ISS Security Alert Summary AS03-15

From: X-Force (xforce@iss.net)
Date: 04/14/03

  • Next message: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] commercial va"
    To: alert@iss.net
    From: X-Force <xforce@iss.net>
    Date: Mon, 14 Apr 2003 14:30:21 -0400 (EDT)
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary AS03-15
    April 14, 2003

    X-Force Vulnerability and Threat Database:
    http://www.iss.net/security_center

    To receive these Alert Summaries, as well as other Alerts and
    Advisories, subscribe to the Internet Security Systems Alert
    mailing list at:
    http://www.iss.net/security_center/maillists

    This summary is available at the following address:
    http://www.iss.net/security_center/alerts/AS03-15.php
    _____
    Contents:
    * 33 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 04/07/2003
    Brief Description: Vignette StoryServer TCL Interpreter information
                        disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, StoryServer 4.1, StoryServer
                        6.0, Unix Any version, Windows Any version
    Vulnerability: storyserver-tcl-information-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11725.php

    Date Reported: 04/07/2003
    Brief Description: Samba and Samba-TNG call_trans2open() function
                        buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Conectiva Linux 6.0, Conectiva Linux 7.0, Conectiva
                        Linux 8.0, Debian Linux 2.2, Debian Linux 3.0,
                        FreeBSD Ports Collection prior to 2001-04-07, HP
                        CIFS/9000 Server A.01.09.02 & earlier, HP-UX 11.00,
                        HP-UX 11.11, HP-UX 11.22, Linux Any version, Red
                        Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux
                        7.3, Red Hat Linux 8.0, Red Hat Linux 9.0, Samba
                        2.2.5 through 2.2.8, Samba-TNG prior to 0.3.2,
                        Slackware Linux 8.1, Slackware Linux 9.0, SuSE
                        eMail Server 3.1, SuSE eMail Server III Any
                        version, SuSE Linux 7.1, SuSE Linux 7.2, SuSE Linux
                        7.3, SuSE Linux 8.0, SuSE Linux 8.1, SuSE Linux
                        8.2, SuSE Linux Connectivity Server Any version,
                        SuSE Linux Database Server Any version, SuSE Linux
                        Enterprise Server 7, SuSE Linux Enterprise Server
                        8, SuSE Linux Firewall Any version, SuSE Linux
                        Office Server Any version, Trustix Secure Linux 1.2,
                        Trustix Secure Linux 1.5, Unix Any version
    Vulnerability: samba-calltrans2open-bo
    X-Force URL: http://www.iss.net/security_center/static/11726.php

    Date Reported: 04/07/2003
    Brief Description: Coppermine Photo Gallery .jpg.php file upload
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Coppermine Photo Gallery 1.0 RC3, Unix Any version,
                        Windows Any version
    Vulnerability: coppermine-jpgphp-file-upload
    X-Force URL: http://www.iss.net/security_center/static/11728.php

    Date Reported: 04/01/2003
    Brief Description: Red Hat Linux vsftpd FTP daemon tcp_wrapper could
                        allow an attacker to gain access to server
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Red Hat Linux 9.0
    Vulnerability: vsftpd-tcpwrappers-gain-access
    X-Force URL: http://www.iss.net/security_center/static/11729.php

    Date Reported: 04/07/2003
    Brief Description: SETI@home newline character (\n) buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Gentoo Linux Any version, Mac OS X Any version,
                        Macintosh Any version, SETI@home prior to 3.08,
                        Unix Any version, Windows Any version
    Vulnerability: seti@home-newline-bo
    X-Force URL: http://www.iss.net/security_center/static/11731.php

    Date Reported: 04/05/2003
    Brief Description: InterBase improper permissions could allow an
                        attacker to modify files
    Risk Factor: Medium
    Attack Type: Host Based / Network Based
    Platforms: Firebird 1.0.2, InterBase 6.01, InterBase 6.5,
                        Linux Any version, Unix Any version, Windows Any
                        version
    Vulnerability: interbase-permissions-modify-files
    X-Force URL: http://www.iss.net/security_center/static/11732.php

    Date Reported: 04/05/2003
    Brief Description: Jpegx uses weak encryption algorithm
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Jpegx 1.00.6, Linux Any version, Unix Any version,
                        Windows Any version
    Vulnerability: jpegx-weak-encryption
    X-Force URL: http://www.iss.net/security_center/static/11733.php

    Date Reported: 04/07/2003
    Brief Description: metrics tmpfile symlink attack
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Debian Linux 2.2
    Vulnerability: metrics-tmpfile-symlink
    X-Force URL: http://www.iss.net/security_center/static/11734.php

    Date Reported: 04/03/2003
    Brief Description: ChiTeX chaddpfbname could allow an attacker to
                        modify files
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: ChiTeX 6.1.2p7.8-1, Linux Any version
    Vulnerability: chitex-chaddpfbname-modify-files
    X-Force URL: http://www.iss.net/security_center/static/11735.php

    Date Reported: 04/03/2003
    Brief Description: Compaq Insight Manager could allow attacker to
                        determine file's existence
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Compaq Insight Manager Any version
    Vulnerability: compaq-insightmanager-file-existence
    X-Force URL: http://www.iss.net/security_center/static/11736.php

    Date Reported: 04/03/2003
    Brief Description: Compaq Insight Manager TAG list disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Compaq Insight Manager Any version
    Vulnerability: compaq-insightmanager-taglist-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11737.php

    Date Reported: 04/03/2003
    Brief Description: Compaq Insight Manager stack-based buffer overflow
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Compaq Insight Manager Any version
    Vulnerability: compaq-insightmanager-stack-bo
    X-Force URL: http://www.iss.net/security_center/static/11738.php

    Date Reported: 04/07/2003
    Brief Description: Opera long URL buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Opera 7.02 build 2668, Unix Any
                        version, Windows Any version
    Vulnerability: opera-long-url-bo
    X-Force URL: http://www.iss.net/security_center/static/11740.php

    Date Reported: 04/07/2003
    Brief Description: AMaViS-ng could allow an attacker to perform mail
                        relaying
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: AMaViS-ng 0.1.6.2, AMaViS-ng 0.1.6.3, Linux Any
                        version, Unix Any version
    Vulnerability: amavis-ng-mail-relay
    X-Force URL: http://www.iss.net/security_center/static/11741.php

    Date Reported: 04/07/2003
    Brief Description: Orplex Guestbook addentry.asp name and message
                        fields cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Orplex Guestbook Any version, Windows Any version
    Vulnerability: orplex-guestbook-addentry--xss
    X-Force URL: http://www.iss.net/security_center/static/11742.php

    Date Reported: 04/07/2003
    Brief Description: mIRC DCC GET dialog file name spoofing
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: mIRC 6.03 and earlier, Windows Any version
    Vulnerability: mirc-dcc-filename-spoof
    X-Force URL: http://www.iss.net/security_center/static/11744.php

    Date Reported: 04/04/2003
    Brief Description: Invision Power Board functions.php SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Invision Power Board 1.1.1, Linux Any version, Unix
                        Any version, Windows Any version
    Vulnerability: invision-functions-sql-injection
    X-Force URL: http://www.iss.net/security_center/static/11749.php

    Date Reported: 04/02/2003
    Brief Description: Apache HTTP Server could leak sensitive file
                        descriptors
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Apache HTTP Server prior to 2.0.45, Linux Any
                        version, Unix Any version, Windows Any version
    Vulnerability: apache-descriptor-leak
    X-Force URL: http://www.iss.net/security_center/static/11750.php

    Date Reported: 04/09/2003
    Brief Description: Microsoft VM ByteCode Verifier improper validation
                        of code
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Microsoft Internet Explorer Any version, Microsoft
                        Virtual Machine 5.0.3809 and earlier, Windows Any
                        version
    Vulnerability: msvm-bytecode-improper-validation
    X-Force URL: http://www.iss.net/security_center/static/11751.php

    Date Reported: 04/09/2003
    Brief Description: Microsoft ISA and Proxy Server Firewall and Winsock
                        Proxy service denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Microsoft ISA Server 2000, Microsoft Proxy Server
                        2.0, Windows 2000 Any version, Windows NT Any
                        version
    Vulnerability: isa-firewall-winsock-dos
    X-Force URL: http://www.iss.net/security_center/static/11752.php

    Date Reported: 04/05/2003
    Brief Description: CVSps file name filtering shell command execution
    Risk Factor: High
    Attack Type: Network Based
    Platforms: CVSps 2.0b6 to 2.0b9, Linux Any version, Unix Any
                        version
    Vulnerability: cvsps-shell-command-execution
    X-Force URL: http://www.iss.net/security_center/static/11753.php

    Date Reported: 04/08/2003
    Brief Description: Hyperion FTP Server USER field buffer overflow
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Hyperion FTP Server 3.0, Windows Any version
    Vulnerability: hyperion-user-bo
    X-Force URL: http://www.iss.net/security_center/static/11754.php

    Date Reported: 04/09/2003
    Brief Description: ISC guestbook gb_eintragen script injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: ISC guestbook Any version, Windows Any version
    Vulnerability: isc-gbeintragen-script-injection
    X-Force URL: http://www.iss.net/security_center/static/11755.php

    Date Reported: 04/09/2003
    Brief Description: PoPToP ctrlpacket.c code packet buffer overflow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, PoPToP prior 1.1.3-20030409,
                        PoPToP prior to 1.1.4-b3
    Vulnerability: poptop-ctrlpacket-packet-bo
    X-Force URL: http://www.iss.net/security_center/static/11756.php

    Date Reported: 04/09/2003
    Brief Description: phPay multiple path disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, phPay 2.02, Unix Any version,
                        Windows Any version
    Vulnerability: phpay-multiple-path-disclosures
    X-Force URL: http://www.iss.net/security_center/static/11757.php

    Date Reported: 04/09/2003
    Brief Description: phPay phpinfo.php information disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, phPay 2.02, Unix Any version,
                        Windows Any version
    Vulnerability: phpay-phpinfo-info-disclosure
    X-Force URL: http://www.iss.net/security_center/static/11758.php

    Date Reported: 04/09/2003
    Brief Description: phPay search.php cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, phPay 2.02, Unix Any version,
                        Windows Any version
    Vulnerability: phpay-search-xss
    X-Force URL: http://www.iss.net/security_center/static/11759.php

    Date Reported: 04/02/2003
    Brief Description: NETGEAR FM114P bypass port blocking feature
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: NETGEAR FM114P 1.4 Beta Release 21
    Vulnerability: netgear-fm114p-port-bypass
    X-Force URL: http://www.iss.net/security_center/static/11762.php

    Date Reported: 04/10/2003
    Brief Description: Mac OS X touch(1) could allow attacker to gain
                        elevated privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Mac OS X 10.2.4 and earlier
    Vulnerability: macos-touch-gain-privileges
    X-Force URL: http://www.iss.net/security_center/static/11766.php

    Date Reported: 04/09/2003
    Brief Description: KDE PostScript (PS) and PDF shell command execution
    Risk Factor: High
    Attack Type: Host Based / Network Based
    Platforms: Gentoo Linux Any version, KDE 2.0 through 3.1.1,
                        Turbolinux 7 Server, Turbolinux 7 Workstation,
                        Turbolinux 8 Server, Turbolinux 8 Workstation, Unix
                        Any version
    Vulnerability: kde-ps-command-execution
    X-Force URL: http://www.iss.net/security_center/static/11767.php

    Date Reported: 04/10/2003
    Brief Description: Oracle Report Review Agent (RRA) authentication
                        bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Oracle 10.7, Oracle 11.0, Oracle E-Business Suite
                        11i Releases 1-8
    Vulnerability: oracle-rra-authentication-bypass
    X-Force URL: http://www.iss.net/security_center/static/11768.php

    Date Reported: 04/11/2003
    Brief Description: MailMax IMAP4rev1 server long password buffer
                        overflow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: MailMax 5.0.10.6, MailMax 5.0.10.7, Windows 2000
                        Any version, Windows NT Any version
    Vulnerability: mailmax-imap4rev1-password-bo
    X-Force URL: http://www.iss.net/security_center/static/11769.php

    Date Reported: 04/10/2003
    Brief Description: Mac OS X DirectoryService denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS X 10.2.4 and earlier
    Vulnerability: macos-directoryservice-dos
    X-Force URL: http://www.iss.net/security_center/static/11770.php

    _____

    Risk Factor Key:

         High Security issues that allow immediate remote, or local access
                  or immediate execution of code or commands, with unauthorized
                  privileges. Examples are most buffer overflows, backdoors,
                  default or no password, and bypassing security on firewalls
                  or other network components.
         Medium Security issues that have the potential of granting access or
                  allowing code execution by means of complex or lengthy exploit
                  procedures, or low risk issues applied to major Internet
                  components. Examples are cross-site scripting, man-in-the-middle
                  attacks, SQL injection, denial of service of major applications,
                  and denial of service resulting in system information disclosure
                  (such as core files).
         Low Security issues that deny service or provide non-system
                  information that could be used to formulate structured attacks
                  on a target, but not directly gain unauthorized access. Examples
                  are brute force attacks, non-system information disclosure
                  (configurations, paths, etc.), and denial of service attacks.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforce@iss.net for
    permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the userís risk. In no event
    shall Internet Security Systems be held liable for any damages whatsoever arising
    out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://www.iss.net/security_center/sensitive.php

    Please send suggestions, updates, and comments to: X-Force

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPpr+HTRfJiV99eG9AQEKtAP5Aaeo40fYZfW9Uu9laqwsWmbbeXNwy6S2
    nUru4zs3NlLH+LhPg6KV2DDzr15mOkp7B/IGUwted3/hbDlJnlRTLAJ5ewLVdHG5
    P7oyaWIDjVl6ajKNZ1hsyGmBjaspw8/iwWsDg1hWtdQF+nAia6ajNtNrfKMNq/sj
    Iw4XXlveXhk=
    =ui3A
    -----END PGP SIGNATURE-----


  • Next message: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] commercial va"