ISSalert: ISS Security Alert Summary: v4 n3

X-Force (xforceiss.net)
Sat, 3 Jul 1999 11:22:08 -0400 (EDT)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: X-Force: "ISSalert: ISS Security Advisory: Bad Permissions on Passwords Stored by WebTrends Software"
• Previous message: Mark Curphey: "Scanner 5.8"

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomoiss.net Contact alert-owneriss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Alert Summary
July 1, 1999
Volume 4 Number 3

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce To
receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to majordomoiss.net, and within the body of the message
type: 'subscribe alert'.

_____

Contents

8 Reported Vulnerabilities
 - webtrends-bad-perms
 - hp-visualize-conference-ftp
 - accelx-bo
 - linux-vmware-buffer-overflows
 - iis-double-byte-code-page
 - eastman-cleartext-passwords
 - msrpc-lsa-lookupnames-dos
 - nt-csrss-dos

Risk Factor Key

_____

Date Reported: 1999-06-29
Vulnerability: webtrends-bad-perms
Platforms Affected: WebTrends
Risk Factor: High
Attack Type: Network Based

X-Force has discovered a security hole in many WebTrends products that
allows access to service account and MAPI usernames and passwords.
WebTrends specializes in providing enterprise management solutions
software. The vulnerability only applies to systems using the MAPI and NT
service features in the following or earlier versions of the applications
currently identified as vulnerable by ISS X-Force: WebTrends for Firewalls
v1.2, WebTrends Security Analyzer v2.0, WebTrends Professional Suite
v3.01, WebTrends Log Analyzer v4.51, and WebTrends Enterprise Suite v3.5.
All applications run on the Windows NT platform.

Reference:
ISS Security Advisory: "Bad Permissions on Passwords Stored by WebTrends
Software" at: http://xforce.iss.net/alerts/advise29.php3

_____

Date Reported: 1999-06-29
Vulnerability: hp-visualize-conference-ftp
Platforms Affected: HPUX (10.20)
Risk Factor: High
Attack Type: Network Based

HP Visualize Conference FTP allows users of conferences to push a file
to all participants. It contains a bug that could allow a remote user to
crash the machine, or gain unauthorized access.

Reference:
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #00099: "Security Vulnerability
HP Visualize Conference" at: http://us-support.external.hp.com/

_____

Date Reported: 1999-06-25
Vulnerability: accelx-bo
Platforms Affected: Accelerated-X Server (4.x, 5.x)
Risk Factor: High
Attack Type: Host Based

AcceleratedX is a commercial X11 server produced by Xi Graphics, Inc. In
its default configuration, the server is installed with root privileges so
it can acquire system resources available only to the superuser. A buffer
overflow in the 5.x and 4.x versions of AccelX's handling of the display
command line option could allow a local attacker to compromise root
privileges.

Reference:
KSR[T] Advisory #011: "accelx-bo-011" at: http://www.ksrt.org/adv11.html

_____

Date Reported: 1999-06-25
Vulnerability: linux-vmware-buffer-overflows
Platforms Affected: VMware for Linux
Risk Factor: High
Attack Type: Host Based

VMware is a software that creates a virtual machine that allows the user
to install multiple operating systems without partitioning the hard drive
for such. It contains multiple buffer overflows that would allow a local
user to obtain root level access.

Reference:
Team Asylum Security Advisory: "VMware" at:
http://www.cyberspace2000.com/security/advisories/files/06-21-99-vmware.txt

_____

Date Reported: 1999-06-24
Vulnerability: iis-double-byte-code-page
Platforms Affected: IIS (3.0, 4.0)
Risk Factor: Medium
Attack Type: Network Based

Microsoft's Internet Information Server (IIS) when run on a machine that
uses a double-byte character set code page (i.e. Korean, Chinese, or
Japanese as the default language) could allow a remote attacker to issue
server requests, which could return the source code to certain files,
bypassing all server side processing.

Reference:
Microsoft Security Bulletin (MS99-022): "Patch Available for 'Double Byte
Code Page' Vulnerability" at:
http://www.microsoft.com/security/bulletins/ms99-022.asp

_____

Date Reported: 1999-06-24
Vulnerability: eastman-cleartext-passwords
Platforms Affected: Eastman Software's Work Management 3.21 for NT
Risk Factor: High
Attack Type: Host Based

Eastman Software's Work Management 3.21 for Windows NT stores passwords in
the COMMON and LOCATOR registry keys. This would allow any local user to
gain access to the program.

Reference:
NTBUGTRAQ Mailing List: "Eastman Software Work Management 3.21" at:
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9906&L=ntbugtraq&F=P&S=&P=9113

_____

Date Reported: 1999-06-23
Vulnerability: msrpc-lsa-lookupnames-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network/Host Based

A potentially serious denial of service attack on the Windows NT Local
Security Authority (LSA) service has been identified. This hole could
allow a remote attacker to crash this service by making a malformed
request to LsaLookupNames. In most cases, the system will have to be
rebooted to regain normal functionality.

Reference:
Microsoft Security Bulletin MS99-020: "Patch Available for 'Malformed LSA
Request' Vulnerability" at:
http://support.microsoft.com/support/kb/articles/q231/4/57.asp

_____

Date Reported: 1999-06-23
Vulnerability: nt-csrss-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network/Host Based

The Microsoft Windows NT CSRSS.EXE service can be used to launch a denial
of service attack against hosts accepting interactive logins. When all
worker threads within the CSRSS service are awaiting user input, no new
connections can be made, effectively hanging the system.

Reference:
Microsoft Security Bulletin MS99-021: "Patch Available for 'CSRSS Worker
Thread Exhaustion' Vulnerability" at:
http://www.microsoft.com/security/bulletins/ms99-021.asp

_____

Risk Factor Key:

        High Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall. Example: A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server.
        Medium Any vulnerability that provides information that has a
                high potential of giving system access to an intruder.
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password.
        Low Any vulnerability that provides information that
                potentially could lead to a compromise. Example: A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.

ISS is the pioneer and leading provider of adaptive network security
software delivering enterprise-wide information protection solutions. ISS'
award-winning SAFEsuite family of products enables information risk
management within intranet, extranet and electronic commerce environments.
By combining proactive vulnerability detection with real-time intrusion
detection and response, ISS' adaptive security approach creates a flexible
cycle of continuous security improvement, including security policy
implementation and enforcement. ISS SAFEsuite solutions strengthen the
security of existing systems and have dramatically improved the security
posture for organizations worldwide, making ISS a trusted security advisor
for firms in the Global 2000, 21 of the 25 largest U.S. commercial banks
and over 35 governmental agencies. For more information, call ISS at
678-443-6000 or 800-776-2362 or visit the ISS Web site at www.iss.net.

________

Copyright (c) 1999 by Internet Security Systems, Inc. Permission is hereby
granted for the redistribution of this Alert Summary electronically. It is
not to be edited in any way without express consent of the X-Force. If
you wish to reprint the whole or any part of this Alert Summary in any other
medium excluding electronic medium, please e-mail xforceiss.net for
permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X-Force <xforceiss.net> of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBN32PsTRfJiV99eG9AQGmTwQAuZA8hz9VumTkDKI+HQI7U5PGaWJudG0H
ROfY4ScB/ZTU+GhVwgQwxMx5jxH3jaVhtzU0j4udS2/qRRMj3xSsJ5Mq6Mjtql1D
Q+T+FOi9RQdM2WcCR5wuBdPQHsitTr+LRbJFnlMTRl2FQ7ggN/m44f+7xw1G7iET
Fz8VYuCcAtA=
=FUxC
-----END PGP SIGNATURE-----

• Next message: X-Force: "ISSalert: ISS Security Advisory: Bad Permissions on Passwords Stored by WebTrends Software"
• Previous message: Mark Curphey: "Scanner 5.8"

This archive was generated by hypermail 2.0b3 on Fri Jul 02 1999 - 20:56:52 CDT