ISS Security Alert Summary AS03-07
From: X-Force (xforce@iss.net)
Date: 02/17/03
- Previous message: Brass, Phil (ISS Atlanta): "RE: SQL injection - get more values"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: alert@iss.net From: X-Force <xforce@iss.net> Date: Mon, 17 Feb 2003 14:44:10 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS03-07
February 17, 2003
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS03-07.php
_____
Contents:
* 48 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 02/04/2003
Brief Description: Windows 2000 RPC (Remote Procedure Call) service
could allow an attacker to gain elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Windows 2000 Server, Windows 2000 Advanced Server,
Windows 2000 Datacenter Server, Windows 2000
Professional, Windows 2000 Terminal Services
Vulnerability: win2k-rpc-gain-privileges
X-Force URL: http://www.iss.net/security_center/static/11273.php
Date Reported: 02/05/2003
Brief Description: Unreal Tournament Server known file directory
traversal
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unreal
Tournament Server 436 and earlier
Vulnerability: ut-file-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/11299.php
Date Reported: 02/05/2003
Brief Description: Unreal Tournament Server long Unreal URL request
memory corruption
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unreal
Tournament Server 436 and earlier
Vulnerability: ut-url-memory-corruption
X-Force URL: http://www.iss.net/security_center/static/11301.php
Date Reported: 02/05/2003
Brief Description: Unreal Tournament Server malformed packet denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unreal
Tournament Server 436 and earlier
Vulnerability: ut-packet-dos
X-Force URL: http://www.iss.net/security_center/static/11302.php
Date Reported: 02/05/2003
Brief Description: Unreal Tournament Server request to join denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unreal
Tournament Server 436 and earlier
Vulnerability: ut-join-request-dos
X-Force URL: http://www.iss.net/security_center/static/11304.php
Date Reported: 02/05/2003
Brief Description: Unreal Tournament Server large negative index
memory corruption
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Windows Any version, Unreal
Tournament Server 436 and earlier
Vulnerability: ut-negative-memory-corruption
X-Force URL: http://www.iss.net/security_center/static/11305.php
Date Reported: 02/06/2003
Brief Description: eSafe Gateway Check Point Content Vectoring
Protocol (CVP) messages could bypass content
filtering
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, eSafe
Gateway 3.5 Build 126
Vulnerability: esafe-gateway-filter-bypass
X-Force URL: http://www.iss.net/security_center/static/11295.php
Date Reported: 02/08/2003
Brief Description: WinZip PKZIP weak password encryption algorithm
Risk Factor: Low
Attack Type: Host Based
Platforms: Windows Any version, Winzip 8.0
Vulnerability: winzip-pkzip-weak-encryption
X-Force URL: http://www.iss.net/security_center/static/11296.php
Date Reported: 02/09/2003
Brief Description: Cedric Email Reader PHP file include
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Cedric Email Reader 0.2, Cedric Email
Reader 0.3, Cedric Email Reader 0.4
Vulnerability: cedric-email-file-include
X-Force URL: http://www.iss.net/security_center/static/11278.php
Date Reported: 02/09/2003
Brief Description: NETGEAR FM114P hexadecimal URL encoded "dot dot"
directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: NETGEAR FM114P 1.4 Beta Release 17
Vulnerability: netgear-fm114p-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/11279.php
Date Reported: 02/09/2003
Brief Description: Opera long username URL request buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Windows Any version, Opera 6.05 build 1140, Opera
beta2 build 2577
Vulnerability: opera-username-url-bo
X-Force URL: http://www.iss.net/security_center/static/11281.php
Date Reported: 02/09/2003
Brief Description: NetHack -s command buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: FreeBSD Ports Collection Any version, Red Hat Linux
8.0, NetHack 3.4.0
Vulnerability: nethack-s-command-bo
X-Force URL: http://www.iss.net/security_center/static/11283.php
Date Reported: 02/09/2003
Brief Description: Gallery creates an insecure album directory
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux Any version, Gallery 1.3.3
Vulnerability: gallery-album-insecure-directory
X-Force URL: http://www.iss.net/security_center/static/11284.php
Date Reported: 02/09/2003
Brief Description: CryptoBuddy truncated passwords results in weaker
security
Risk Factor: Low
Attack Type: Network Based
Platforms: Windows Any version, CryptoBuddy 1.2 and earlier
Vulnerability: cryptobuddy-truncate-weak-security
X-Force URL: http://www.iss.net/security_center/static/11294.php
Date Reported: 02/09/2003
Brief Description: CryptoBuddy stores bytes of passwords in plain text
Risk Factor: Low
Attack Type: Host Based
Platforms: Windows Any version, CryptoBuddy 1.2 and earlier
Vulnerability: cryptobuddy-plaintext-password-bytes
X-Force URL: http://www.iss.net/security_center/static/11297.php
Date Reported: 02/09/2003
Brief Description: CryptoBuddy weak passphrase encryption
Risk Factor: Low
Attack Type: Host Based
Platforms: Windows Any version, CryptoBuddy 1.2 and earlier
Vulnerability: cryptobuddy-password-dictionary
X-Force URL: http://www.iss.net/security_center/static/11298.php
Date Reported: 02/09/2003
Brief Description: Abyss Web Server Web management interface brute
force attack
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Abyss Web
Server 1.1.2 and prior
Vulnerability: abyss-web-admin-bruteforce
X-Force URL: http://www.iss.net/security_center/static/11310.php
Date Reported: 02/09/2003
Brief Description: CryptoBuddy could allow password modification to
obtain sensitive information
Risk Factor: Medium
Attack Type: Host Based
Platforms: Windows Any version, CryptoBuddy 1.2 and earlier
Vulnerability: cryptobuddy-password-information-disclosure
X-Force URL: http://www.iss.net/security_center/static/11317.php
Date Reported: 02/10/2003
Brief Description: SQLBase EXECUTE long command or procedure name
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, SQLBase 8.1.0
Vulnerability: sqlbase-execute-long-bo
X-Force URL: http://www.iss.net/security_center/static/11269.php
Date Reported: 02/10/2003
Brief Description: Opera plugincontext.showDocument() function buffer
overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Opera 6.05, Opera 7.01, Windows XP Any version
Vulnerability: opera-plugincontextshowdocument-bo
X-Force URL: http://www.iss.net/security_center/static/11280.php
Date Reported: 02/10/2003
Brief Description: NOD32 for UNIX long pathname buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: NOD32 for UNIX 1.012 and earlier, Unix Any version
Vulnerability: nod32-pathname-bo
X-Force URL: http://www.iss.net/security_center/static/11282.php
Date Reported: 02/11/2003
Brief Description: Posadis DNS packet denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Posadis 0.50.4, Posadis 0.50.5, Posadis
0.50.6, Posadis 0.50.7, Posadis 0.50.8
Vulnerability: posadis-dns-packet-dos
X-Force URL: http://www.iss.net/security_center/static/11285.php
Date Reported: 02/11/2003
Brief Description: Ericsson HM220dp could allow an attacker to bypass
authentication
Risk Factor: Medium
Attack Type: Network Based
Platforms: Ericsson HM220dp Any version
Vulnerability: ericsson-hm220dp-auth-bypass
X-Force URL: http://www.iss.net/security_center/static/11290.php
Date Reported: 02/11/2003
Brief Description: Kaspersky Antivirus (KAV) long file path denial of
service
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Windows NT 4.0, Windows 2000 Server, Windows 2000
Workstation, Kaspersky Antivirus (KAV) 4.0.9.0
Vulnerability: kav-long-path-dos
X-Force URL: http://www.iss.net/security_center/static/11291.php
Date Reported: 02/11/2003
Brief Description: Kaspersky Antivirus (KAV) device path name
protection bypass
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Windows NT 4.0, Windows 2000 Server, Windows 2000
Workstation, Kaspersky Antivirus (KAV) 4.0.9.0
Vulnerability: kav-device-name-bypass
X-Force URL: http://www.iss.net/security_center/static/11292.php
Date Reported: 02/11/2003
Brief Description: FAR long path name buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Windows Any version, FAR 1.70beta4 and prior
Vulnerability: far-long-path-bo
X-Force URL: http://www.iss.net/security_center/static/11293.php
Date Reported: 02/11/2003
Brief Description: Solaris mail(1) could allow unauthorized access to
other user's email
Risk Factor: Medium
Attack Type: Host Based
Platforms: Solaris 2.6, Solaris 7, Solaris 8, Solaris 9
Vulnerability: solaris-mail-unauthorized-access
X-Force URL: http://www.iss.net/security_center/static/11303.php
Date Reported: 02/11/2003
Brief Description: Cisco IOS invalid ICMP redirects could reroute
packets
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco IOS Any version
Vulnerability: cisco-ios-icmp-redirect
X-Force URL: http://www.iss.net/security_center/static/11306.php
Date Reported: 02/11/2003
Brief Description: CGI::Lite Perl module escape_dangerous_chars()
shell command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, CGI::Lite 2.0
Vulnerability: cgilite-shell-command-execution
X-Force URL: http://www.iss.net/security_center/static/11308.php
Date Reported: 02/11/2003
Brief Description: Oracle Database Server BFILENAME() DIRECTORY buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, IRIX Any
version, Linux Any version, Solaris Any version,
Tru64 UNIX Any version, Windows NT Any version,
DG/UX Any version, Novell NetWare Any version,
Windows 2000 Any version, Windows XP, OpenVMS Any
version, Oracle9i Database Server Release 2 Any
version, Oracle9i Database Server Release 1 Any
version, Oracle8i Database Server 8.1.7, Oracle8i
Database Server 8.0.6, Caldera UnixWare Any
version, IBM OS/390 Any version
Vulnerability: oracle-bfilename-directory-bo
X-Force URL: http://www.iss.net/security_center/static/11325.php
Date Reported: 02/11/2003
Brief Description: Oracle Database Server TZ_OFFSET() buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, IRIX Any
version, Linux Any version, Solaris Any version,
Tru64 UNIX Any version, Windows NT Any version,
DG/UX Any version, Novell NetWare Any version,
Windows 2000 Any version, Windows XP, OpenVMS Any
version, Oracle9i Database Server Release 2 Any
version, Oracle9i Database Server Release 1 Any
version, Oracle8i Database Server 8.1.7, Oracle8i
Database Server 8.0.6, Caldera UnixWare Any
version, IBM OS/390 Any version
Vulnerability: oracle-tzoffset-bo
X-Force URL: http://www.iss.net/security_center/static/11326.php
Date Reported: 02/11/2003
Brief Description: Oracle Database Server TO_TIMESTAMP_TZ() buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, IRIX Any
version, Linux Any version, Solaris Any version,
Tru64 UNIX Any version, Windows NT Any version,
DG/UX Any version, Novell NetWare Any version,
Windows 2000 Any version, Windows XP, OpenVMS Any
version, Oracle9i Database Server Release 2 Any
version, Oracle9i Database Server Release 1 Any
version, Oracle8i Database Server 8.1.7, Oracle8i
Database Server 8.0.6, Caldera UnixWare Any
version, IBM OS/390 Any version
Vulnerability: oracle-totimestamptz-bo
X-Force URL: http://www.iss.net/security_center/static/11327.php
Date Reported: 02/11/2003
Brief Description: Oracle Database Server ORACLE.EXE buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, IRIX Any
version, Linux Any version, Solaris Any version,
Tru64 UNIX Any version, Windows NT Any version,
DG/UX Any version, Novell NetWare Any version,
Windows 2000 Any version, Windows XP, OpenVMS Any
version, Oracle9i Database Server Release 2 Any
version, Oracle9i Database Server Release 1 Any
version, Oracle8i Database Server 8.1.7, Oracle8i
Database Server 8.0.6, Caldera UnixWare Any
version, IBM OS/390 Any version
Vulnerability: oracle-oracle-exe-bo
X-Force URL: http://www.iss.net/security_center/static/11328.php
Date Reported: 02/11/2003
Brief Description: Windows NT and 2000 cmd.exe CD path name buffer
overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Windows NT 4.0, Windows 2000 Any version
Vulnerability: win-cmd-cd-bo
X-Force URL: http://www.iss.net/security_center/static/11329.php
Date Reported: 02/11/2003
Brief Description: Oracle9i Application Server DAV_PUBLIC directory
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, Linux Any
version, Solaris Any version, Tru64 UNIX Any
version, Windows NT Any version, Windows 2000 Any
version, Oracle9i Application Server 9.0.2
Vulnerability: oracle-appserver-davpublic-dos
X-Force URL: http://www.iss.net/security_center/static/11330.php
Date Reported: 02/11/2003
Brief Description: Oracle9i Application Server MOD_ORADAV module
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, Linux Any
version, Solaris Any version, Tru64 UNIX Any
version, Windows NT Any version, Windows 2000 Any
version, Oracle9i Application Server 9.0.2,
Oracle9i Application Server 9.0.3
Vulnerability: oracle-appserver-modoradav-dos
X-Force URL: http://www.iss.net/security_center/static/11331.php
Date Reported: 02/12/2003
Brief Description: AIX aixterm libIM library buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: AIX 5.1, AIX 4.3.3, AIX 5.2
Vulnerability: aix-aixterm-libim-bo
X-Force URL: http://www.iss.net/security_center/static/11309.php
Date Reported: 02/12/2003
Brief Description: Lotus Domino Web server "dot" file download
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Lotus Domino 5.x, Lotus Domino 6.x
Vulnerability: lotus-domino-dot-file-download
X-Force URL: http://www.iss.net/security_center/static/11311.php
Date Reported: 02/12/2003
Brief Description: HP-UX rs.F3000 could allow daemon account access
Risk Factor: Medium
Attack Type: Host Based
Platforms: HP-UX 10.x, HP-UX 11.x
Vulnerability: hp-rsf3000-daemon-access
X-Force URL: http://www.iss.net/security_center/static/11312.php
Date Reported: 02/12/2003
Brief Description: HP-UX stmkfont buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: HP-UX 10.x, HP-UX 11.x
Vulnerability: hp-stmkfont-bo
X-Force URL: http://www.iss.net/security_center/static/11313.php
Date Reported: 02/12/2003
Brief Description: HP-UX landiag and lanadmin buffer overflows
Risk Factor: High
Attack Type: Host Based
Platforms: HP-UX 10.x, HP-UX 11.x
Vulnerability: hp-landiag-lanadmin-bo
X-Force URL: http://www.iss.net/security_center/static/11314.php
Date Reported: 02/12/2003
Brief Description: HP-UX rpc.yppasswdd buffer overflow
Risk Factor: Medium
Attack Type: Host Based
Platforms: HP-UX 10.x, HP-UX 11.x
Vulnerability: hp-rpcyppasswdd-bo
X-Force URL: http://www.iss.net/security_center/static/11315.php
Date Reported: 02/13/2003
Brief Description: HP-UX line printer daemon disable command buffer
overflow
Risk Factor: High
Attack Type: Host Based
Platforms: HP-UX 11.00
Vulnerability: hp-lp-disable-bo
X-Force URL: http://www.iss.net/security_center/static/11316.php
Date Reported: 02/13/2003
Brief Description: util-linux mcookie utility generates predictable
cookies
Risk Factor: Low
Attack Type: Host Based
Platforms: Mandrake Linux 8.2, Mandrake Linux 9.0
Vulnerability: utillinux-mcookie-cookie-predictable
X-Force URL: http://www.iss.net/security_center/static/11318.php
Date Reported: 02/13/2003
Brief Description: CheetaChat stores passwords in plain text in the
yaliases.dat file
Risk Factor: Medium
Attack Type: Host Based
Platforms: Windows Any version, CheetaChat 6.5.10 and earlier
Vulnerability: cheetachat-yaliases-plaintext-password
X-Force URL: http://www.iss.net/security_center/static/11320.php
Date Reported: 02/14/2003
Brief Description: Mac OS X TruBlueEnvironment could allow an attacker
to gain elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Mac OS X prior to 10.2.4
Vulnerability: macos-trublueenvironment-gain-privileges
X-Force URL: http://www.iss.net/security_center/static/11332.php
Date Reported: 02/14/2003
Brief Description: Mac OS X Apple File Protocol (AFP) unauthorized access
Risk Factor: High
Attack Type: Network Based
Platforms: Mac OS X prior to 10.2.4
Vulnerability: macos-afp-unauthorized-access
X-Force URL: http://www.iss.net/security_center/static/11333.php
Date Reported: 02/15/2003
Brief Description: Apcupsd log_event() function format string attack
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Apcupsd 3.8.5
and earlier, Apcupsd 3.10.4 and earlier
Vulnerability: apcupsd-logevent-format-string
X-Force URL: http://www.iss.net/security_center/static/11334.php
_____
Risk Factor Key:
High Security issues that allow immediate remote, or local access
or immediate execution of code or commands, with unauthorized
privileges. Examples are most buffer overflows, backdoors,
default or no password, and bypassing security on firewalls
or other network components.
Medium Security issues that have the potential of granting access or
allowing code execution by means of complex or lengthy exploit
procedures, or low risk issues applied to major Internet
components. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service of major applications,
and denial of service resulting in system information disclosure
(such as core files).
Low Security issues that deny service or provide non-system
information that could be used to formulate structured attacks
on a target, but not directly gain unauthorized access. Examples
are brute force attacks, non-system information disclosure
(configurations, paths, etc.), and denial of service attacks.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user’s risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPlE7aDRfJiV99eG9AQEGLgP9FPUaTfW5T7dYbRWJK7IJOL9YeVT9SOUU
3pCdy+AAMpIMW4XS0//eNc6wI0b02yTCNZNTNICt3DNkj1PpGnGzdOIr1eNyZyu4
ho5YflYb3nGKuk62Td1OQOPoZAJ+y0rlKhAcYLj/pHl/MLMmFJTVxN5h4NYc3zkV
HqHsB7kvbgQ=
=vb/f
-----END PGP SIGNATURE-----
- Next message: Internet Security Systems: "Internet Scanner, System Scanner, SAFEsuite Decisions Updates"
- Previous message: Brass, Phil (ISS Atlanta): "RE: SQL injection - get more values"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
