ISS Security Alert Summary AS04-23

From: X-Force (xforce_at_iss.net)
Date: 06/07/04

  • Next message: X-Force: "ISS Security Alert Summary AS04-24"
    Date: Mon, 7 Jun 2004 13:46:45 -0400 (EDT)
    To: alert@iss.net
    
    

    -----BEGIN PGP SIGNED MESSAGE-----

    1:19 PM 6/7/2004Internet Security Systems Security Alert Summary AS04-23
    June 07, 2004

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/

    Attention ISS Alert subscribers: In an effort to reserve communication via
    this mailing list for high priority security issues only,
    Internet Security Systems will discontinue the weekly Alert Summary report at
    the end of June, 2004. The June 28th edition will be the last Alert Summary
    published. ISS will continue to release high priority Alerts and Advisories
    via this mailing list after that date. ISS X-Force will send Alerts when
    X-Force learns of a serious vulnerability or threat posing significant risk
    to customers and the public, and Advisories will contain vulnerability
    information stemming from original, internal X-Force research. Subscribers
    to our X-Force Threat Analysis Service (XFTAS) can access the information
    currently contained in the weekly Alert Summary in addition to current
    and forecast assessments with links to recommended fixes and security
    advice for active vulnerabilities, viruses, worms, and threats. To subscribe
    to XFTAS, please visit http://xforce.iss.net/xftas/ or contact sales@iss.net.

    This summary is available at the following address:
    http://xforce.iss.net/xforce/alerts/id/AS04-23

    Contents:
    * 49 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 06/01/2004
    Brief Description: Kerberos krb5_aname_to_localname library function
                        buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Any operating system Any version, Mandrake Linux
                        10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
                        Mandrake Linux Corporate Server 2.1, Mandrake Multi
                        Network Firewall 8.2, MIT Kerberos 5 krb5-1.3.3 and
                        prior
    Vulnerability: Kerberos-krb5anametolocalname-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16268

    Date Reported: 05/27/2004
    Brief Description: Microsoft Windows IPSec filter bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows 2000 Any version, Windows XP Any version
    Vulnerability: windows-ipsec-filter-bypass
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16270

    Date Reported: 05/30/2004
    Brief Description: jftpgw log function format string
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Any operating system Any version, Debian Linux 3.0,
                        jftpgw prior to 0.13.4
    Vulnerability: jftpgw-log-format-string
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16271

    Date Reported: 05/27/2004
    Brief Description: jPortal print.inc.php allows SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: jPortal Any version, Linux Any version, Unix Any
                        version, Windows Any version
    Vulnerability: jportal-printincphp-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16272

    Date Reported: 05/30/2004
    Brief Description: GATOS xatitv program allows elevated privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: GATOS Any version, Linux Any version
    Vulnerability: gatos-xatitv-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16273

    Date Reported: 05/31/2004
    Brief Description: Linksys WRT54G remote administration function
                        security bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linksys WRT54G 2.02.7
    Vulnerability: linksys-remote-bypass-security
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16274

    Date Reported: 05/30/2004
    Brief Description: TinyWeb GET request allows attacker to download
                        scripts
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: TinyWeb 1.92, Windows Any version
    Vulnerability: tinyweb-get-download-scripts
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16275

    Date Reported: 05/31/2004
    Brief Description: Microsoft Windows 2000 Advanced Server fully
                        qualified domain name security bypass
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Windows 2000 Advanced Server
    Vulnerability: win2000-fqdn-security-bypass
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16276

    Date Reported: 05/29/2004
    Brief Description: e107 multiple scripts path disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, e107 prior to
                        0.616
    Vulnerability: e107-multiplescripts-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16277

    Date Reported: 05/28/2004
    Brief Description: spamGuard multiple buffer overflows
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, spamGuard prior to 1.7-BETA,
                        Unix Any version
    Vulnerability: spamguard-multiple-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16278

    Date Reported: 05/29/2004
    Brief Description: e107 clock_menu.php cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, e107 prior to
                        0.616
    Vulnerability: e107-clock-menu-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16279

    Date Reported: 05/29/2004
    Brief Description: e107 email to a friend feature cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, e107 prior to
                        0.616
    Vulnerability: e107-email-friend-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16280

    Date Reported: 05/29/2004
    Brief Description: e107 user settings.php script cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, e107 prior to
                        0.616
    Vulnerability: e107-user-setting-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16281

    Date Reported: 05/29/2004
    Brief Description: e107 secure_img_render.php PHP file include
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, e107 prior to
                        0.616
    Vulnerability: e107-secure-img-render-file-include
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16282

    Date Reported: 05/29/2004
    Brief Description: e107 content.php news.php SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, e107 prior to
                        0.616
    Vulnerability: e107-content-news-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16283

    Date Reported: 05/29/2004
    Brief Description: Land Down Under BBcode cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Land Down Under
                        prior to 700-06
    Vulnerability: ldu-bbcode-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16284

    Date Reported: 05/30/2004
    Brief Description: SquirrelMail From header cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, SquirrelMail prior to 1.4.3,
                        SquirrelMail prior to 1.5.1 dev, Unix Any version
    Vulnerability: squirrelmail-from-header-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16285

    Date Reported: 06/01/2004
    Brief Description: Sambar show.asp and showperf.asp scripts cross-site
                        scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Sambar Server Pro Server 6.1
                        Beta 2, Windows Any version
    Vulnerability: sambar-show-showperf-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16286

    Date Reported: 06/01/2004
    Brief Description: Sambar showlog.asp and showini.asp scripts
                        directory traversal
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Sambar Server Pro Server 6.1
                        Beta 2, Windows Any version
    Vulnerability: sambar-multiple-directory-traversal
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16287

    Date Reported: 05/29/2004
    Brief Description: AppleFileServer Reporting issue
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS prior to 10.3.4
    Vulnerability: applefileserver-reporting-error
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16288

    Date Reported: 05/29/2004
    Brief Description: Mac OS X unknown issue in LoginWindow
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS prior to 10.3.4
    Vulnerability: macosx-loginwindow
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16289

    Date Reported: 05/29/2004
    Brief Description: Mac OS X issue in package installation
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS prior to 10.3.4
    Vulnerability: macosx-package-installation
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16290

    Date Reported: 05/29/2004
    Brief Description: Mac OS X NFS logging
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS prior to 10.3.4
    Vulnerability: macosx-nfs-logging
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16291

    Date Reported: 05/29/2004
    Brief Description: Mac OS X TCP packets out of sequence
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS prior to 10.3.4
    Vulnerability: macosx-tcp-packets
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16292

    Date Reported: 05/29/2004
    Brief Description: Mac OS X URL handling issue
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Mac OS prior to 10.3.4
    Vulnerability: macosx-url-handling
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16293

    Date Reported: 06/01/2004
    Brief Description: PHP-Nuke eregi function path disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, PHP-Nuke 7.3 and
                        prior
    Vulnerability: phpnuke-eregi-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16294

    Date Reported: 05/30/2004
    Brief Description: PHP-Nuke mainfile.php SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, PHP-Nuke Any
                        version
    Vulnerability: phpnuke-mainfilephp-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16295

    Date Reported: 06/01/2004
    Brief Description: osc2nuke eregi path disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, osc2nuke 7.x and prior, Unix Any
                        version, Windows Any version
    Vulnerability: osc2nuke-eregi-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16296

    Date Reported: 06/01/2004
    Brief Description: Oscnukelite eregi path disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Oscnukelite 3.1 and prior, Unix
                        Any version, Windows Any version
    Vulnerability: oscnukelite-eregi-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16297

    Date Reported: 06/01/2004
    Brief Description: Nuke Cops eregi path disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Nuke Cops betaNC,
                        PHP-Nuke 6.5 and later
    Vulnerability: nukecops-ergei-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16298

    Date Reported: 06/01/2004
    Brief Description: Linksys BEFSR41 remote administration function
                        security bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linksys EtherFast BEFSR41 any version
    Vulnerability: linksys-befsr41-remote-bypass-security
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16300

    Date Reported: 06/02/2004
    Brief Description: Gallery user bypass authentication
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Debian Linux 3.0, Gallery 1.2 up to 1.4.3-pl2,
                        Linux Any version
    Vulnerability: gallery-user-bypass-authentication
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16301

    Date Reported: 06/03/2004
    Brief Description: Linksys Gozila.cgi denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linksys EtherFast BEFSR11 any version, Linksys
                        EtherFast BEFSR41 3, Linksys EtherFast BEFSR81 2,
                        Linksys EtherFast BEFSR81 3, Linksys EtherFast
                        BEFSRU31 any version, Linksys EtherFast BEFSX41 any
                        version, Linksys EtherFast BEFW11S4 3, Linksys
                        EtherFast BEFW11S4 4
    Vulnerability: linksys-gozila-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16302

    Date Reported: 05/28/2004
    Brief Description: Mollensoft CD command buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Mollensoft Lightweight FTP Server 3.6, Windows Any
                        version
    Vulnerability: mollensoft-cd-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16303

    Date Reported: 06/03/2004
    Brief Description: Linksys DomainName buffer overflow
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linksys EtherFast BEFSR11 any version, Linksys
                        EtherFast BEFSR41 any version, Linksys EtherFast
                        BEFSR81 2, Linksys EtherFast BEFSR81 3, Linksys
                        EtherFast BEFSRU31 any version, Linksys EtherFast
                        BEFSX41 any version, Linksys EtherFast BEFW11S4 3,
                        Linksys EtherFast BEFW11S4 4
    Vulnerability: linksys-domainname-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16305

    Date Reported: 06/03/2004
    Brief Description: Opera favicon address spoofing
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Opera 7.50 and earlier, Windows
                        Any version
    Vulnerability: opera-favicon-spoofing
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16307

    Date Reported: 05/28/2004
    Brief Description: Isoqlog multiple buffer overflows
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Isoqlog 2.2-BETA, Linux Any version, Unix Any
                        version
    Vulnerability: isoqlog-multiple-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16308

    Date Reported: 06/02/2004
    Brief Description: Tripwire fprintf format string
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Linux Any version, Tripwire - Commercial 4.0.1 and
                        earlier, Tripwire - open-source 2.3.1 and prior
    Vulnerability: tripwire-fprintf-format-string
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16309

    Date Reported: 06/03/2004
    Brief Description: Slackware Linux PHP allows elevated privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Slackware Linux 8.1, Slackware Linux 9.0, Slackware
                        Linux 9.1
    Vulnerability: linux-php-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16310

    Date Reported: 06/03/2004
    Brief Description: log2mail syslog format string
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Debian Linux 3.0, log2mail prior to 0.2.5.2
    Vulnerability: log2mail-syslog-format-string
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16311

    Date Reported: 06/03/2004
    Brief Description: NETGEAR WG602 default account
    Risk Factor: High
    Attack Type: Host Based / Network Based
    Platforms: NETGEAR WG602 Any version
    Vulnerability: netgearwg602-default-account
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16312

    Date Reported: 06/02/2004
    Brief Description: UNIX mkdir utility buffer overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Unix Any version, Unix Seventh Edition
    Vulnerability: unix-mkdir-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16313

    Date Reported: 06/03/2004
    Brief Description: Multiple IBM products cookie session hijack
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, IBM Tivoli Access
                        Manager for e-business 3.9, IBM Tivoli Access
                        Manager for e-business 4.1, IBM Tivoli Access
                        Manager for e-business 5.1, IBM Tivoli Access
                        Manager Identity 5.1, IBM Tivoli Config Manager for
                        AutoTeller 2.1.0, IBM Tivoli Configuration Manager
                        4.2, IBM WebSphere Everyplace Server 2.1.3, IBM
                        WebSphere Everyplace Server 2.1.4, IBM WebSphere
                        Everyplace Server 2.1.5, Tivoli SecureWay Policy
                        Director 3.8
    Vulnerability: ibm-cookie-session-hijack
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16315

    Date Reported: 06/03/2004
    Brief Description: InterBase database allows execution of code
    Risk Factor: High
    Attack Type: Network Based
    Platforms: InterBase 7.1, Linux Any version, Unix Any version
    Vulnerability: interbase-database-name-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16316

    Date Reported: 06/03/2004
    Brief Description: Mail Manage EX mmex.php file include
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Mail Manage EX
                        3.1.8 and prior
    Vulnerability: mailmanage-mmex-file-include
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16317

    Date Reported: 06/03/2004
    Brief Description: Orenosv denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Orenosv 0.6.0 and earlier, Windows Any version
    Vulnerability: orenosv-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16318

    Date Reported: 06/03/2004
    Brief Description: SurgeMail invalid HTTP request path disclosure
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, SurgeMail 1.9 and earlier, Unix
                        Any version, Windows 2000 Any version, Windows NT
                        Any version
    Vulnerability: surgemail-invalid-path-disclosure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16319

    Date Reported: 06/03/2004
    Brief Description: SurgeMail username cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, SurgeMail 1.9 and earlier, Unix
                        Any version, Windows 2000 Any version, Windows NT
                        Any version
    Vulnerability: surgemail-username-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16320

    Date Reported: 06/04/2004
    Brief Description: Oracle E-Business SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Oracle E-Business
                        Suite 11.0.x, Oracle E-Business Suite 11.5.1 -
                        11.5.8, Oracle E-Business Suite 11i
    Vulnerability: oracle-ebusiness-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/16324

    _____

    Risk Factor Key:

         High Security issues that allow immediate remote, or local access
                  or immediate execution of code or commands, with unauthorized
                  privileges. Examples are most buffer overflows, backdoors,
                  default or no password, and bypassing security on firewalls
                  or other network components.
         Medium Security issues that have the potential of granting access or
                  allowing code execution by means of complex or lengthy exploit
                  procedures, or low risk issues applied to major Internet
                  components. Examples are cross-site scripting, man-in-the-middle
                  attacks, SQL injection, denial of service of major applications,
                  and denial of service resulting in system information disclosure
                  (such as core files).
         Low Security issues that deny service or provide non-system
                  information that could be used to formulate structured attacks
                  on a target, but not directly gain unauthorized access. Examples
                  are brute force attacks, non-system information disclosure
                  (configurations, paths, etc.), and denial of service attacks.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and
    world leader in software and services that protect critical online resources from
    an ever-changing spectrum of threats and misuse. Internet Security Systems is
    headquartered in Atlanta, GA, with additional operations throughout the Americas,
    Asia, Australia, Europe and the Middle East.

    Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide.

    Permission is hereby granted for the electronic redistribution of this document.
    It is not to be edited or altered in any way without the express written consent
    of the Internet Security Systems X-Force. If you wish to reprint the whole or any
    part of this document in any other medium excluding electronic media, please email
    xforce@iss.net for permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the user's risk. In no
    event shall Internet Security Systems be held liable for any damages whatsoever
    arising out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as
    well as at http://xforce.iss.net/xforce/sensitive.php

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of
    Internet Security Systems, Inc.

    _______________________________________________
    TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to
    https://atla-mm1.iss.net/mailman/listinfo/alert

    To contact the ISS Alert List Administrator, send email to
    mod-alert@iss.net

    The ISS Alert mailing list is hosted and managed by Internet Security
    Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBQMSp7zRfJiV99eG9AQEwWQP/fsoqh2utQ15xXzMDSSL4emyh8RFdiVnQ
    ehEGlJ06bNfh9ZvvHV2453gkk8f7PmIEH8zeYj+1JVMjZR+yupqzmUXEEV8270JL
    a8vqNsFdxms0L0stZRVhr8XEDnl105jFOW2cJNIBj+vNJEMZcCQM1yg3o/wXDI+z
    DZTbv/q9KQg=
    =xFGf
    -----END PGP SIGNATURE-----


  • Next message: X-Force: "ISS Security Alert Summary AS04-24"