|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: X-Force (xforce_at_iss.net)
Date: Mon Jul 22 2002 - 13:12:50 CDT
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo
iss.net Contact alert-owneriss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary AS02-29
July 22, 2002
X-Force Vulnerability and Threat Database:
http://www.iss.net/security_center
To receive these Alert Summaries, as well as other Alerts and
Advisories, subscribe to the Internet Security Systems Alert
mailing list at:
http://www.iss.net/security_center/maillists
This summary is available at the following address:
http://www.iss.net/security_center/alerts/AS02-29.php
_____
Contents:
* 56 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 07/10/2002
Brief Description: Sun Solaris pkgadd command could install files with
insecure permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms: Solaris 2.5.1, Solaris 2.6, Solaris 7, Solaris 8
Vulnerability: solaris-pkgadd-insecure-permissions
X-Force URL: http://www.iss.net/security_center/static/9544.php
Date Reported: 07/10/2002
Brief Description: Sun Solaris Volume Manager (vold) buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Solaris 2.5.1, Solaris 2.6, Solaris 7, Solaris 8
Vulnerability: solaris-vold-bo
X-Force URL: http://www.iss.net/security_center/static/9545.php
Date Reported: 07/10/2002
Brief Description: Entercept Agent account password exposure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Entercept Agent pre20020521, Windows 2000, Windows
NT, Windows XP
Vulnerability: entercept-agent-password-exposure
X-Force URL: http://www.iss.net/security_center/static/9546.php
Date Reported: 07/11/2002
Brief Description: Popcorn mail client denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Popcorn 1.20 and earlier, Windows All versions
Vulnerability: popcorn-mail-dos
X-Force URL: http://www.iss.net/security_center/static/9547.php
Date Reported: 07/11/2002
Brief Description: Lil' HTTP Server pbcgi.cgi cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Lil' HTTP Server 2.1, Lil' HTTP Server 2.2, Windows
All versions
Vulnerability: lilhttp-pbcgi-xss
X-Force URL: http://www.iss.net/security_center/static/9548.php
Date Reported: 07/11/2002
Brief Description: Sun i-Runbook Web interface none.php could be used
to view sensitive information
Risk Factor: Medium
Attack Type: Network Based
Platforms: Solaris All versions, Sun i-Runbook 2.5.2
Vulnerability: sun-irunbook-information-disclosure
X-Force URL: http://www.iss.net/security_center/static/9549.php
Date Reported: 07/12/2002
Brief Description: Xeneo Web Server (WebMan) "dot dot" directory
traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows 2000, Windows NT, Windows XP, Xeneo Web
Server 0.9
Vulnerability: xeneo-dotdot-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/9550.php
Date Reported: 07/12/2002
Brief Description: ATPhttpd has multiple remote buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: ATPhttpd 0.4b, FreeBSD 3.2-RELEASE, FreeBSD 4.0,
NetBSD 1.4.1
Vulnerability: atphttpd-multiple-bo
X-Force URL: http://www.iss.net/security_center/static/9551.php
Date Reported: 07/12/2002
Brief Description: CARE 2002 user-supplied include statements could be
used to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms: CARE 2002 1.0.01 and earlier, Linux All versions,
Unix All versions, Windows All versions
Vulnerability: care2002-include-read-files
X-Force URL: http://www.iss.net/security_center/static/9552.php
Date Reported: 07/12/2002
Brief Description: CARE 2002 SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: CARE 2002 1.0.01 and earlier, Linux All versions,
Unix All versions, Windows All versions
Vulnerability: care2002-sql-injection
X-Force URL: http://www.iss.net/security_center/static/9553.php
Date Reported: 07/13/2002
Brief Description: Hosting Controller allows an attacker to modify
passwords
Risk Factor: Medium
Attack Type: Network Based
Platforms: Hosting Controller 1.4, Hosting Controller 2002,
Windows 2000, Windows NT
Vulnerability: hosting-controller-password-modification
X-Force URL: http://www.iss.net/security_center/static/9554.php
Date Reported: 07/15/2002
Brief Description: IBM Tivoli Management Framework TMR Endpoint buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: AIX All versions, HP-UX All versions, IBM Tivoli
Management Framework 3.6.x through 3.7.1, Solaris
All versions, Windows 2000, Windows NT
Vulnerability: tivoli-tmr-endpoint-bo
X-Force URL: http://www.iss.net/security_center/static/9555.php
Date Reported: 07/15/2002
Brief Description: IBM Tivoli Management Framework TMR ManagedNode
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: AIX All versions, HP-UX All versions, IBM Tivoli
Management Framework 3.6.x through 3.7.1, Solaris
All versions, Windows 2000, Windows NT
Vulnerability: tivoli-tmr-managednode-bo
X-Force URL: http://www.iss.net/security_center/static/9556.php
Date Reported: 07/13/2002
Brief Description: BadBlue malformed NULL byte could disclose
file contents
Risk Factor: Medium
Attack Type: Network Based
Platforms: BadBlue Personal Edition 1.7.3, Windows All
versions
Vulnerability: badblue-null-file-disclosure
X-Force URL: http://www.iss.net/security_center/static/9557.php
Date Reported: 07/13/2002
Brief Description: BadBlue ext.ini plaintext passwords
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: BadBlue Personal Edition 1.7.3, Windows All
versions
Vulnerability: badblue-plaintext-passwords
X-Force URL: http://www.iss.net/security_center/static/9558.php
Date Reported: 07/15/2002
Brief Description: Novell NetMail IMAP denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Novell NetMail 3.0.3, Novell NetMail 3.1, Novell
NetMail XE 3.1, Novell NetWare 6, Red Hat Linux
7.3, Solaris All versions, Windows All versions
Vulnerability: netmail-imap-dos
X-Force URL: http://www.iss.net/security_center/static/9559.php
Date Reported: 07/15/2002
Brief Description: Novell NetMail Web interface ModWeb and WebAdmin
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Novell NetMail 3.0.3, Novell NetMail 3.1, Novell
NetMail XE 3.1, Novell NetWare 6, Red Hat Linux
7.3, Solaris All versions, Windows All versions
Vulnerability: netmail-web-interface-bo
X-Force URL: http://www.iss.net/security_center/static/9560.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa has a default null administrator's
password
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-default-password
X-Force URL: http://www.iss.net/security_center/static/9562.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa call forwarding could allow an
attacker to hijack calls
Risk Factor: Medium
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-call-hijacking
X-Force URL: http://www.iss.net/security_center/static/9563.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa Web interface can be used to cause
a denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-web-dos
X-Force URL: http://www.iss.net/security_center/static/9564.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa basic HTTP authentication transmits
Base64 encoded plaintext usernames and passwords
Risk Factor: Medium
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-plaintext-passwords
X-Force URL: http://www.iss.net/security_center/static/9565.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa DNS spoofing could cause a user to
download malicious applications
Risk Factor: Medium
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-dns-spoofing
X-Force URL: http://www.iss.net/security_center/static/9566.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa could allow an attacker to reset
the phone to the factory default settings
Risk Factor: High
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-factory-defaults
X-Force URL: http://www.iss.net/security_center/static/9567.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa could allow an attacker to log out
the current user and re-register the phone
Risk Factor: Medium
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-phone-reregister
X-Force URL: http://www.iss.net/security_center/static/9568.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa administrative sessions fail to
timeout
Risk Factor: High
Attack Type: Host Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-admin-timeout
X-Force URL: http://www.iss.net/security_center/static/9569.php
Date Reported: 07/12/2002
Brief Description: Pingtel xpressa allows unauthorized firmware
upgrades
Risk Factor: Medium
Attack Type: Host Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-firmware-upgrade
X-Force URL: http://www.iss.net/security_center/static/9570.php
Date Reported: 07/14/2002
Brief Description: Pingtel xpressa telnet server could allow
administrative access to the VxWorks operating
system
Risk Factor: Medium
Attack Type: Network Based
Platforms: Pingtel xpressa PX-1 1.2.5 to 1.2.7.4
Vulnerability: pingtel-xpressa-telnet-access
X-Force URL: http://www.iss.net/security_center/static/9572.php
Date Reported: 07/15/2002
Brief Description: Caldera OpenServer UUCP uux buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Caldera OpenServer 5.0.5, Caldera OpenServer 5.0.6
Vulnerability: openserver-uucp-uux-bo
X-Force URL: http://www.iss.net/security_center/static/9575.php
Date Reported: 07/15/2002
Brief Description: Norton Personal Firewall and Norton Internet
Security HTTP proxy buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Norton Internet Security 2001, Norton Personal
Firewall 2001 3.0.4.91, Windows 2000, Windows NT
Vulnerability: norton-fw-http-bo
X-Force URL: http://www.iss.net/security_center/static/9579.php
Date Reported: 07/12/2002
Brief Description: Microsoft IIS SMTP service encapsulated addresses
could allow mail relaying
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Windows 2000,
Windows NT
Vulnerability: iis-smtp-mail-relay
X-Force URL: http://www.iss.net/security_center/static/9580.php
Date Reported: 07/15/2002
Brief Description: 123tkShop user-supplied include statements could be
used to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms: 123tkShop 0.3 and earlier, Linux All versions, Unix
All versions, Windows All versions
Vulnerability: 123tkshop-include-read-files
X-Force URL: http://www.iss.net/security_center/static/9581.php
Date Reported: 07/15/2002
Brief Description: 123tkShop SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: 123tkShop 0.3 and earlier, Linux All versions, Unix
All versions, Windows All versions
Vulnerability: 123tkshop-sql-injection
X-Force URL: http://www.iss.net/security_center/static/9582.php
Date Reported: 07/15/2002
Brief Description: newsx NNTP client syslog() local format string
Risk Factor: High
Attack Type: Host Based
Platforms: FreeBSD 4.6-STABLE, newsx 1.4pl6 and earlier, Unix
All versions
Vulnerability: newsx-syslog-format-string
X-Force URL: http://www.iss.net/security_center/static/9583.php
Date Reported: 07/16/2002
Brief Description: Oddsock Song Requester long CGI parameter could
crash Winamp
Risk Factor: Low
Attack Type: Network Based
Platforms: Oddsock Song Requester 2.1, Windows All versions
Vulnerability: oddsock-song-requester-dos
X-Force URL: http://www.iss.net/security_center/static/9585.php
Date Reported: 07/17/2002
Brief Description: Jigsaw /aux request could disclose path to Web root
directory
Risk Factor: Low
Attack Type: Network Based
Platforms: Jigsaw 2.2.1, Windows 2000
Vulnerability: jigsaw-aux-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/9586.php
Date Reported: 07/17/2002
Brief Description: Jigsaw DOS device request denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Jigsaw 2.2.1, Windows 2000
Vulnerability: jigsaw-dos-device-dos
X-Force URL: http://www.iss.net/security_center/static/9587.php
Date Reported: 07/17/2002
Brief Description: Macromedia Sitespring 500error.jsp cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Macromedia Sitespring 1.2, Windows 2000
Vulnerability: sitespring-500error-xss
X-Force URL: http://www.iss.net/security_center/static/9588.php
Date Reported: 07/17/2002
Brief Description: Resin DOS device request could disclose path to Web
root directory
Risk Factor: Low
Attack Type: Network Based
Platforms: Resin 2.1.1, Resin 2.1.2, Windows 2000
Vulnerability: resin-dos-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/9590.php
Date Reported: 07/15/2002
Brief Description: ICQ .scm file modify sound settings
Risk Factor: Low
Attack Type: Network Based
Platforms: ICQ 2000a Build 3722, ICQ 2000a Build 3727, Windows
All versions
Vulnerability: icq-scm-sound-modify
X-Force URL: http://www.iss.net/security_center/static/9606.php
Date Reported: 07/16/2002
Brief Description: HP Tru64 UNIX /usr/bin/ipcs buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Tru64 UNIX 4.0f, Tru64 UNIX 4.0g, Tru64 UNIX 5.0a,
Tru64 UNIX 5.1, Tru64 UNIX 5.1a
Vulnerability: tru64-ipcs-bo
X-Force URL: http://www.iss.net/security_center/static/9613.php
Date Reported: 07/16/2002
Brief Description: HP Tru64 UNIX inetd remote denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Tru64 UNIX 4.0f, Tru64 UNIX 4.0g, Tru64 UNIX 5.0a,
Tru64 UNIX 5.1, Tru64 UNIX 5.1a
Vulnerability: tru64-inetd-remote-dos
X-Force URL: http://www.iss.net/security_center/static/9614.php
Date Reported: 07/15/2002
Brief Description: IMHO Webmail module for Roxen WebServer could allow
mail session hijacking
Risk Factor: Medium
Attack Type: Network Based
Platforms: IMHO 0.98.3 and earlier, Roxen Webserver 2.2, Unix
All versions, Windows All versions
Vulnerability: imho-roxen-session-hijacking
X-Force URL: http://www.iss.net/security_center/static/9615.php
Date Reported: 07/16/2002
Brief Description: AOL Instant Messenger HTTP-EQUIV="refresh" could be
used to perform functions
Risk Factor: Low
Attack Type: Network Based
Platforms: AOL Instant Messenger 4.5, AOL Instant Messenger
4.7, MacOS X All versions, Windows 2000, Windows
95, Windows 98, Windows ME, Windows XP
Vulnerability: aim-http-refresh-functions
X-Force URL: http://www.iss.net/security_center/static/9616.php
Date Reported: 07/12/2002
Brief Description: Internet Explorer JavaScript page transitions
denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Microsoft Internet Explorer 6.0, Windows All
versions
Vulnerability: ie-page-transition-dos
X-Force URL: http://www.iss.net/security_center/static/9617.php
Date Reported: 07/18/2002
Brief Description: MERCUR Mailserver Control-Service login buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: MERCUR Mailserver 4.2, Windows All versions
Vulnerability: mercur-control-service-bo
X-Force URL: http://www.iss.net/security_center/static/9618.php
Date Reported: 07/18/2002
Brief Description: WWWOFFLE negative "Content-Length" value buffer
overflow
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux All versions, Unix All versions, WWWOFFLE
2.7b and earlier
Vulnerability: wwwoffle-neg-length-bo
X-Force URL: http://www.iss.net/security_center/static/9619.php
Date Reported: 07/18/2002
Brief Description: HP-UX ISEE could allow unauthorized file access
Risk Factor: Medium
Attack Type: Host Based
Platforms: HP-UX 11.00, HP-UX 11.11
Vulnerability: hp-isee-unauth-access
X-Force URL: http://www.iss.net/security_center/static/9620.php
Date Reported: 07/17/2002
Brief Description: Python SmartCookie class Pickle module could allow
arbitrary code execution
Risk Factor: High
Attack Type: Host Based
Platforms: Amiga UNIX All versions, Macintosh All versions,
OS/2 All versions, Python 1.5.2, Unix All versions,
Windows All versions
Vulnerability: python-smartcookie-pickle-code
X-Force URL: http://www.iss.net/security_center/static/9622.php
Date Reported: 07/11/2002
Brief Description: Apache HTTP Server ap_log_rerror() path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Apache HTTP Server 2.0 to 2.0.35, Linux All
versions, Windows All versions
Vulnerability: apache-aplogrerror-path-disclosure
X-Force URL: http://www.iss.net/security_center/static/9623.php
Date Reported: 07/17/2002
Brief Description: Fastlink TheServer stores passwords in plain text
Risk Factor: Medium
Attack Type: Network Based
Platforms: TheServer 1.75, Windows All versions
Vulnerability: fastlink-theserver-plaintext-passwords
X-Force URL: http://www.iss.net/security_center/static/9624.php
Date Reported: 07/17/2002
Brief Description: Python Pickle class constructor could allow
arbitrary code execution
Risk Factor: High
Attack Type: Host Based
Platforms: Amiga UNIX All versions, Macintosh All versions,
OS/2 All versions, Python 1.5.2 through 2.1.3, Unix
All versions, Windows All versions
Vulnerability: python-classconstructor-pickle-code
X-Force URL: http://www.iss.net/security_center/static/9626.php
Date Reported: 07/17/2002
Brief Description: PhpWiki cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux All versions, PhpWiki 1.3.3 and earlier, Unix
All versions, Windows All versions
Vulnerability: phpwiki-xss
X-Force URL: http://www.iss.net/security_center/static/9627.php
Date Reported: 07/17/2002
Brief Description: Oracle Reports Server could disclose sensitive
information
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux All versions, Oracle Reports6i 6.0.8.x,
Oracle9i Application Server Reports 9.0.2.x, Unix
All versions, Windows All versions
Vulnerability: oracle-reports-information-disclosure
X-Force URL: http://www.iss.net/security_center/static/9628.php
Date Reported: 07/17/2002
Brief Description: ICQ .scm skin file could allow remote code
execution
Risk Factor: High
Attack Type: Network Based
Platforms: ICQ 2000a Build 3722, ICQ 2000a Build 3727, Windows
All versions
Vulnerability: icq-scm-code-execution
X-Force URL: http://www.iss.net/security_center/static/9629.php
Date Reported: 07/17/2002
Brief Description: Winamp wsz skin file could allow remote code
execution
Risk Factor: High
Attack Type: Network Based
Platforms: Winamp 2.80 and earlier, Windows All versions
Vulnerability: winamp-wsz-code-execution
X-Force URL: http://www.iss.net/security_center/static/9630.php
Date Reported: 07/17/2002
Brief Description: Java Web Start .jnlp file could allow remote code
execution
Risk Factor: High
Attack Type: Network Based
Platforms: Java Web Start 1.0, Java Web Start 1.0.1, Java Web
Start 1.0.1 _02, Java Web Start 1.0.1_01, Unix All
versions, Windows All versions
Vulnerability: webstart-jnlp-code-execution
X-Force URL: http://www.iss.net/security_center/static/9631.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail server.
Medium Any vulnerability that provides information that has a high
potential of giving system access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that could contain an
account with a guessable password.
Low Any vulnerability that provides information that could
potentially lead to a compromise. Example: A finger that
allows an intruder to find out who is online and potential
accounts to attempt to crack passwords via brute force
methods.
______
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforceiss.net for
permission.
Disclaimer: The information within this paper may change without notice. Internet
Security Systems provides this information on an AS IS basis with NO warranties,
implied or otherwise. Any use of this information is at the user’s risk. In no event
shall Internet Security Systems be held liable for any damages whatsoever arising
out of or in connection with the use or dissemination of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPTxKNDRfJiV99eG9AQH/lAP/a5nLBMDLaKvw/GX1BakBYg98nRhOEzu3
3FQy1H7wogRo4mGW2uoIV5/3kj6DDDIaHTjCFURqVFnYNut61mSqnMhIdJibFfYU
qsp+Aj0DQOwG55PS2xV65FqOhWB+Wor3pYPmtbTzkHDaGEHcjCcFf9/Cy3ALMUZ+
asxOLDTX2vc=
=kwZ6
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]