteServe percent characters denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, LiteServe bla
    Vulnerability: liteserve-percent-character-dos
    X-Force URL: http://www.iss.net/security_center/static/10644.php

    _____

    Risk Factor Key:

         High Any vulnerability that provides an attacker with immediate
                  access into a machine, gains superuser access, or bypasses
                  a firewall. Example: A vulnerable Sendmail 8.6.5 version
                  that allows an intruder to execute commands on mail server.
         Medium Any vulnerability that provides information that has a high
                  potential of giving system access to an intruder. Example:
                  A misconfigured TFTP or vulnerable NIS server that allows
                  an intruder to get the password file that could contain an
                  account with a guessable password.
         Low Any vulnerability that provides information that could
                  potentially lead to a compromise. Example: A finger that
                  allows an intruder to find out who is online and potential
                  accounts to attempt to crack passwords via brute force
                  methods.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforce@iss.net for
    permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the userís risk. In no event
    shall Internet Security Systems be held liable for any damages whatsoever arising
    out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://www.iss.net/security_center/sensitive.php

    Please send suggestions, updates, and comments to: X-Force
    xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPdk+QTRfJiV99eG9AQEsQgP/bGYcccRWHQiN3qyfQ1CRSqZMn1M+blBU
    xUInAcOZ8RH0kLChXI91S14FhiF/3lzxyq9ciAqMlPrAXaEGhafdI1Op5DbpWNNQ
    0Y+gWrmFVYhobFiYc4D867v57UN9m/9rECBqVwz9lyhhq7kGeuMierVfS85OOyiG
    gWUUcBBzW3s=
    =eE+J
    -----END PGP SIGNATURE-----