Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Security Express Archives: Network Computing Security Express #

Network Computing Security Express #024

Subject: Network Computing Security Express #024
From: Network Computing Express (expresslist.nwc.com)
Date: Thu Dec 16 1999 - 09:52:47 CST

Network Computing Security Express #024
-- Number 024 ------------------------------------------------------------

Welcome to the latest edition of Security Express! Below you should
find only the information pertaining to the categories you requested.
Please bear in mind that you may have little or no information in
particular categories--this means no security problems pertaining to
those categories were found this week. If you have any problems or
questions, please e-mail us at expressnwc.com.

Enjoy Security Express!


Now you can get the scoop on the newest security products with Security
Express! Each week, you'll receive security product announcements
from leaders in computer and information security. If you would not like
to receive this new source of security industry news, simply log in to
your existing Security Express newsletter profile page at:
http://www.0mm.com/express/login.html (that is zero-M-M ) and select the
"Check this box if you would NOT like to receive periodic product
announcements from security vendors" option.


Don't miss these exciting alerts on the latest security products!

If you have any problems or questions, please e-mail us at

If this e-mail was passed to you and you would like to begin receiving our
e-mail newsletter on a weekly basis, we invite you to subscribe today.
Just go to http://www.networkcomputing.com/express/ to become a Security
Express member.


Looking for the latest IT security news, trends and opinions...plus a
chance to discuss vital issues with other security experts like yourself?
Come to Planet IT's Security Technology Center. Planet IT is the
community for IT professionals. Visit the Security Tech Center at:


All the security organizations have been buzzing over two new distributed
denial-of-service tools--trin00 and TFN (tribe flood network). Basically,
the tools implement a server/client method of distribution for launching
various ICMP and SYN flood attacks. There has been much talk about how to
detect these new tools and attacks. In the simplest sense, protection
from them is still the same as protection from the specific type of DoS
they attack with--a SYN flood is a SYN flood, regardless if it's
distributed or not. You should review and evaluate your corporation's
policies and procedures for dealing with the various types of network
denial-of-service attacks; if you do not have any, now would be a good
time to start making them. :)

Until next week,
-Security Express Team



Key Area: Windows
Key Element: Information Publishing

Remote denial of service in Serv-U FTP-Server
A denial-of-service attack has been found in Serv-U FTP-Server version
2.5a. An attacker can cause a service denial by sending malformed SITE

-This problem has been fixed in version 2.5b, now available for download:

Source: NTBugtraq


Key Area: Windows
Key Element: Applications

Security vulnerabilities in help files
It is possible for users to tamper with help files, turning them into
trojans that execute commands upon viewing. Therefore, all .cnt, .hlp and
.chm files should be treated as .exe's; normal users should have read-access only.

Source: Bugtraq


IE frame loop denial-of-service attack It is possible for a malicious Web site to instigate a denial-of-service attack in Internet Explorer that can cause the machine to crash or reboot. The attack comes from a specially crafted page that uses recursive frames.

-Microsoft has been contacted and has indicated that it may not be immediately addressing the problem.

Source: Technotronic http://www.security-express.com/archives/hacker/0089.html


Patch for "Malformed Resource Enumeration Argument" Microsoft has released a patch for the "Malformed Resource Enumeration Argument" vulnerability, otherwise known as "RFPoison." The attack is a denial of service that silently causes services.exe to fail--but the system appears to continue functioning as normal.

-FAQ and patch:

http://www.microsoft.com/security/bulletins/MS99-055faq.asp Source: Microsoft http://www.security-express.com/archives/vendor/0157.html


Patch available for IE "Server-side Page Reference Redirect" vulnerability Microsoft has released a patch for Internet Explorer's "Server-side Page Reference Redirect" vulnerability, which allows a malicious Web site to read known files on the user's system.

-FAQ and patch:

http://www.microsoft.com/security/bulletins/MS99-050faq.asp Source: Microsoft http://www.security-express.com/archives/vendor/0158.html


Buffer overflow in VDO Live Player A buffer overflow is present in VDO Live Player version 3.02 that could allow malicious Web sites to execute arbitrary code on a user's system.

-No patches have been made available.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0311.html


Key Area: NetWare Key Element: Applications

Buffer overflow in Enterprise Web Server for NetWare A buffer overflow has been found in the Enterprise Web Server for NetWare 4.x and 5.x. A remote attacker can send a long (310+ characters) user name, which causes the admin server to crash. It is unknown at this time if the execution of arbitrary code and/or privilege elevation is possible.

-No patches have been released. It is recommended that you turn off the admin service when not in use, as well as block access to that port on any possible firewalls.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0262.html


Key Area: Solaris Key Element: Applications

Update to snoop vulnerabilities Sun has released patches for a vulnerability in snoop that allows remote arbitrary execution of code as root when snoop is running. This vulnerability has been found by ISS. However, these patches do *not* include the snoop vulnerability reported last week, found by W00w00 Security Development. The current snoop patches are for Solaris 7, 2.6, 2.5.1, 2.5, 2.4 and 2.3.

-Apply the appropriate patch: OS Version Patch ID SunOS 5.7 108482-01 SunOS 5.7_x86 108483-01 SunOS 5.6 108492-01 SunOS 5.6_x86 108493-01 SunOS 5.5.1 104960-02 SunOS 5.5.1_x86 104961-02 SunOS 5.5 108501-01 SunOS 5.5_x86 108502-01 SunOS 5.4 108490-01 SunOS 5.4_x86 108491-01 SunOS 5.3 108489-01

Source: Sun http://www.security-express.com/archives/vendor/0159.html


Remote root buffer overflow in sadmind A remote buffer overflow has been found in the Solstice Admin Suite sadmind RPC daemon that allows remote execution of arbitrary code as root. Exploits have been made available to the public.

-Sun has not released any patches. In the meantime, many third-party fixes were recommended: Enable nonexecutable stack feature http://www.security-express.com/archives/bugtraq/0292.html Secure portmapper with more secure rpcbind http://www.security-express.com/archives/bugtraq/0299.html Use xinetd to wrap RPC services http://www.security-express.com/archives/bugtraq/0308.html

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0291.html


Plaintext passwords available in Sun's WBEM Upon installation, Sun's Web-Based Enterprise Manager version 1.0 saves a plaintext copy of the admin password in /var/sadm/pkg/SUNWwbcor/pkginfo, which is world-readable by default.

-Sun indicates that the problem is fixed in current versions of WEBM, although no documentation or notification has appeared indicating so.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0276.html


Key Area: Linux and BSD

Key Element: Messaging

Debian releases new sendmail packages Debian has announced the availability of new sendmail packages that fix a previously reported vulnerability where a local user can cause sendmail to stop responding to requests by corrupting the aliases file.

-Download the new packages for your platform:

http://security.debian.org/dists/stable/updates/binary-alpha/sendmail_8.9.3-3slink1_alpha.deb http://security.debian.org/dists/stable/updates/binary-alpha/sendmail-wide_8.9.3+3.2W-3slink1_alpha.deb http://security.debian.org/dists/stable/updates/binary-i386/sendmail_8.9.3-3slink1.0.1_i386.deb http://security.debian.org/dists/stable/updates/binary-i386/sendmail-wide_8.9.3+3.2W-3slink1_i386.deb http://security.debian.org/dists/stable/updates/binary-m68k/sendmail_8.9.3-3slink1_m68k.deb http://security.debian.org/dists/stable/updates/binary-m68k/sendmail-wide_8.9.3+3.2W-3slink1_m68k.deb http://security.debian.org/dists/stable/updates/binary-sparc/sendmail_8.9.3-3slink1_sparc.deb http://security.debian.org/dists/stable/updates/binary-sparc/sendmail-wide_8.9.3+3.2W-3slink1_sparc.deb

Source: Debian http://www.security-express.com/archives/vendor/0152.html http://www.security-express.com/archives/vendor/0153.html http://www.security-express.com/archives/vendor/0154.html


Key Area: Linux and BSD Key Element: Applications

Denial of service in Linux 2.0.x kernels A denial of service has been found in the networking portion of the Linux 2.0.x kernels, where a large packet with IP options may cause kernel panics.

-A patch for 2.0.38 is available at:

http://www.security-express.com/archives/bugtraq/0323.html Source: Bugtraq http://www.security-express.com/archives/bugtraq/0288.html


Key Area: Other Key Element: Information Publishing

htdig allows remote execution of arbitrary commands Debian Linux has released an updated htdig package that corrects a vulnerability where htdig passes user-supplied parameters on the command line of another application. Other installations of htdig (besides Debian) may be vulnerable.

-Debian has made new packages available:

http://security.debian.org/dists/stable/updates/binary-alpha/htdig_3.1.2-4slink6_alpha.deb http://security.debian.org/dists/stable/updates/binary-i386/htdig_3.1.2-4slink6_i386.deb http://security.debian.org/dists/stable/updates/binary-m68k/htdig_3.1.2-4slink6_m68k.deb http://security.debian.org/dists/stable/updates/binary-sparc/htdig_3.1.2-4slink6_sparc.deb

Source: Debian http://www.security-express.com/archives/vendor/0156.html

---- HP-UX update for wu-ftpd HP has released HPSBUX9912-106, which fixes security vulnerabilities found in wu-ftp reported two months ago.

-The patch is available as PHNE_18377

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0304.html


Key Area: Other Key Element: Applications

SCO releases uidadmin patch and retracts SSE039 SCO has released SSE046, which fixes security holes in uidadmin that were previously reported. Also, SSE039 has been found to contain errors; if you have applied SSE039, you should uninstall it and reapply the new version.

-Patches are available at:

http://www.sco.com/security/ Source: SCO http://www.sco.com/security/


Flaws in SCO's privileged process system Many flaws have been found in SCO's privileged process system. The system allows normal programs to gain privileges equivalent to suid applications--except they do not inherit the security precautions of suid applications. It is possible for any local user to elevate privileges to root.

-No patches have been made available by SCO. We recommend you remove all unnecessary entries in /etc/security/tcb/privs and limit local access to the system until SCO provides a patch.

Source: Technotronic http://www.security-express.com/archives/hacker/0097.html


Lax TCP sequencing in IRIX A report has surfaced that may indicate a security vulnerability in IRIX version 6.3. The vulnerability lies in improper TCP sequencing, which allows for network connections to be hijacked. The vulnerability has yet to be confirmed.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0312.html


HP-UX patch for VirtualVault HP has released a patch that fixes a vulnerability where programs running on the VirtualVault may be proxied by the Trusted Gateway Proxy (TGP) without having proper access. The vulnerability was introduced by patch PHSS_17692, which fixes a previous VirtualVault vulnerability.

-Apply the appropriate patch: VirtualVault A.03.50 (International): PHSS_20476 VirtualVault A.03.50 (US/Canada): PHSS_20476

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0316.html


Xshipwars remote buffer overflow Xshipwars (xsw) version 1.24 contains a remote buffer overflow that allows an attacker to execute arbitrary code.

-Update to version 1.26:

http://fox.mit.edu/xsw/ Source: Technotronic http://www.security-express.com/archives/hacker/0087.html

BorderWare Office Gateway, BorderWare Document Gateway, BorderWare Mail Gateway BorderWare Technologies BorderWare's security products turn an ordinary PC into an Internet Appliance. Available now; for more details see www.borderware.com

VTCP/Secure 4.2 for Red Hat 6.1 InfoExpress Customers running Red Hat Linux 6.1 can now use the InfoExpress VPN to provide secure access to corporate information for employees, consultants, business partners and customers. Available now; for details see www.infoexpress.com

Sybergen Platform Sybergen Technologies The Sybergen Platform is the foundation technology that integrates Sybergens Management Server, Secure Desktop Access Server and Sybergen SyGate. For details see www.sybergen.com

Sybergen Access Server Sybergen Networks Sybergen Access Server now features an integrated VPN router that supports individual client computers communicating with a wide variety of external VPN servers via individual VPN paths. For details see www.sybergen.com

NetScreen-Remote 2.0 VPN Client NetScreen Technologies NetScreen-Remote 2.0 VPN client software which secures remote access to networks, devices or other host computer systems. Available now; for details see www.netscreen.com

--------------------------------------------------------- If this e-mail was passed to you and you would like to begin receiving our e-mail newsletter on a weekly basis, we invite you to subscribe today. Just go to http://www.networkcomputing.com/express/ to become a Security Express member.

We'd like to know what you think about the newsletter and what information you'd like to see in future editions. E-mail your comments to mailto:expressnwc.com.

If you'd like to change your account information or unsubscribe from this newsletter please go to http://www.0mm.com/express/login.html.

Copyright 1999 CMP Media Inc. A service of Network Computing. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Network Computing, is prohibited.

Distributed by MessageMedia, Inc. -- http://www.messagemedia.com/

This archive was generated by hypermail 2b27 : Thu Dec 16 1999 - 09:53:33 CST