ISS Security Alert Summary AS03-52

From: X-Force (xforce_at_iss.net)
Date: 12/29/03


To: alert@iss.net
Date: Mon, 29 Dec 2003 14:16:00 -0500 (EST)


-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert Summary AS03-52
December 29, 2003

X-Force Vulnerability and Threat Database:
http://xforce.iss.net/

To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
https://atla-mm1.iss.net/mailman/listinfo/alert

This summary is available at the following address:
http://xforce.iss.net/xforce/alerts/id/AS03-52
_____
Contents:
* 29 Reported Vulnerabilities
* Risk Factor Key
_____

Date Reported: 12/20/2003
Brief Description: bes-cms multiple PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: bes-cms 0.4 rc3, bes-cms 0.5 rc3, Linux Any
                    version, Unix Any version
Vulnerability: bescms-multiple-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/14043

Date Reported: 12/20/2003
Brief Description: OpenBSD tcpdump L2TP protocol denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: OpenBSD 3.3, OpenBSD Current
Vulnerability: tcpdump-l2tp-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/14046

Date Reported: 12/19/2003
Brief Description: Active WebCam error page cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Active WebCam 4.3 and earlier, Windows Any version
Vulnerability: active-webcam-error-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/14047

Date Reported: 12/19/2003
Brief Description: Active WebCam "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Active WebCam 4.3 and earlier, Windows Any version
Vulnerability: active-webcam-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/14048

Date Reported: 12/19/2003
Brief Description: AOL Instant Messenger buddy icon warning level
                    denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: AOL Instant Messenger All, Windows Any version
Vulnerability: aim-buddy-warning-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/14049

Date Reported: 12/21/2003
Brief Description: XOOPS myheader.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Windows Any
                    version, XOOPS 2.0.5.1
Vulnerability: xoops-myheaderphp-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/14050

Date Reported: 12/19/2003
Brief Description: AppleFileServer denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Mac OS X 10.2.8, Mac OS X 10.3
Vulnerability: applefileserver-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/14051

Date Reported: 12/22/2003
Brief Description: BoastMachine comment form cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: BoastMachine 2.6, Unix Any version, Windows Any
                    version
Vulnerability: boastmachine-comment-form-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/14054

Date Reported: 12/22/2003
Brief Description: Double Choco Latte multiple scripts PHP file
                    include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Double Choco Latte prior to 0.9.4, Linux Any
                    version, Unix Any version, Windows Any version
Vulnerability: doublechocolatte-multiple-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/14055

Date Reported: 12/20/2003
Brief Description: unix2tcp command line buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, Unix2tcp prior
                    to 0.8.0
Vulnerability: unix2tcp-commandline-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/14056

Date Reported: 12/19/2003
Brief Description: ProjectForum and CourseForum multiple cross-site
                    scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: CourseForum Any version, Linux Any version,
                    ProjectForum 8.4.2.1 and prior, Unix Any version,
                    Windows Any version
Vulnerability: projectforum-courseforum-multiple-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/14057

Date Reported: 12/18/2003
Brief Description: Subscribe Me setup.pl command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Subscribe Me Enterprise Any
                    version, Subscribe Me Pro Any version, Unix Any
                    version, Windows Any version
Vulnerability: subscribe-me-command-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/14058

Date Reported: 12/19/2003
Brief Description: Xerox Document Centre plaintext passwords
Risk Factor: Medium
Attack Type: Network Based
Platforms: Xerox Document Centre 255ST, Xerox Document Centre
                    425ST, Xerox Document Centre 440DC, Xerox Document
                    Centre 470, Xerox Document Centre 480DC
Vulnerability: document-centre-password-plaintext
X-Force URL: http://xforce.iss.net/xforce/xfdb/14060

Date Reported: 12/19/2003
Brief Description: Xerox Document Centre allows addition of new users
Risk Factor: Medium
Attack Type: Network Based
Platforms: Xerox Document Centre 255ST, Xerox Document Centre
                    425ST, Xerox Document Centre 440DC, Xerox Document
                    Centre 470, Xerox Document Centre 480DC
Vulnerability: document-centre-add-users
X-Force URL: http://xforce.iss.net/xforce/xfdb/14061

Date Reported: 12/22/2003
Brief Description: ProjectForum and CourseForum long find causes
                    denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: CourseForum Any version, Linux Any version,
                    ProjectForum 8.4.2.1 and prior, Unix Any version,
                    Windows Any version
Vulnerability: projectforum-courseforum-find-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/14062

Date Reported: 12/22/2003
Brief Description: osCommerce SQL injection causes denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, osCommerce 2.2ms1, Unix Any
                    version, Windows Any version
Vulnerability: oscommerce-sql-injection-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/14063

Date Reported: 12/20/2003
Brief Description: ORiNOCO multicast allows administrative access
Risk Factor: Medium
Attack Type: Network Based
Platforms: ORiNOCO Access Points Any version
Vulnerability: orinoco-multicast-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/14064

Date Reported: 12/22/2003
Brief Description: Sun Solaris ls-F built-in command allows elevated
                    privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Solaris 8
Vulnerability: solaris-lsf-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/14065

Date Reported: 12/23/2003
Brief Description: My Little Forum cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, My Little Forum
                    1.3
Vulnerability: my-little-forum-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/14066

Date Reported: 12/22/2003
Brief Description: osCommerce manufacturers_id cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, osCommerce 2.2ms1, Unix Any
                    version, Windows Any version
Vulnerability: oscommerce-manufacturersid-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/14067

Date Reported: 12/22/2003
Brief Description: DCAM WebCam Server "dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: DCAM 8.2.5 and earlier, Windows Any version
Vulnerability: dcam-dot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/14068

Date Reported: 12/21/2003
Brief Description: CesarFTP CWD command denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: CesarFTP 0.99g, Windows Any version
Vulnerability: cesarftp-cwd-command-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/14069

Date Reported: 12/23/2003
Brief Description: QuikStore Shopping Cart "dot dot" directory
                    traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Quicken TurboTax Any version,
                    QuikStore Any version, Unix Any version, Windows
                    Any version
Vulnerability: quikstore-dotdot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/14070

Date Reported: 12/22/2003
Brief Description: Xlight ftp server PASS command buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Windows Any version, Xlight ftp server 1.41 and
                    earlier
Vulnerability: xlight-pass-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/14071

Date Reported: 12/23/2003
Brief Description: PlatinumFTPserver multiple commands format string
Risk Factor: High
Attack Type: Network Based
Platforms: PlatinumFTPserver 1.0.18, Windows Any version
Vulnerability: platinumftpserver-commands-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/14072

Date Reported: 12/23/2003
Brief Description: QuikStore Shopping Cart error message path
                    disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, QuikStore Any version, Unix Any
                    version, Windows Any version
Vulnerability: quikstore-error-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/14073

Date Reported: 12/27/2003
Brief Description: PHP-Nuke Survey module SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, PHP-Nuke 7.0 FINAL - earlier,
                    Unix Any version, Windows Any version
Vulnerability: phpnuke-survey-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/14074

Date Reported: 12/26/2003
Brief Description: Apache HTTP Server mod_php file descriptor leak
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Apache HTTP Server 2.0.x, Linux Any version, Unix
                    Any version
Vulnerability: apache-modphp-descriptor-leak
X-Force URL: http://xforce.iss.net/xforce/xfdb/14075

Date Reported: 12/28/2003
Brief Description: Microsoft Internet Information Server (IIS) fails
                    to properly log HTTP TRACK requests
Risk Factor: Medium
Attack Type: Network Based
Platforms: Microsoft IIS 5.0, Windows Any version
Vulnerability: iis-improper-httptrack-logging
X-Force URL: http://xforce.iss.net/xforce/xfdb/14077

_____

Risk Factor Key:

     High Security issues that allow immediate remote, or local access
              or immediate execution of code or commands, with unauthorized
              privileges. Examples are most buffer overflows, backdoors,
              default or no password, and bypassing security on firewalls
              or other network components.
     Medium Security issues that have the potential of granting access or
              allowing code execution by means of complex or lengthy exploit
              procedures, or low risk issues applied to major Internet
              components. Examples are cross-site scripting, man-in-the-middle
              attacks, SQL injection, denial of service of major applications,
              and denial of service resulting in system information disclosure
              (such as core files).
     Low Security issues that deny service or provide non-system
              information that could be used to formulate structured attacks
              on a target, but not directly gain unauthorized access. Examples
              are brute force attacks, non-system information disclosure
              (configurations, paths, etc.), and denial of service attacks.

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user's risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://xforce.iss.net/xforce/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBP/B9WTRfJiV99eG9AQHrnwQAhArEj1Eh6Q3ag9mbeGFYdfP3gBGmnDff
Rn8kGtRQts+d3zq2n7bRp6kzy61gNsaLyImrcoDr3ahLRUfPq90TM1+OgtVZdXi8
5UJbHLDtXPSunJdvFWBhXFbGyC+7DraJrCldCKJ9U8TveUd9tseGuTDx494TWRB5
fo1nLrEbFDw=
=qOSs
-----END PGP SIGNATURE-----