ISS Security Alert Summary AS03-11

From: X-Force (xforce@iss.net)
Date: 03/17/03

  • Next message: ISS Customer Relations: "[Customerconnect] ISS Product Release and Update Summary"
    To: alert@iss.net
    From: X-Force <xforce@iss.net>
    Date: Mon, 17 Mar 2003 14:35:03 -0500 (EST)
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary AS03-11
    March 17, 2003

    X-Force Vulnerability and Threat Database:
    http://www.iss.net/security_center

    To receive these Alert Summaries, as well as other Alerts and
    Advisories, subscribe to the Internet Security Systems Alert
    mailing list at:
    http://www.iss.net/security_center/maillists

    This summary is available at the following address:
    http://www.iss.net/security_center/alerts/AS03-11.php
    _____
    Contents:
    * 39 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 03/08/2003
    Brief Description: Upload Lite malicious file upload
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Upload Lite 3.22, Windows NT Any version
    Vulnerability: upload-lite-file-upload
    X-Force URL: http://www.iss.net/security_center/static/11502.php

    Date Reported: 03/10/2003
    Brief Description: DeleGate User-Agent pointer array overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: DeleGate 8.3.4, DeleGate 8.4.0, Unix Any version,
                        Windows Any version
    Vulnerability: delegate-useragent-bo
    X-Force URL: http://www.iss.net/security_center/static/11503.php

    Date Reported: 03/07/2003
    Brief Description: Windows XP Safe Mode bypass
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Windows XP Home, Windows XP Home SP1, Windows XP
                        Professional, Windows XP Professional SP1
    Vulnerability: winxp-safe-mode-bypass
    X-Force URL: http://www.iss.net/security_center/static/11505.php

    Date Reported: 03/07/2003
    Brief Description: NetScreen ScreenOS restores factory default
                        settings
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: NetScreen -5XP, NetScreen -5XT, ScreenOS 4.0.0
                        through 4.0.2
    Vulnerability: netscreen-screenos-restore-default
    X-Force URL: http://www.iss.net/security_center/static/11506.php

    Date Reported: 03/09/2003
    Brief Description: Internet Explorer .mht buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Microsoft Internet Explorer 5.5, Microsoft Internet
                        Explorer 6.0, Windows Any version
    Vulnerability: ie-mht-bo
    X-Force URL: http://www.iss.net/security_center/static/11507.php

    Date Reported: 03/10/2003
    Brief Description: PHP-Nuke Forums and Private_Messages SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, PHP-Nuke 6.0, PHP-Nuke 6.5 RC2,
                        Unix Any version, Windows Any version
    Vulnerability: phpnuke-forms-sql-injection
    X-Force URL: http://www.iss.net/security_center/static/11508.php

    Date Reported: 03/08/2003
    Brief Description: MySQL datadir/my.cnf modification could allow root
                        privileges
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, MySQL 3.23.55, Unix Any version,
                        Windows Any version
    Vulnerability: mysql-datadir-root-privileges
    X-Force URL: http://www.iss.net/security_center/static/11510.php

    Date Reported: 03/09/2003
    Brief Description: Jacobuddy message field cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: FreeBSD Any version, Jacobuddy 3.0, Linux Any
                        version, Mac OS X Any version, OS/2 Any version,
                        Unix Any version, Windows Any version
    Vulnerability: jacobuddy-message-field-xss
    X-Force URL: http://www.iss.net/security_center/static/11511.php

    Date Reported: 03/11/2003
    Brief Description: man my_xsprintf() could allow code execution
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, man prior to 1.5l
    Vulnerability: man-myxsprintf-code-execution
    X-Force URL: http://www.iss.net/security_center/static/11512.php

    Date Reported: 03/10/2003
    Brief Description: LXR "dot dot" directory traversal
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, LXR 0.9.2 and prior
    Vulnerability: lxr-dotdot-directory-traversal
    X-Force URL: http://www.iss.net/security_center/static/11513.php

    Date Reported: 03/11/2003
    Brief Description: RouteFinder VPN OPTIONS buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: RouteFinder VPN RF550VPN 4.63 and prior,
                        RouteFinder VPN RF550VPN BETA T4.64
    Vulnerability: routefinder-vpn-options-bo
    X-Force URL: http://www.iss.net/security_center/static/11514.php

    Date Reported: 03/09/2003
    Brief Description: Jacobuddy Direct Client Connection (DCC) file
                        transfer
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: FreeBSD Any version, Jacobuddy 3.0, Linux Any
                        version, Mac OS X Any version, OS/2 Any version,
                        Unix Any version, Windows Any version
    Vulnerability: jacobuddy-dcc-obtain-information
    X-Force URL: http://www.iss.net/security_center/static/11515.php

    Date Reported: 03/10/2003
    Brief Description: Qpopper Qvsnprintf() long macroname buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Qpopper 4.0.x, Unix Any version
    Vulnerability: qpopper-qvsnprint-macroname-bo
    X-Force URL: http://www.iss.net/security_center/static/11516.php

    Date Reported: 03/11/2003
    Brief Description: Opera long file name download buffer overflow
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Opera 6.05 build 1140, Opera 7.01 build 2651, Opera
                        7.02 build 2656b, Opera 7.02 build 2668, Windows 98
                        Second Edition, Windows 98SE JP, Windows 2000 Pro
                        SP3, Windows 2000 Pro SP3 JP, Windows XP Home SP1,
                        Windows XP Home SP1 JP
    Vulnerability: opera-filename-download-bo
    X-Force URL: http://www.iss.net/security_center/static/11517.php

    Date Reported: 03/11/2003
    Brief Description: HP-UX VVOS HFS file system file access
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: HP-UX 11.04 VVOS
    Vulnerability: hp-vvos-hfs-access
    X-Force URL: http://www.iss.net/security_center/static/11518.php

    Date Reported: 03/12/2003
    Brief Description: SquirrelMail VPOPMail Administration unauthorized
                        code execution
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, SquirrelMail Any version, Unix
                        Any version, VPOPMail Account Administration 0.9.7,
                        Windows Any version
    Vulnerability: squirrelmail-vpopmail-code-execution
    X-Force URL: http://www.iss.net/security_center/static/11519.php

    Date Reported: 03/12/2003
    Brief Description: pgp4pine fileVerifyDecryptMenu() buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, pgp4pine Any version, Unix Any
                        version
    Vulnerability: pgp4pine-fileverifydecryptmenu-bo
    X-Force URL: http://www.iss.net/security_center/static/11520.php

    Date Reported: 03/12/2003
    Brief Description: Mandrake Linux usermode /usr/bin/shutdown could
                        allow root privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Linux Any version, Mandrake Linux 8.1, Mandrake
                        Linux 8.2, Mandrake Linux 9.0, Mandrake Linux
                        Corporate Server 2.1, Mandrake Multi Network
                        Firewall 8.2, Unix Any version
    Vulnerability: usermode-shutdown-root-privileges
    X-Force URL: http://www.iss.net/security_center/static/11521.php

    Date Reported: 03/12/2003
    Brief Description: PostgreSQL recv_and_check_password0() denial of
                        service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, PostgreSQL prior to 7.2.2, Unix
                        Any version, Windows Any version
    Vulnerability: postgresql-recvandcheckpassword0-dos
    X-Force URL: http://www.iss.net/security_center/static/11524.php

    Date Reported: 03/11/2003
    Brief Description: Lotus Domino and Notes Client Web Retriever buffer
                        overflow
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: lftpd Any version, Lotus Domino 4.6.1 through
                        5.0.11, Lotus Notes Client R5 through 5.0.11,
                        Solaris Any version, Windows 2000 Any version,
                        Windows NT Any version
    Vulnerability: lotus-web-retriever-bo
    X-Force URL: http://www.iss.net/security_center/static/11525.php

    Date Reported: 03/11/2003
    Brief Description: Lotus Domino and Notes Client Notes Protocol (NRPC)
                        buffer overflow
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: lftpd Any version, Lotus Domino 4.6.1 through
                        5.0.11, Lotus Notes Client R5 through 5.0.11,
                        Solaris Any version, Windows 2000 Any version,
                        Windows NT Any version
    Vulnerability: lotus-nrpc-bo
    X-Force URL: http://www.iss.net/security_center/static/11526.php

    Date Reported: 03/13/2003
    Brief Description: Nokia SGSN SNMP options information disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Nokia SGSN SG1, Nokia SGSN SG1.5
    Vulnerability: nokia-sgsn-snmp-read
    X-Force URL: http://www.iss.net/security_center/static/11527.php

    Date Reported: 03/13/2003
    Brief Description: Multiple Protegrity Secure.Data SQL Server stored
                        procedure buffer overflows
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Microsoft SQL Server 2000, Protegrity Secure.Data
                        2.2.2.0, Protegrity Secure.Data 2.2.3.0, Windows
                        2000 Any version, Windows NT Any version
    Vulnerability: protegrity-sql-sp-bo
    X-Force URL: http://www.iss.net/security_center/static/11528.php

    Date Reported: 03/13/2003
    Brief Description: Sun ONE gxnsapi6.dll module buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Sun ONE Application Server 6.x, Windows 2000 Any
                        version, Windows NT Any version
    Vulnerability: sunone-gxnsapi6-bo
    X-Force URL: http://www.iss.net/security_center/static/11529.php

    Date Reported: 03/10/2003
    Brief Description: SaveMyModem statusbar_set_text() buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, SaveMyModem prior to 0.17, Unix
                        Any version, Windows Any version
    Vulnerability: savemymodem-statusbarsettext-bo
    X-Force URL: http://www.iss.net/security_center/static/11530.php

    Date Reported: 03/11/2003
    Brief Description: 802.11b Authentication-Failed packet denial of
                        service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Windows 98, Windows Me
    Vulnerability: 802.11b-authentication-failed-dos
    X-Force URL: http://www.iss.net/security_center/static/11531.php

    Date Reported: 03/04/2003
    Brief Description: Multiple vendor Web servers and Web log analyzers
                        cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: iPlanet Web Server 4.1 SP1 through SP12, iPlanet
                        Web Server 6.0 SP1 and SP2, iPlanet Web Server,
                        Enterprise Edition 4.0 SP1 and SP6, iPlanet Web
                        Server, Enterprise Edition 4.1 SP1 through SP11,
                        iPlanet Web Server, Enterprise Edition 6.0 SP1 and
                        SP2, Linux Any version, SurfStats Log Analyzer
                        6.7.0.3, Unix Any version, WebLog Expert 1.61,
                        WebLog Expert 2.0 Beta 1, WebLog Expert Lite 1.61,
                        WebLog Expert Lite 2.0 Beta 1, WebTrends Analysis
                        Suite 7.0, Windows Any version
    Vulnerability: log-analyzers-xss
    X-Force URL: http://www.iss.net/security_center/static/11532.php

    Date Reported: 03/04/2003
    Brief Description: iPlanet Web Server hidden log entry
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: HP-UX Any version, iPlanet Web Server 6.0, Solaris
                        Any version, Windows 2000 Any version, Windows NT
                        Any version
    Vulnerability: iplanet-hidden-log-entry
    X-Force URL: http://www.iss.net/security_center/static/11534.php

    Date Reported: 03/13/2003
    Brief Description: GiantRat Mailer stores POP passwords and user
                        information in plain text
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: GiantRat Mailer 1.x, GiantRat Mailer 2.x, GiantRat
                        Mailer 3.1, Linux Any version, Unix Any version,
                        Windows Any version
    Vulnerability: giantrat-mailer-plaintext-passwords
    X-Force URL: http://www.iss.net/security_center/static/11535.php

    Date Reported: 03/13/2003
    Brief Description: Microsoft Windows PostMessage() API function could
                        disclose password
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Windows 2000 Any version, Windows XP Any version
    Vulnerability: win-postmessage-password-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11536.php

    Date Reported: 03/04/2003
    Brief Description: Logan Pro and WebLog Expert HTTP header HTML
                        injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Logan Pro 1.2, WebLog Expert
                        1.61, WebLog Expert 2.0 Beta 1, WebLog Expert Lite
                        1.61, WebLog Expert Lite 2.0 Beta 1, Windows Any
                        version
    Vulnerability: logan-header-html-injection
    X-Force URL: http://www.iss.net/security_center/static/11539.php

    Date Reported: 03/14/2003
    Brief Description: Filebased guestbook gbook.php cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Filebased guestbook 1.1.3, Linux Any version, Unix
                        Any version, Windows Any version
    Vulnerability: filebased-guestbook-gbook-xss
    X-Force URL: http://www.iss.net/security_center/static/11540.php

    Date Reported: 03/11/2003
    Brief Description: HP JetDirect 310X could allow unauthorized access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: HP JetDirect 310X Q.24.06
    Vulnerability: hp-jetdirect-unauth-access
    X-Force URL: http://www.iss.net/security_center/static/11541.php

    Date Reported: 03/12/2003
    Brief Description: PHP-Nuke modules.php path disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, PHP-Nuke 5.5, PHP-Nuke 6.0, Unix
                        Any version, Windows Any version
    Vulnerability: phpnuke-modules-path-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11542.php

    Date Reported: 03/15/2003
    Brief Description: Qpopper username brute force attack
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Qpopper 3.1, Qpopper 4.0.4, Unix
                        Any version
    Vulnerability: qpopper-username-bruteforce
    X-Force URL: http://www.iss.net/security_center/static/11543.php

    Date Reported: 03/14/2003
    Brief Description: RSA ClearTrust ct_logon.asp cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: RSA ClearTrust Any version, Solaris Any version,
                        Windows 2000 Any version, Windows NT Any version
    Vulnerability: rsa-cleartrust-ctlogon-xss
    X-Force URL: http://www.iss.net/security_center/static/11544.php

    Date Reported: 03/14/2003
    Brief Description: TEXIS texis.exe program information disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, TEXIS Any version, Unix Any
                        version, Windows Any version
    Vulnerability: texis-information-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11545.php

    Date Reported: 03/08/2003
    Brief Description: Windows 2000 Windows Help Facility .cnt file buffer
                        overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Windows 2000 Any version
    Vulnerability: win2k-help-cnt-bo
    X-Force URL: http://www.iss.net/security_center/static/11546.php

    Date Reported: 03/13/2003
    Brief Description: Multiple SSL implementation RSA private key
                        information leak
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, OpenSSL 0.9.7 and earlier
    Vulnerability: ssl-rsa-information-leak
    X-Force URL: http://www.iss.net/security_center/static/11547.php

    _____

    Risk Factor Key:

         High Security issues that allow immediate remote, or local access
                  or immediate execution of code or commands, with unauthorized
                  privileges. Examples are most buffer overflows, backdoors,
                  default or no password, and bypassing security on firewalls
                  or other network components.
         Medium Security issues that have the potential of granting access or
                  allowing code execution by means of complex or lengthy exploit
                  procedures, or low risk issues applied to major Internet
                  components. Examples are cross-site scripting, man-in-the-middle
                  attacks, SQL injection, denial of service of major applications,
                  and denial of service resulting in system information disclosure
                  (such as core files).
         Low Security issues that deny service or provide non-system
                  information that could be used to formulate structured attacks
                  on a target, but not directly gain unauthorized access. Examples
                  are brute force attacks, non-system information disclosure
                  (configurations, paths, etc.), and denial of service attacks.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforce@iss.net for
    permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the userís risk. In no event
    shall Internet Security Systems be held liable for any damages whatsoever arising
    out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://www.iss.net/security_center/sensitive.php

    Please send suggestions, updates, and comments to: X-Force
    xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPnYjPTRfJiV99eG9AQENdgQAmW3T45XmMT6M/A7JVi4IwWVTcMN6Ewjl
    QQWgdoJdkWpOuaO/lzITjlFbUJ30Mu3t8M7HT0Ee0paz0JRZtnDz5kK3nwbXC9sF
    qDUSwz3Qzkm54VhTikTE5oiSvrxvX+AOBfG/K1bK9B3B+crSnS965f3g61gi4/GZ
    2U/VO2nWUBM=
    =sOpz
    -----END PGP SIGNATURE-----


  • Next message: ISS Customer Relations: "[Customerconnect] ISS Product Release and Update Summary"