ISS Security Alert Summary AS03-30
From: X-Force (xforce_at_iss.net)
Date: 07/28/03
- Previous message: Graham, Robert (ISS Atlanta): "RE: Traffic Balancing on High-speed IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: alert@iss.net Date: Mon, 28 Jul 2003 15:50:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS03-30
July 28, 2003
X-Force Vulnerability and Threat Database:
http://xforce.iss.net/
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
https://atla-mm1.iss.net/mailman/listinfo/alert
This summary is available at the following address:
http://xforce.iss.net/xforce/alerts/id/AS03-30
_____
Contents:
* 58 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 07/17/2003
Brief Description: WatchGuard ServerLock \Device\PhysicalMemory
symlink attack
Risk Factor: Medium
Attack Type: Host Based
Platforms: ServerLock prior to 2.0.4, Windows 2000 Any version
Vulnerability: serverlock-physicalmemory-symlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/12666
Date Reported: 07/20/2003
Brief Description: SurfControl E-mail Filter for SMTP rules engine 16
or more .zip files filter bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: SurfControl E-mail Filter for SMTP 4.6, Windows
2000 Advanced Server SP3, Windows 2000 Server SP3,
Windows 2003 Server
Vulnerability: surfcontrol-rulesengine-bypass-filter
X-Force URL: http://xforce.iss.net/xforce/xfdb/12667
Date Reported: 07/20/2003
Brief Description: NetTerm FTP server denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: NetTerm 4.2.8 and earlier, Windows Any version
Vulnerability: netterm-ftp-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12668
Date Reported: 07/20/2003
Brief Description: CGI.pm start_form or start_multipart_form function
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: CGI.pm prior to 2.94, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: cgi-startform-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/12669
Date Reported: 07/20/2003
Brief Description: Comfortable FTP HOME environment variable buffer
overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: cftp 0.12 and earlier, Linux Any version, Unix Any
version
Vulnerability: cftp-home-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12670
Date Reported: 07/21/2003
Brief Description: Drupal cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Drupal 4.2.0 RC, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: drupal-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/12671
Date Reported: 07/21/2003
Brief Description: AtomicBoard error message path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: AtomicBoard 0.6.2, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: atomicboard-error-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/12672
Date Reported: 07/21/2003
Brief Description: AtomicBoard "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: AtomicBoard 0.6.2, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: atomicboard-dotdot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/12673
Date Reported: 07/20/2003
Brief Description: Microsoft Windows RPC DCOM denial of service
Risk Factor: High
Attack Type: Network Based
Platforms: Windows 2000 Any version
Vulnerability: win-rpc-dcom-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12679
Date Reported: 07/21/2003
Brief Description: Sun Solaris IPv6 packet denial of service
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Solaris 8
Vulnerability: solaris-ipv6-packet-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12680
Date Reported: 07/22/2003
Brief Description: Apache HTTP Server mod_proxy could allow mail
relaying
Risk Factor: Medium
Attack Type: Network Based
Platforms: Apache HTTP Server 1.3.27, Linux Any version, Unix
Any version, Windows Any version
Vulnerability: apache-modproxy-mail-relay
X-Force URL: http://xforce.iss.net/xforce/xfdb/12681
Date Reported: 07/21/2003
Brief Description: Merge /usr/lib/merge/display could allow an
attacker to gain root access
Risk Factor: High
Attack Type: Host Based
Platforms: Caldera OpenServer 5.0.6, Caldera OpenServer 5.0.7,
Caldera UnixWare 7.1.2, Caldera UnixWare 7.1.3,
Merge prior to 5.3.23a
Vulnerability: merge-display-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/12682
Date Reported: 07/22/2003
Brief Description: ashnews ashnews.php and ashheadlines.php script PHP
file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: ashnews 0.83, Linux Any version, Unix Any version,
Windows Any version
Vulnerability: ashnews-multiple-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/12683
Date Reported: 07/21/2003
Brief Description: Microsoft Exchange Server OWA Outlook 2003 denial
of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft Exchange 5.5, Windows 2000 Any version,
Windows 2003 Server, Windows NT Any version,
Windows XP Any version
Vulnerability: exchange-owa-outlook-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12684
Date Reported: 07/23/2003
Brief Description: FDClone /tmp directory allows attacker to gain
access to files
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, FDClone 2.x, Linux Any version,
Unix Any version
Vulnerability: fdclone-tmpdirectory-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/12685
Date Reported: 07/22/2003
Brief Description: Microsoft IIS Remote Administration Tool could
allow an attacker to obtain valid session IDs
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft IIS 6.0, Windows 2003 Server
Vulnerability: iis-admin-session-id
X-Force URL: http://xforce.iss.net/xforce/xfdb/12686
Date Reported: 07/22/2003
Brief Description: IIS Remote Administration Tool allows attacker to
reset administrative password
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft IIS 6.0, Windows 2003 Server
Vulnerability: iis-admin-password-reset
X-Force URL: http://xforce.iss.net/xforce/xfdb/12687
Date Reported: 07/18/2003
Brief Description: Sun Solaris plaintext proxy password
Risk Factor: High
Attack Type: Host Based
Platforms: Solaris 8
Vulnerability: solaris-plaintext-proxy-password
X-Force URL: http://xforce.iss.net/xforce/xfdb/12688
Date Reported: 07/22/2003
Brief Description: Microsoft Windows XP stores ODBC passwords and
usernames in plain text
Risk Factor: Medium
Attack Type: Host Based
Platforms: Windows XP Any version
Vulnerability: winxp-odbc-password-plaintext
X-Force URL: http://xforce.iss.net/xforce/xfdb/12689
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server DOS device
reference could cause denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Darwin Streaming Server prior to 4.1.3f, QuickTime
Streaming Server prior to 4.1.3f, Windows Any
version
Vulnerability: quicktime-darwin-device-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12690
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server "dot dot" DOS
device denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Darwin Streaming Server 4.1.3f and earlier,
QuickTime Streaming Server 4.1.3f and earlier,
Windows Any version
Vulnerability: quicktime-darwin-dotdot-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12691
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server parse_xml.cgi
source disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Mac OS X Any version, QuickTime
Streaming Server 4.1.3g and earlier, Windows Any
version
Vulnerability: quicktime-darwin-source-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/12692
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server
view_broadcast.cgi script denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Darwin Streaming Server 4.1.3e and earlier,
QuickTime Streaming Server 4.1.3e and earlier,
Windows Any version
Vulnerability: quicktime-darwin-viewbroadcast-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12693
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server hexadecimal
URL encoded source code disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Darwin Streaming Server 4.1.3e and earlier,
QuickTime Streaming Server 4.1.3e and earlier,
Windows Any version
Vulnerability: quicktime-hexadecimal-source-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/12694
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server "dot dot dot"
directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Darwin Streaming Server prior to 4.1.3f, QuickTime
Streaming Server prior to 4.1.3f, Windows Any
version
Vulnerability: quicktime-darwin-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/12695
Date Reported: 07/22/2003
Brief Description: QuickTime and Darwin Streaming Server could allow
an attacker to set administrative password
Risk Factor: Medium
Attack Type: Network Based
Platforms: Darwin Streaming Server 4.1.3e and earlier, Mac OS
X Any version, QuickTime Streaming Server 4.1.3e
and earlier
Vulnerability: quicktime-darwin-set-password
X-Force URL: http://xforce.iss.net/xforce/xfdb/12696
Date Reported: 07/23/2003
Brief Description: XAVi HTTP GET request buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: XAVi X7028r Wireless ASDL Router Any version
Vulnerability: xavi-get-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12697
Date Reported: 07/23/2003
Brief Description: Opera M2 email client bypass external embeds
feature
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, M2 Any version, Opera 7.20 Beta
1 build 2981, Unix Any version, Windows Any version
Vulnerability: operam2-bypass-external-embeds
X-Force URL: http://xforce.iss.net/xforce/xfdb/12698
Date Reported: 07/19/2003
Brief Description: GnuPG installed setgid could allow attacker to
overwrite files
Risk Factor: Medium
Attack Type: Host Based
Platforms: Gentoo Linux Any version, GnuPG (GNU Privacy Guard)
1.2.2-r1
Vulnerability: gnupg-setgid-overwrite-files
X-Force URL: http://xforce.iss.net/xforce/xfdb/12699
Date Reported: 07/23/2003
Brief Description: Microsoft SQL Server named pipe denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft Desktop Engine 1.0, Microsoft Desktop
Engine 2000, Microsoft SQL Server 2000, Microsoft
SQL Server 7.0, Microsoft SQL Server Desktop Engine
2000, Windows 2000 Any version, Windows NT Any
version, Windows XP Any version
Vulnerability: mssql-named-pipe-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12700
Date Reported: 07/23/2003
Brief Description: Microsoft Windows NT 4.0 Server file management
function denial of service
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Windows NT 4.0 Server, Windows NT 4.0 TSE
Vulnerability: winnt-file-management-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/12701
Date Reported: 07/23/2003
Brief Description: Microsoft DirectX MIDI buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Microsoft DirectX 5.2, Microsoft DirectX 6.1,
Microsoft DirectX 7.0, Microsoft DirectX 7.0a,
Microsoft DirectX 8.1, Microsoft DirectX 9.0a,
Windows Any version
Vulnerability: ms-directx-midi-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12702
Date Reported: 07/23/2003
Brief Description: Microsoft SQL Server LPC buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Microsoft Desktop Engine 1.0, Microsoft Desktop
Engine 2000, Microsoft SQL Server 2000, Microsoft
SQL Server 7.0, Microsoft SQL Server Desktop Engine
2000, Windows 2000 Any version, Windows NT Any
version, Windows XP Any version
Vulnerability: mssql-lpc-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12703
Date Reported: 07/24/2003
Brief Description: gopherd do_command buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: gopherd 3.0.5 and earlier, Linux Any version, Unix
Any version
Vulnerability: gopherd-docommand-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12705
Date Reported: 07/23/2003
Brief Description: Novell NetWare Enterprise Web Server PERL handler
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Novell NetWare 5.1, Novell NetWare 6, Novell
NetWare Enterprise Web Server Any version
Vulnerability: netware-enterprise-perl-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12706
Date Reported: 07/23/2003
Brief Description: VMware GSX Server and VMware Workstation
environment variable code execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, VMware GSX Server 2.5.1 build
4968 and prior, VMware Workstation 4.0 and prior
Vulnerability: vmware-environment-code-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/12707
Date Reported: 07/21/2003
Brief Description: Linux kernel /proc/tty/driver/serial could allow
attacker to obtain information
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux kernel prior to 2.4.21, Red Hat Linux 7.1,
Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux
8.0, Red Hat Linux 9
Vulnerability: linux-serial-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/12708
Date Reported: 07/21/2003
Brief Description: Linux kernel execve function race condition
Risk Factor: Medium
Attack Type: Host Based
Platforms: EnGarde Secure Linux Community Edition, EnGarde
Secure Linux Professional Edition, Linux kernel
prior to 2.4.21, Mandrake Linux 9.1, Red Hat Linux
7.1, Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat
Linux 8.0, Red Hat Linux 9
Vulnerability: linux-execve-race-condition
X-Force URL: http://xforce.iss.net/xforce/xfdb/12709
Date Reported: 07/21/2003
Brief Description: Linux kernel reuse flag enabled could allow
unauthorized access to services
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux kernel prior to 2.4.21, Red Hat Linux 7.1,
Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux
8.0, Red Hat Linux 9
Vulnerability: linux-reuse-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/12710
Date Reported: 07/21/2003
Brief Description: Linux kernel STP could allow an attacker to modify
bridge topology
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux kernel prior to 2.4.21, Red Hat Linux 7.1,
Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux
8.0, Red Hat Linux 9
Vulnerability: linux-stp-modify-topology
X-Force URL: http://xforce.iss.net/xforce/xfdb/12711
Date Reported: 07/21/2003
Brief Description: Linux kernel could allow an attacker to spoof the
IP Forwarding Table
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux kernel prior to 2.4.21, Red Hat Linux 7.1,
Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux
8.0, Red Hat Linux 9
Vulnerability: linux-forwarding-table-spoof
X-Force URL: http://xforce.iss.net/xforce/xfdb/12713
Date Reported: 07/16/2003
Brief Description: PHP include and require functions safemode bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, PHP 4.3 to 4.3.2, Unix Any
version, Windows Any version
Vulnerability: php-multiple-safemode-bypass
X-Force URL: http://xforce.iss.net/xforce/xfdb/12714
Date Reported: 07/23/2003
Brief Description: Gästebuch guestbookdat database file information
disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Gästebuch 1.60 Beta, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: gästebuch-guestbookdat-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/12715
Date Reported: 07/24/2003
Brief Description: Gästebuch pwd file password disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Gästebuch 1.60 Beta, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: gästebuch-pwd-password-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/12716
Date Reported: 07/24/2003
Brief Description: paFileDB file.php upload command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, paFileDB 3.1 and earlier, Unix
Any version, Windows Any version
Vulnerability: pafiledb-upload-command-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/12717
Date Reported: 07/23/2003
Brief Description: Oracle FNDWRR buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Oracle E-Business Suite 11i
Releases 5.1-5.8, Unix Any version, Windows Any
version
Vulnerability: oracle-fndwrr-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12718
Date Reported: 07/23/2003
Brief Description: Oracle AOL/J Setup Test allows attacker to obtain
information
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Oracle E-Business Suite 11i
Releases 5.1-5.8, Unix Any version, Windows Any
version
Vulnerability: oracle-aolj-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/12719
Date Reported: 07/24/2003
Brief Description: MIT Kerberos has an incorrect ETYPE-INFO2
implementation
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, MIT Kerberos 5 5-1.3, Unix Any
version
Vulnerability: kerberos-incorrect-etype-info2
X-Force URL: http://xforce.iss.net/xforce/xfdb/12720
Date Reported: 07/23/2003
Brief Description: Oracle Database Server EXTPROC executable buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Oracle8i Database Server 8.1.x,
Oracle9i Database Server Release 1 Any version,
Oracle9i Database Server Release 2 Any version,
Unix Any version, Windows Any version
Vulnerability: oracle-extrproc-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/12721
Date Reported: 07/24/2003
Brief Description: HP Color LaserJet 4550 administration interface
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: HP Color LaserJet 4550 Any version
Vulnerability: hp-laserjet-admin-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/12722
Date Reported: 07/24/2003
Brief Description: HP Color LaserJet 4550 allows an attacker to gain
access to Web administration interface
Risk Factor: Medium
Attack Type: Network Based
Platforms: HP Color LaserJet 4550 Any version
Vulnerability: hp-laserjet-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/12723
Date Reported: 07/23/2003
Brief Description: Microsoft Windows Media Player ASF file could allow
code execution
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, Windows Media Player 8 and
earlier
Vulnerability: mediaplayer-asf-code-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/12724
Date Reported: 07/25/2003
Brief Description: PBLang message cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, PBLang 4.0 and earlier, Unix Any
version, Windows Any version
Vulnerability: pblang-message-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/12726
Date Reported: 07/23/2003
Brief Description: Mac OS X Workgroup Manager could allow an attacker
to gain access to an account
Risk Factor: Medium
Attack Type: Network Based
Platforms: Mac OS X 10.2 and later
Vulnerability: macos-workgroup-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/12728
Date Reported: 07/22/2003
Brief Description: guanxiCRM PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: guanxiCRM 0.9.1, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: guanxicrm-php-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/12730
Date Reported: 07/17/2003
Brief Description: Message Foundry name field cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Message Foundry 2.75.0003, Windows Any version
Vulnerability: messagefoundry-name-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/12731
Date Reported: 07/17/2003
Brief Description: Message Foundry MF.ini file stores administrative
password in plain text
Risk Factor: Medium
Attack Type: Host Based
Platforms: Message Foundry 2.75.0003, Windows Any version
Vulnerability: messagefoundry-mf-plaintext-password
X-Force URL: http://xforce.iss.net/xforce/xfdb/12733
Date Reported: 07/17/2003
Brief Description: Message Foundry Edit Profile section allows
password to be changed
Risk Factor: Medium
Attack Type: Network Based
Platforms: Message Foundry 2.75.0003, Windows Any version
Vulnerability: messagefoundry-editprofile-change-password
X-Force URL: http://xforce.iss.net/xforce/xfdb/12734
_____
Risk Factor Key:
High Security issues that allow immediate remote, or local access
or immediate execution of code or commands, with unauthorized
privileges. Examples are most buffer overflows, backdoors,
default or no password, and bypassing security on firewalls
or other network components.
Medium Security issues that have the potential of granting access or
allowing code execution by means of complex or lengthy exploit
procedures, or low risk issues applied to major Internet
components. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service of major applications,
and denial of service resulting in system information disclosure
(such as core files).
Low Security issues that deny service or provide non-system
information that could be used to formulate structured attacks
on a target, but not directly gain unauthorized access. Examples
are brute force attacks, non-system information disclosure
(configurations, paths, etc.), and denial of service attacks.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user.s risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://xforce.iss.net/xforce/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPyV+XzRfJiV99eG9AQEVFwP9GUBEF6U1s2hu+itenF/3Tqqkiy2xBH2e
LMBmJPSJ0WwqKPUvfVp1uWVL3EVPXeZQHb3IXfLl8RnHyM2LPVtCljnAp/kVgmHM
tNoVgPCR9qWcydN7F2mKNhgvJC0m2ne/YNeQVoHvjw3kkIIkzvOvGc17jpJ0E8X0
WKsEz0YHHqk=
=e87l
-----END PGP SIGNATURE-----
- Previous message: Graham, Robert (ISS Atlanta): "RE: Traffic Balancing on High-speed IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
