ISS Security Alert Summary AS03-47

From: X-Force (xforce_at_iss.net)
Date: 11/24/03


To: alert@iss.net
Date: Mon, 24 Nov 2003 13:55:03 -0500 (EST)


-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS03-47
November 24, 2003

X-Force Vulnerability and Threat Database:
http://xforce.iss.net/

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
https://atla-mm1.iss.net/mailman/listinfo/alert

This summary is available at the following address:
http://xforce.iss.net/xforce/alerts/id/AS03-47
_____
Contents:
* 38 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 11/17/2003
Brief Description: MediaWiki $IP PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, MediaWiki 20031107, Unix Any
                    version, Windows Any version
Vulnerability: mediawiki-ip-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/13764

Date Reported: 11/17/2003
Brief Description: SAP DB NETAPI32.DLL could allow elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB 7.4.03.27 - earlier,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sapdb-NETAPI32-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/13765

Date Reported: 11/17/2003
Brief Description: SAP DB niserver interface buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB 7.4.03.27 - earlier,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sap-db-niserver-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13766

Date Reported: 11/16/2003
Brief Description: PostMaster HTTP request cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: PostMaster 3.16.1, Windows 98, Windows 2000 Any
                    version, Windows NT 4.0, Windows XP Any version
Vulnerability: postmaster-http-request-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/13767

Date Reported: 11/14/2003
Brief Description: monopd setPlayerToken race condition
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, monopd prior to 0.8.3
Vulnerability: monopd-setplayertoken-race-condition
X-Force URL: http://xforce.iss.net/xforce/xfdb/13768

Date Reported: 11/17/2003
Brief Description: SAP DB web-tools "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB prior to 7.4.03.30,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sapdb-webtools-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/13769

Date Reported: 11/17/2003
Brief Description: SAP DB Web Agent Administration allows unauthorized
                    access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB prior to 7.4.03.30,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sapdb-webagent-unauth-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/13770

Date Reported: 11/17/2003
Brief Description: SAP DB web-tools installation has default services
Risk Factor: Medium
Attack Type: Network Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB prior to 7.4.03.30,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sapdb-webtools-default-services
X-Force URL: http://xforce.iss.net/xforce/xfdb/13772

Date Reported: 11/17/2003
Brief Description: SAP DB waecho service long HTTP request buffer
                    overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB prior to 7.4.03.30,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sapdb-waecho-long-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13773

Date Reported: 11/17/2003
Brief Description: SAP DB Web Database Manager generates predictable
                    session IDs
Risk Factor: Medium
Attack Type: Network Based
Platforms: Compaq Tru64 UNIX Any version, HP-UX Any version,
                    Linux Any version, SAP DB prior to 7.4.03.30,
                    Solaris Any version, Windows 2000 Any version,
                    Windows NT 4.0, Windows XP Any version
Vulnerability: sapdb-manager-sessionid-predictable
X-Force URL: http://xforce.iss.net/xforce/xfdb/13774

Date Reported: 11/14/2003
Brief Description: phpWebFileManager index.php "dot dot" directory
                    traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, phpWebFileManager 2.0.0, Unix
                    Any version, Windows Any version
Vulnerability: phpwebfilemanager-index-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/13775

Date Reported: 11/17/2003
Brief Description: NetServe "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: NetServe 1.0.7, Windows Any version
Vulnerability: netserve-dotdot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/13776

Date Reported: 11/17/2003
Brief Description: NetServe administrative password disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: NetServe 1.0.7, Windows Any version
Vulnerability: netserve-obtain-admin-password
X-Force URL: http://xforce.iss.net/xforce/xfdb/13778

Date Reported: 11/16/2003
Brief Description: Rolis Guestbook PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Rolis Guestbook 1.0, Windows NT Any version
Vulnerability: rolisguestbook-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/13780

Date Reported: 11/17/2003
Brief Description: SqWebMail session hijacking
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SqWebMail Any version, Unix Any
                    version
Vulnerability: sqwebmail-session-hijacking
X-Force URL: http://xforce.iss.net/xforce/xfdb/13781

Date Reported: 11/17/2003
Brief Description: dtmailpr buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: HP-UX 11.00, HP-UX 11.11, HP-UX 11.22, HP-UX 11.23
Vulnerability: dtmailpr-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13782

Date Reported: 11/17/2003
Brief Description: HP-UX DCE network traffic denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: HP-UX 11.00, HP-UX 11.11
Vulnerability: hp-dce-traffic-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/13783

Date Reported: 11/17/2003
Brief Description: OpenBSD compat_ibcs2 buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: OpenBSD 3.4 and earlier
Vulnerability: openbsd-compatibcs-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13787

Date Reported: 11/19/2003
Brief Description: Kerio WinRoute Firewall proxy-authorization header
                    information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Kerio WinRoute Firewall 5.1.0, Windows Any version
Vulnerability: kerio-header-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/13788

Date Reported: 11/19/2003
Brief Description: Mac OS X sudo allows unauthorized access
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mac OS X 10.2.3, Mac OS X 10.2.7, Mac OS X 10.3
Vulnerability: macos-sudo-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/13789

Date Reported: 11/19/2003
Brief Description: Half-Life Server allowdownload enabled could
                    disclose sensitive information
Risk Factor: Medium
Attack Type: Network Based
Platforms: Half-Life Dedicated Server 47 1.1, Linux Any
                    version, Windows Any version
Vulnerability: halflife-allowdownload-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/13790

Date Reported: 11/19/2003
Brief Description: Half-Life Server allowdownload denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Half-Life Dedicated Server 47 1.1, Unix Any
                    version, Windows Any version
Vulnerability: halflife-allowdownload-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/13791

Date Reported: 11/19/2003
Brief Description: Sun Solaris PGX32 frame buffer could allow root
                    privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Solaris 2.5.1, Solaris 2.6, Solaris 7, Solaris 8,
                    Solaris 9
Vulnerability: solaris-pgx32-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/13792

Date Reported: 11/19/2003
Brief Description: Yak! has default username
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Yak! 2.1.0
Vulnerability: yak-username-default
X-Force URL: http://xforce.iss.net/xforce/xfdb/13793

Date Reported: 11/20/2003
Brief Description: phpFriendlyAdmin cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version,
                    phpFriendlyAdmin 1.4 and earlier
Vulnerability: phpfriendlyadmin-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/13794

Date Reported: 11/19/2003
Brief Description: Microsoft SharePoint settings.htm authentication
                    bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft SharePoint Any version, Windows Any
                    version
Vulnerability: sharepoint-settings-bypass-authentication
X-Force URL: http://xforce.iss.net/xforce/xfdb/13795

Date Reported: 11/14/2003
Brief Description: KDE configuration files have insecure permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms: K Desktop Environment (KDE) 3.1, K Desktop
                    Environment (KDE) 3.1, K Desktop Environment (KDE)
                    3.1, SuSE Linux 8.2
Vulnerability: kde-configuration-insecure-permissions
X-Force URL: http://xforce.iss.net/xforce/xfdb/13796

Date Reported: 11/20/2003
Brief Description: EffectOffice Server buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: EffectOffice Server 2.9, Windows 98, Windows 2000
                    Any version, Windows NT Any version
Vulnerability: effectoffice-server-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13798

Date Reported: 11/20/2003
Brief Description: SIRCD set usermode could allow elevated privileges
Risk Factor: High
Attack Type: Network Based
Platforms: FreeBSD Ports Collection Any version, Linux Any
                    version, SIRCD 0.5.2 and 0.5.3, Solaris Any
                    version, Windows 2000 Any version, Windows NT Any
                    version
Vulnerability: sircd-usermode-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/13799

Date Reported: 11/20/2003
Brief Description: Sybase Adaptive Server TDS LOGINREC password array
                    buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Macintosh Any version, Sybase
                    Adaptive Server 12.5, Unix Any version, Windows Any
                    version
Vulnerability: sybase-passwordarray-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13800

Date Reported: 11/20/2003
Brief Description: FreeRADIUS UDP packet heap overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: FreeRADIUS 0.9.2 and earlier, Linux Any version,
                    Unix Any version
Vulnerability: freeradius-udp-heap-overflow
X-Force URL: http://xforce.iss.net/xforce/xfdb/13801

Date Reported: 11/20/2003
Brief Description: IBM AIX rcp command buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: AIX 4.3.3, AIX 5.1, AIX 5.2
Vulnerability: aix-rcp-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/13802

Date Reported: 11/21/2003
Brief Description: Xitami POST request denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Windows Any
                    version, Xitami 2.5 and earlier
Vulnerability: xitami-post-request-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/13803

Date Reported: 11/16/2003
Brief Description: HP IPFilter B9901AA insecure protection
Risk Factor: Low
Attack Type: Network Based
Platforms: HP-UX 11.00, HP-UX 11.11, HP-UX 11.22, HP-UX 11.23
Vulnerability: hp-ipfilter-insecure-protection
X-Force URL: http://xforce.iss.net/xforce/xfdb/13804

Date Reported: 11/21/2003
Brief Description: MSN Messenger file transfer invitation request IP
                    address disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft MSN Messenger 1.0 through 6.0.0602,
                    Windows Any version
Vulnerability: msn-filetransfer-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/13805

Date Reported: 11/21/2003
Brief Description: FreeRADIUS access packet with Tunnel-Password
                    attribute denial of service
Risk Factor: High
Attack Type: Network Based
Platforms: FreeRADIUS prior to 0.9.2, Unix Any version
Vulnerability: freeradius-accesspacket-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/13806

Date Reported: 11/21/2003
Brief Description: rpc.mountd MOUNT request access allowed
Risk Factor: Medium
Attack Type: Network Based
Platforms: IRIX 6.5 to 6.5.22
Vulnerability: rpcmountd-mount-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/13807

Date Reported: 11/21/2003
Brief Description: rpc.mountd denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: IRIX 6.5 to 6.5.22
Vulnerability: rpcmountd-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/13808

_____

Risk Factor Key:

     High Security issues that allow immediate remote, or local access
              or immediate execution of code or commands, with unauthorized
              privileges. Examples are most buffer overflows, backdoors,
              default or no password, and bypassing security on firewalls
              or other network components.
     Medium Security issues that have the potential of granting access or
              allowing code execution by means of complex or lengthy exploit
              procedures, or low risk issues applied to major Internet
              components. Examples are cross-site scripting, man-in-the-middle
              attacks, SQL injection, denial of service of major applications,
              and denial of service resulting in system information disclosure
              (such as core files).
     Low Security issues that deny service or provide non-system
              information that could be used to formulate structured attacks
              on a target, but not directly gain unauthorized access. Examples
              are brute force attacks, non-system information disclosure
              (configurations, paths, etc.), and denial of service attacks.

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the userís risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://xforce.iss.net/xforce/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBP8JT7zRfJiV99eG9AQHnBQP/chDNy2GMgFpHti4gdn/Cj/BooUQgOOAS
GBcvYzOM2I8NshRk2/oJ9WzDZdv0EkZYQSWo2at/31/U6T+Dyb8/uxoMkPSN4hsM
EpOdRZ6PRvkQ4obr1ImvRr/1VBZqJd9y+wx90I32fhikih4DWYw4H+yWpZPHODtX
xWn3vlMLm10=
=DlT4
-----END PGP SIGNATURE-----