ISS Security Alert Summary AS03-06

From: X-Force (xforce@iss.net)
Date: 02/10/03

  • Next message: Brass, Phil (ISS Atlanta): "RE: SQL injection - get more values"
    To: alert@iss.net
    From: X-Force <xforce@iss.net>
    Date: Mon, 10 Feb 2003 17:43:27 -0500 (EST)
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary AS03-06
    February 10, 2003

    X-Force Vulnerability and Threat Database:
    http://www.iss.net/security_center

    To receive these Alert Summaries, as well as other Alerts and
    Advisories, subscribe to the Internet Security Systems Alert
    mailing list at:
    http://www.iss.net/security_center/maillists

    This summary is available at the following address:
    http://www.iss.net/security_center/alerts/AS03-06.php
    _____
    Contents:
    * 33 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 01/27/2003
    Brief Description: Nukebrowser $filhead remote PHP file include
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, Nukebrowser 2.1 to 2.41
    Vulnerability: nukebrowser-php-file-include
    X-Force URL: http://www.iss.net/security_center/static/11217.php

    Date Reported: 01/28/2003
    Brief Description: WebLogic keystores store plaintext passwords
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Windows NT 4.0, Solaris 2.6, HP-UX 11.00, Red Hat
                        Linux Any version, Solaris 7, Solaris 8, Windows
                        2000 Server, Windows 2000 Advanced Server, HP-UX
                        11i, AIX 4.3.3, Windows XP, AIX 5.1L, Windows 2000
                        Professional, WebLogic Server 7.0, WebLogic Server
                        7.0.0.1, WebLogic Express 7.0, WebLogic Express
                        7.0.0.1
    Vulnerability: weblogic-keystore-plaintext-passwords
    X-Force URL: http://www.iss.net/security_center/static/11220.php

    Date Reported: 01/28/2003
    Brief Description: WebLogic clustered environment race condition
                        session sharing
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Tru64 UNIX Any version, Windows NT 4.0, Solaris
                        2.6, HP-UX 11.00, Red Hat Linux Any version, SuSE
                        Linux Any version, Solaris 7, Solaris 8, Windows
                        2000 Server, Windows 2000 Advanced Server, WebLogic
                        Server 6.0, HP-UX 11i, AIX 4.3.3, Windows XP,
                        WebLogic Express 5.1, Compaq NonStop Himalaya
                        Servers Any version, AIX 5.1L, Solaris 9, Windows
                        2000 Professional, OpenVMS Any version, WebLogic
                        Server 6.1, WebLogic Server 7.0, WebLogic Server
                        7.0.0.1, WebLogic Express 6.1, WebLogic Express
                        7.0, WebLogic Express 7.0.0.1, WebLogic Express
                        6.0, WebLogic Server 5.1, IBM AS/400e OS/400
                        V4R4/V4R5, IBM Dynix/ptx Any version, IBM S/390
    Vulnerability: weblogic-clustered-race-condition
    X-Force URL: http://www.iss.net/security_center/static/11221.php

    Date Reported: 01/28/2003
    Brief Description: IlohaMail compose.php script could allow an
                        attacker to upload files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Mac OS X Any version, IlohaMail
                        prior to 0.7.9
    Vulnerability: ilohamail-compose-file-upload
    X-Force URL: http://www.iss.net/security_center/static/11251.php

    Date Reported: 01/31/2003
    Brief Description: SILC stores passwords and session information in
                        plain text
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, SILC Client Any version
    Vulnerability: silc-plaintext-account-information
    X-Force URL: http://www.iss.net/security_center/static/11244.php

    Date Reported: 01/31/2003
    Brief Description: SpamProbe HTML tag new line denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, SpamProbe 0.8a
    Vulnerability: spamprobe-newlines-href-dos
    X-Force URL: http://www.iss.net/security_center/static/11247.php

    Date Reported: 02/02/2003
    Brief Description: BladeEnc myFseek() code execution
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: BSD Any version, Linux Any version, Windows Any
                        version, Unix Any version, Gentoo Linux Any
                        version, BladeEnc 0.94.2 and earlier
    Vulnerability: bladeenc-myfseek-code-execution
    X-Force URL: http://www.iss.net/security_center/static/11227.php

    Date Reported: 02/02/2003
    Brief Description: KaZaA automated advertisement download buffer
                        overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Windows XP Professional, KaZaA 2.0.2
    Vulnerability: kazaa-automated-ad-bo
    X-Force URL: http://www.iss.net/security_center/static/11228.php

    Date Reported: 02/03/2003
    Brief Description: PHP-Nuke avatar field could allow an attacker to
                        execute code
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, PHP-Nuke 6.0 and earlier
    Vulnerability: phpnuke-avatar-code-execution
    X-Force URL: http://www.iss.net/security_center/static/11229.php

    Date Reported: 02/03/2003
    Brief Description: OpenBSD chpass user database information disclosure
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: OpenBSD 2.1, OpenBSD 2.2, OpenBSD 2.3, OpenBSD 2.4,
                        OpenBSD 2.0, OpenBSD 2.5, OpenBSD 2.6, OpenBSD 2.7,
                        OpenBSD 2.8, OpenBSD 2.9, OpenBSD 3.0, OpenBSD 3.1,
                        OpenBSD 3.2
    Vulnerability: openbsd-chpass-information-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11233.php

    Date Reported: 02/03/2003
    Brief Description: Majordomo which_access variable set to "open" could
                        disclose email addresses
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Unix Any version, Majordomo 2 and earlier
    Vulnerability: majordomo-whichaccess-email-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11243.php

    Date Reported: 02/03/2003
    Brief Description: Linux kernel O_DIRECT information leak
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux
                        7.3, Red Hat Linux 8.0, Mandrake Linux 9.0, Linux
                        kernel 2.4.10 to 2.4.18
    Vulnerability: linux-odirect-information-leak
    X-Force URL: http://www.iss.net/security_center/static/11249.php

    Date Reported: 02/03/2003
    Brief Description: Internet Explorer dragDrop() method could be used
                        to read local files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        5.5, Microsoft Internet Explorer 6.0, Microsoft
                        Internet Explorer 6.0 SP1
    Vulnerability: ie-dragdrop-read-files
    X-Force URL: http://www.iss.net/security_center/static/11250.php

    Date Reported: 02/03/2003
    Brief Description: Red Hat Linux pam_xauth could allow an attacker to
                        gain privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux
                        7.3, Red Hat Linux 8.0
    Vulnerability: linux-pamxauth-gain-privileges
    X-Force URL: http://www.iss.net/security_center/static/11254.php

    Date Reported: 02/04/2003
    Brief Description: 32bit FTP banner buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Windows Any version, 32bit FTP 9.49.01
    Vulnerability: 32bit-ftp-banner-bo
    X-Force URL: http://www.iss.net/security_center/static/11234.php

    Date Reported: 02/04/2003
    Brief Description: ByteCatcher FTP banner buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Windows Any version, ByteCatcher FTP 1.04b
    Vulnerability: bytecatcher-ftp-banner-bo
    X-Force URL: http://www.iss.net/security_center/static/11235.php

    Date Reported: 02/04/2003
    Brief Description: Opera cross-domain security zone access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Opera 7
    Vulnerability: opera-cross-domain-access
    X-Force URL: http://www.iss.net/security_center/static/11238.php

    Date Reported: 02/04/2003
    Brief Description: Opera custom debug message could access files
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Opera 7
    Vulnerability: opera-debug-file-access
    X-Force URL: http://www.iss.net/security_center/static/11239.php

    Date Reported: 02/04/2003
    Brief Description: Opera directive image cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Opera 7
    Vulnerability: opera-image-file-xss
    X-Force URL: http://www.iss.net/security_center/static/11240.php

    Date Reported: 02/04/2003
    Brief Description: Opera could expose a user's browser history
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, Opera 7
    Vulnerability: opera-history-exposure
    X-Force URL: http://www.iss.net/security_center/static/11241.php

    Date Reported: 02/04/2003
    Brief Description: Opera error methods can be used to view visited
                        URLs
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, Opera 7
    Vulnerability: opera-error-method-access
    X-Force URL: http://www.iss.net/security_center/static/11242.php

    Date Reported: 02/04/2003
    Brief Description: IBM WebSphere uses weak encryption algorithm to
                        store passwords in an exported XML file
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: AIX Any version, HP-UX Any version, Linux Any
                        version, Unix Any version, Windows NT Any version,
                        Windows 2000 Any version, IBM WebSphere Advanced
                        Server Edition 4.0.4
    Vulnerability: websphere-xml-weak-encryption
    X-Force URL: http://www.iss.net/security_center/static/11245.php

    Date Reported: 02/04/2003
    Brief Description: TOPo in.php or out.php path disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows Any version, TOPo 1.43 and earlier
    Vulnerability: topo-path-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11248.php

    Date Reported: 02/04/2003
    Brief Description: phpMyNewsletter customize.php unauthorized file
                        access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows Any version, Unix Any
                        version, phpMyNewsletter 0.6.11
    Vulnerability: phpmynewsletter-customize-file-access
    X-Force URL: http://www.iss.net/security_center/static/11261.php

    Date Reported: 02/04/2003
    Brief Description: Windows 2000 NetBIOS continuation packets denial of
                        service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Windows 2000 Server, Windows 2000 Advanced Server,
                        Windows 2000 Datacenter Server, Windows 2000
                        Professional, Windows 2000 Terminal Services
    Vulnerability: win2k-netbios-continuation-dos
    X-Force URL: http://www.iss.net/security_center/static/11274.php

    Date Reported: 02/05/2003
    Brief Description: Internet Explorer dialog box zone bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        5.01, Microsoft Internet Explorer 5.5, Microsoft
                        Internet Explorer 6.0
    Vulnerability: ie-dialog-zone-bypass
    X-Force URL: http://www.iss.net/security_center/static/11258.php

    Date Reported: 02/05/2003
    Brief Description: Internet Explorer showHelp() zone bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Any version, Microsoft Internet Explorer
                        5.01, Microsoft Internet Explorer 5.5, Microsoft
                        Internet Explorer 6.0
    Vulnerability: ie-showhelp-zone-bypass
    X-Force URL: http://www.iss.net/security_center/static/11259.php

    Date Reported: 02/05/2003
    Brief Description: Windows XP Windows Redirector buffer overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Windows XP
    Vulnerability: winxp-windows-redirector-bo
    X-Force URL: http://www.iss.net/security_center/static/11260.php

    Date Reported: 02/06/2003
    Brief Description: AbsoluteTelnet title bar code buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Windows Any version, AbsoluteTelnet 2.00,
                        AbsoluteTelnet 2.11
    Vulnerability: absolutetelnet-title-bar-bo
    X-Force URL: http://www.iss.net/security_center/static/11265.php

    Date Reported: 02/06/2003
    Brief Description: F-Prot FreeBSD for Small Business command line
                        buffer overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: FreeBSD Any version, F-Prot FreeBSD for Small
                        Business 3.12b
    Vulnerability: fprot-command-line-bo
    X-Force URL: http://www.iss.net/security_center/static/11271.php

    Date Reported: 02/06/2003
    Brief Description: CuteFTP long URL clipboard buffer overflow
    Risk Factor: Low
    Attack Type: Host Based
    Platforms: Windows Any version, CuteFTP 5.0 XP
    Vulnerability: cuteftp-url-clipboard-bo
    X-Force URL: http://www.iss.net/security_center/static/11275.php

    Date Reported: 02/07/2003
    Brief Description: HP-UX /usr/sbin/wall buffer overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: HP-UX Any version
    Vulnerability: hp-wall-bo
    X-Force URL: http://www.iss.net/security_center/static/11272.php

    Date Reported: 02/07/2003
    Brief Description: Red Hat Linux uml_net utility could allow an
                        attacker to gain privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Red Hat Linux 8.0
    Vulnerability: linux-umlnet-gain-privileges
    X-Force URL: http://www.iss.net/security_center/static/11276.php

    _____

    Risk Factor Key:

         High Security issues that allow immediate remote, or local access
                  or immediate execution of code or commands, with unauthorized
                  privileges. Examples are most buffer overflows, backdoors,
                  default or no password, and bypassing security on firewalls
                  or other network components.
         Medium Security issues that have the potential of granting access or
                  allowing code execution by means of complex or lengthy exploit
                  procedures, or low risk issues applied to major Internet
                  components. Examples are cross-site scripting, man-in-the-middle
                  attacks, SQL injection, denial of service of major applications,
                  and denial of service resulting in system information disclosure
                  (such as core files).
         Low Security issues that deny service or provide non-system
                  information that could be used to formulate structured attacks
                  on a target, but not directly gain unauthorized access. Examples
                  are brute force attacks, non-system information disclosure
                  (configurations, paths, etc.), and denial of service attacks.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforce@iss.net for
    permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the userís risk. In no event
    shall Internet Security Systems be held liable for any damages whatsoever arising
    out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://www.iss.net/security_center/sensitive.php

    Please send suggestions, updates, and comments to: X-Force

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPkgq8zRfJiV99eG9AQHREQP+K7PpZZFK/v9MkmD/gGuDqMR9j4jIbEmt
    EDOWXxku9Z/yflbZQr+V/q6kta5aqfUBc4tEifqwRXi251qjx6/BkTqKizOAJElv
    wPg0/bWUG7UwEyiEN9drEKkCUXR2fpy+hl1oaNUccaevCdTdAgtv2DCArkxP/VzY
    E+QAgVB2gTs=
    =Gg57
    -----END PGP SIGNATURE-----