ISS Security Alert Summary AS03-32

From: X-Force (xforce_at_iss.net)
Date: 08/11/03

  • Next message: X-Force: "ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation"
    To: alert@iss.net
    Date: Mon, 11 Aug 2003 10:04:11 -0400 (EDT)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary AS03-32
    August 11, 2003

    X-Force Vulnerability and Threat Database:
    http://xforce.iss.net/

    To receive these Alert Summaries, as well as other Alerts and
    Advisories, subscribe to the Internet Security Systems Alert
    mailing list at:
    https://atla-mm1.iss.net/mailman/listinfo/alert

    This summary is available at the following address:
    http://xforce.iss.net/xforce/alerts/id/AS03-32
    _____
    Contents:
    * 47 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 08/02/2003
    Brief Description: Netfilter Network Address Translation (NAT) denial
                        of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, Linux kernel 2.4.20, Linux
                        kernel 2.5
    Vulnerability: netfilter-networkaddresstranslation-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12806

    Date Reported: 08/02/2003
    Brief Description: mindi creates insecure temporary files
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, Linux Any version, mindi Any
                        version
    Vulnerability: mindi-tempfile-insecure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12807

    Date Reported: 08/02/2003
    Brief Description: Netfilter connection tracking function denial of
                        service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, Linux kernel 2.4.20
    Vulnerability: netfilter-connectiontracking-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12808

    Date Reported: 07/31/2003
    Brief Description: TrueType Font Server for X11 off-by-one error
                        memory leak
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Debian Linux 3.0, Linux Any version, TrueType Font
                        Server for X11 prior to 1.5.1, Unix Any version
    Vulnerability: truetype-offbyone-memory-leak
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12809

    Date Reported: 07/30/2003
    Brief Description: Small HTTP Server stores administrative password in
                        plain text
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Small HTTP Server 3.03998, Windows Any version
    Vulnerability: smallhttp-httpcfg-plaintext-password
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12810

    Date Reported: 08/03/2003
    Brief Description: xtokkaetama -nickname command line option buffer
                        overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, Linux Any version, xtokkaetama
                        1.0b
    Vulnerability: xtokkaetama-nickname-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12811

    Date Reported: 08/06/2003
    Brief Description: D-Link DI-704P long HTTP request denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: D-Link DI704P 2.70
    Vulnerability: dlink-long-http-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12812

    Date Reported: 08/04/2003
    Brief Description: Macromedia Dreamweaver MX PHP User Authentication
                        Suite login cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Macromedia Dreamweaver MX 6.0, Windows Any version
    Vulnerability: dreamweaver-php-login-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12813

    Date Reported: 07/31/2003
    Brief Description: User Werben Hack and Guthabenhack new user form SQL
                        injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Guthaben hack 3.0, Linux Any version, Unix Any
                        version, User Werben Hack Any version, Windows Any
                        version
    Vulnerability: userwerbenhack-newuser-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12814

    Date Reported: 08/03/2003
    Brief Description: Postfix could be used as a distributed denial of
                        service tool
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Conectiva Linux 7.0, Conectiva Linux 8.0, Debian
                        Linux 3.0, Postfix 1.1.11 and earlier, Red Hat
                        Linux 7.3, Red Hat Linux 8.0, Red Hat Linux 9, SuSE
                        eMail Server 3.1, SuSE eMail Server III Any
                        version, SuSE Linux 7.2, SuSE Linux 7.3, SuSE Linux
                        8.0, SuSE Linux 8.1, SuSE Linux Connectivity Server
                        Any version, SuSE Linux Database Server Any
                        version, SuSE Linux Desktop 1.0, SuSE Linux
                        Enterprise Server 7, SuSE Linux Enterprise Server
                        8, SuSE Linux Office Server Any version, SuSE Linux
                        Openexchange Server Any version, UnitedLinux 1.0
    Vulnerability: postfix-ddos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12815

    Date Reported: 08/03/2003
    Brief Description: Postfix MAIL FROM or RCPT TO denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Conectiva Linux 7.0, Conectiva Linux 8.0, Debian
                        Linux 3.0, EnGarde Secure Linux 1.0.1, EnGarde
                        Secure Linux Community Edition, EnGarde Secure
                        Linux Professional Edition, Postfix 1.1.12 and
                        earlier, Red Hat Linux 7.3, Red Hat Linux 8.0, Red
                        Hat Linux 9, SuSE eMail Server 3.1, SuSE eMail
                        Server III Any version, SuSE Linux 7.2, SuSE Linux
                        7.3, SuSE Linux 8.0, SuSE Linux 8.1, SuSE Linux
                        Connectivity Server Any version, SuSE Linux
                        Database Server Any version, SuSE Linux Desktop
                        1.0, SuSE Linux Enterprise Server 7, SuSE Linux
                        Enterprise Server 8, SuSE Linux Office Server Any
                        version, SuSE Linux Openexchange Server Any
                        version, Trustix Secure Linux 1.2, Trustix Secure
                        Linux 1.5, UnitedLinux 1.0
    Vulnerability: postfix-mailfrom-rcptto-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12816

    Date Reported: 08/05/2003
    Brief Description: Everybuddy message denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Everybuddy 0.4.3, Linux Any version, Unix Any
                        version
    Vulnerability: everybuddy-message-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12817

    Date Reported: 08/04/2003
    Brief Description: vqServer irun.ini plaintext password
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Linux Any version, Macintosh Any version, Solaris
                        Any version, Unix Any version, vqServer 1.9.55,
                        Windows Any version
    Vulnerability: vqServer-irunini-plaintext-password
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12818

    Date Reported: 08/04/2003
    Brief Description: Mollensoft FTP Server users directory plaintext
                        password
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Mollensoft FTP Server 3.5.3, Windows Any version
    Vulnerability: mollensoft-users-plaintext-password
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12819

    Date Reported: 08/04/2003
    Brief Description: Forum Web Server admin username default password
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Forum Web Server 1.5, Windows 2000 Server, Windows
                        NT 4.0
    Vulnerability: forumwebserver-admin-default-password
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12820

    Date Reported: 08/02/2003
    Brief Description: Bajie HTTP Server user.properties plaintext
                        administrative password
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Bajie HTTP Server 0.95zxt, Linux Any version, Mac
                        OS Any version, Unix Any version, Windows Any
                        version
    Vulnerability: bajie-userproperties-plaintext-password
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12821

    Date Reported: 08/05/2003
    Brief Description: IBM DB2 db2job binary insecure permissions checking
    Risk Factor: High
    Attack Type: Host Based
    Platforms: IBM DB2 UDB 7.1, Linux Any version
    Vulnerability: ibm-db2job-insecure-permissions
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12822

    Date Reported: 08/03/2003
    Brief Description: Compaq Insight Manager format string
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Compaq Insight Manager 5.00 H, Windows Any version
    Vulnerability: compaq-insightmanager-format-string
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12823

    Date Reported: 08/02/2003
    Brief Description: Multiple vendor device drivers allow attacker to
                        gain privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Norton AntiVirus 2002, Windows Any version,
                        ZoneAlarm 3.1
    Vulnerability: device-driver-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12824

    Date Reported: 08/05/2003
    Brief Description: aspBoard URL field cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: aspBoard 1.2, Windows 2000 Any version, Windows NT
                        Any version
    Vulnerability: aspboard-url-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12825

    Date Reported: 08/05/2003
    Brief Description: IBM DB2 allows attacker to gain privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: IBM DB2 UDB 7.1, IBM DB2 UDB 8.1, Linux Any version
    Vulnerability: ibm-db2-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12826

    Date Reported: 08/05/2003
    Brief Description: TightVNC security bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: TightVNC prior to 1.2.9, Windows Any version
    Vulnerability: tightvnc-security-bypass
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12827

    Date Reported: 07/31/2003
    Brief Description: IISShield could allow an attacker to bypass HTTP
                        packet filter
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: IISShield prior to 1.0.2, Windows Any version
    Vulnerability: iisshield-packet-filter-bypass
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12828

    Date Reported: 08/05/2003
    Brief Description: eroaster insecure temporary lockfile
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, eroaster Any version
    Vulnerability: eroaster-tmp-lockfile-insecure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12829

    Date Reported: 08/04/2003
    Brief Description: NetBSD OSI packet denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: NetBSD 1.5, NetBSD 1.5.1, NetBSD 1.5.2, NetBSD
                        1.5.3, NetBSD 1.6, NetBSD 1.6.1
    Vulnerability: netbsd-osi-packet-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12830

    Date Reported: 08/01/2003
    Brief Description: Novell iChain could allow an attacker to redirect
                        URLs to malicious Web site
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: iChain 2.2 prior to SP1, Linux Any version, Solaris
                        Any version, Windows Any version
    Vulnerability: ichain-url-redirect
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12831

    Date Reported: 08/01/2003
    Brief Description: Novell iChain could allow an attacker to determine
                        valid usernames
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: iChain 2.2 prior to SP1, Linux Any version, Solaris
                        Any version, Windows Any version
    Vulnerability: ichain-username-bruteforce
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12832

    Date Reported: 08/05/2003
    Brief Description: Sun ONE Application Server JSP source disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Red Hat Linux 7.2, Solaris 8, Solaris 9, Sun Linux
                        5.0, Sun ONE Application Server 6.5, Windows 2000
                        Any version, Windows XP Professional SP1
    Vulnerability: sunone-source-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12833

    Date Reported: 08/06/2003
    Brief Description: Crob FTP Server login denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Crob FTP Server 2.60.1, Windows Any version
    Vulnerability: crob-login-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12834

    Date Reported: 08/03/2003
    Brief Description: Microsoft Windows Pocket PC could allow an attacker
                        to gain access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Pocket PC Any version, Windows Any version
    Vulnerability: pocket-pc-gain-access
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12835

    Date Reported: 08/06/2003
    Brief Description: Crob FTP Server FTP command denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Crob FTP Server 2.60.1, Windows Any version
    Vulnerability: crob-command-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12837

    Date Reported: 08/06/2003
    Brief Description: Crob FTP Server rename file denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Crob FTP Server 2.60.1, Windows Any version
    Vulnerability: crob-rename-file-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12838

    Date Reported: 08/07/2003
    Brief Description: Cisco CSS TCP SYN packet denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Cisco Content Service Switch 11050, Cisco Content
                        Service Switch 11150, Cisco Content Service Switch
                        11800, Cisco WebNS prior to 5.00.110s
    Vulnerability: cisco-css-syn-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12839

    Date Reported: 08/06/2003
    Brief Description: 121 Wam! Server CWD command "dot dot" directory
                        traversal
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: 121 Wam! Server 1.0.4.0, Windows Any version
    Vulnerability: 121wamserver-dotdot-directory-traversal
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12840

    Date Reported: 08/06/2003
    Brief Description: man-db DEFINE directives execute code
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, man-db 2.4.1 and earlier, Unix
                        Any version
    Vulnerability: mandb-define-execute-commands
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12841

    Date Reported: 08/04/2003
    Brief Description: Invision Power Board IBF formatting tag HTML
                        injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Invision Power Board Any version, Linux Any
                        version, Unix Any version, Windows Any version
    Vulnerability: invision-ibf-html-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12842

    Date Reported: 08/06/2003
    Brief Description: D-Link DI-704P long HTTP request configuration Web
                        page
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: D-Link DI704P 2.70
    Vulnerability: dlink-http-configuration-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12843

    Date Reported: 08/07/2003
    Brief Description: Ideal BB error.asp cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Ideal BB 1.4.9 beta, Windows Any version
    Vulnerability: ideal-bb-error-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12844

    Date Reported: 08/06/2003
    Brief Description: man-db open_cat_stream function allows attacker to
                        gain privileges
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Debian Linux 3.0, man-db 2.3.12 beta, man-db 2.3.18
                        to 2.41, Unix Any version
    Vulnerability: mandb-opencatstream-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12848

    Date Reported: 08/07/2003
    Brief Description: IPNetMonitorX and IPNetSentryX information
                        disclosure
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: IPNetMonitorX prior to 1.3c1, IPNetSentryX prior to
                        1.1c3, Mac OS X Any version
    Vulnerability: ipnetmonitorx-ipnetsentryx-obtain-info
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12849

    Date Reported: 08/07/2003
    Brief Description: Lotus Instant Messaging and Web Conferencing
                        information disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Lotus Instant Messaging and Web Conf. 1.5, Lotus
                        Instant Messaging and Web Conf. 3.0, Windows Any
                        version
    Vulnerability: lotusinstantmessaging-obtain-information
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12850

    Date Reported: 08/08/2003
    Brief Description: vBulletin register.php cross-site scripting
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, vBulletin
                        3.0.0 Beta 2, Windows Any version
    Vulnerability: vbulletin-register-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12851

    Date Reported: 08/07/2003
    Brief Description: tcpflow format string
    Risk Factor: High
    Attack Type: Host Based
    Platforms: tcpflow 0.20, Unix Any version
    Vulnerability: tcpflow-format-string
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12852

    Date Reported: 08/08/2003
    Brief Description: C-Cart multiple scripts path disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: C-Cart 1.0, Linux Any version, Unix Any version
    Vulnerability: ccart-multiple-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12853

    Date Reported: 08/08/2003
    Brief Description: man-db command buffer overflow
    Risk Factor: Low
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, man-db 2.4.1 and earlier, Unix
                        Any version
    Vulnerability: mandb-command-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12854

    Date Reported: 08/08/2003
    Brief Description: up2date packages without GPG signature automatic
                        install
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Red Hat Linux 8.0, Red Hat Linux
                        9, Unix Any version, up2date 3.0.7, up2date 3.1.23
    Vulnerability: up2date-gpg-automatic-install
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12855

    Date Reported: 08/08/2003
    Brief Description: Multiple vendor implementations of the RPC DCE
                        denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: AIX Any version, Entegrity DCE Any version, IBM DCE
                        2.2, IBM DCE 3.1, IBM DCE 3.2, IBM Dynix/ptx Any
                        version, Solaris Any version, UNICOS Any version,
                        Windows Any version
    Vulnerability: dce-rpc-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/12856

    _____

    Risk Factor Key:

         High Security issues that allow immediate remote, or local access
                  or immediate execution of code or commands, with unauthorized
                  privileges. Examples are most buffer overflows, backdoors,
                  default or no password, and bypassing security on firewalls
                  or other network components.
         Medium Security issues that have the potential of granting access or
                  allowing code execution by means of complex or lengthy exploit
                  procedures, or low risk issues applied to major Internet
                  components. Examples are cross-site scripting, man-in-the-middle
                  attacks, SQL injection, denial of service of major applications,
                  and denial of service resulting in system information disclosure
                  (such as core files).
         Low Security issues that deny service or provide non-system
                  information that could be used to formulate structured attacks
                  on a target, but not directly gain unauthorized access. Examples
                  are brute force attacks, non-system information disclosure
                  (configurations, paths, etc.), and denial of service attacks.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforce@iss.net for
    permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the userís risk. In no event
    shall Internet Security Systems be held liable for any damages whatsoever arising
    out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://xforce.iss.net/xforce/sensitive.php

    Please send suggestions, updates, and comments to: X-Force
    xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPzehPDRfJiV99eG9AQF06gQAv0UQKI4WFFyNh+KLJp0qAtyEk6F+B41w
    nfHTyc/9u9G6ebKzk58TPgZCLThi4m1nvIuWDHeneP6A7gr6TuFloMSzYPBzst8+
    LSok1250URktep/Quu6hhFIiGDCzyiX0cxj92sS4vaxK+jWbOJRMMB8pQuAL2+A8
    NsOeT7h46DQ=
    =JQPs
    -----END PGP SIGNATURE-----


  • Next message: X-Force: "ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation"