OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Security Alert Consensus #047
From: Network Computing and The SANS Institute (sanssans.org)
Date: Thu Jun 01 2000 - 13:44:25 CDT



Re: Your personalized newsletter

                        -- Security Alert Consensus --
                                 Number 047 (00.23)
                              Thursday, June 1, 2000
                                Created for you by
                     Network Computing and the SANS Institute

------------------------------------------------------------------------

Welcome to the latest edition of Security Alert Consensus! Below you
should find only the information pertaining to the categories you
requested. If you have any problems or questions, please e-mail us at
<consensusnwc.com>.

------------------------------------------------------------------------
                
This issue sponsored by Tivoli Systems Inc.

Each week this Tivoli sponsored newsletter will detail how you can
effectively decrease risk, reduce complexity, and lower the cost of
secure computing. Tivoli SecureWay provides a comprehensive security
management and access control solution. Learn how at:
http://www.tivoli.com/security/ncs23.html

------------------------------------------------------------------------
                
SANS has released a "Top 10 Threats" list that details out the 10 most
critical vulnerabilities, and their fixes, found on the Internet today.
It is available at http://www.sans.org/.

Finally, we received a few notes last week stating that the {00.22.014}
"Gauntlet CyberPatrol remote buffer overflow" vulnerability was not
listed in the issue. This vulnerability was placed in the
"Cross-Platform" category--if you do not subscribe to this category,
you would not have received the alert. You can change your category
preferences by following the instructions contained at the bottom of
this (and all prior) issues.

Until next week,
- Security Alert Consensus Team

------------------------------------------------------------------------
                
------------------------------------------------------------------------

TABLE OF CONTENTS:

--> {00.23.001} Update to {00.22.009}: NetProwler remote DoS
--> {00.23.007} Carello shopping cart exposes files
--> {00.23.008} Rockliffe MailSite Management Agent buffer overflow
--> {00.23.009} MDaemon mail server DoS
--> {00.23.010} PDGSoft Shopping Cart buffer overflows
--> {00.23.013} MS00-035: SQL Server 7 leaves passwords in installation
                log files
--> {00.23.014} MS00-036: vulnerabilities in Computer Browser NetBIOS
                service
--> {00.23.020} Update to {99.19.012}: Eserv web interface allows an
                attacker to read any file
--> {00.23.023} NetOps unrestricted file access
--> {00.23.029} Multiple vulnerabilities in NAI WebShield SMTP
                Management Tool
--> {00.23.012} Update to {00.22.021}: fdmount local buffer overflow
--> {00.23.015} Update to {00.22.017}: gdm XDMCP buffer overflow
--> {00.23.016} Update to {00.14.006}: gpm-root doesn't drop root
                privileges
--> {00.23.017} Update to {00.21.023}: kscd SHELL local compromise
--> {00.23.026} kdesud DISPLAY buffer overflow
--> {00.23.027} cdrecord dev parameter local buffer overflow
--> {00.23.019} semconfig local denial of service
--> {00.23.021} NetBSD local "cpu-hog" DoS
--> {00.23.022} ftpchroot is ignored in NetBSD 1.4.2
--> {00.23.025} Update to {00.22.001}: MIT Kerberos remote buffer
                overflow
--> {00.23.011} RaQ FrontPage permission problem
--> {00.23.028} Update to {00.20.012}: Cayman DSL router DoS
--> {00.23.006} Nonprivileged local users can gain write access to files
--> {00.23.002} PGP5i noninteractive key-generation flaw
--> {00.23.003} Multiple HP JetAdmin vulnerabilities
--> {00.23.004} QPop euidl buffer overflow
--> {00.23.005} MDBMS remote buffer overflow
--> {00.23.018} xlockmore allows retrieving password hashes and viewing
                memory
--> {00.23.024} IPFilter race condition lets remote attacker bypass
                rules
--> {00.23.030} Omnis development environment uses weak encryption

--- Windows News -------------------------------------------------------

--> {00.23.001} Update to {00.22.009}: NetProwler remote DoS

Axent has released fix information for {00.22.009} ("NetProwler remote
DoS"). For version 3.0, disabling the "Man in the Middle" signature for
all monitored hosts will bypass the problem. Version 3.5, which will be
available later this month (June), will include a fix for the
vulnerability.

Source: Axent (Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2000-05/0268.html

--> {00.23.007} Carello shopping cart exposes files

The Carello shopping cart software from PSPInc contains a vulnerability
that lets a remote attacker gain access to files by creating a
predictably named copy of a file. It is possible for an attacker to use
this to view the source of Web scripts, such as .ASPs.

PSPInc has said a new version will be released that corrects these
problems.

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html

--> {00.23.008} Rockliffe MailSite Management Agent buffer overflow

A remotely exploitable buffer overflow has been found in Rockliffe's
MailSite Management Agent version 4.2.1.0. An attacker can submit a
particular URL to the included Web server listening on Port 90 and cause
it to execute arbitrary code under local system privileges.

Version 4.2.2 corrects this problem, and is available from:
http://www.rockliffe.com

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html

--> {00.23.009} MDaemon mail server DoS

Alt-N's MDaemon mail server version 3.0.3 contains a buffer overflow in
the user command. A remote attacker can submit a large user name,
causing the service to crash and be unusable until the system is
rebooted. It is unclear if execution of arbitrary code is possible.

Alt-N has released updated patches:

Windows NT:
ftp://ftp.altn.com/MDaemon/Release/md3040patchNT.exe

Windows 9x:
ftp://ftp.altn.com/MDaemon/Release/md3040patch9X.exe

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html

--> {00.23.010} PDGSoft Shopping Cart buffer overflows

The PDGSoft shopping cart version comes with two remotely accessible
CGI applications: redirect.exe and changepw.exe. Both these applications
contain buffer overflows that allow for the remote execution of
arbitrary code.

An update is available at:
http://www.pdgsoft.com/Security/security2.html

Source: Win2KSecAdvice
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0123.html

--> {00.23.013} MS00-035: SQL Server 7 leaves passwords in installation
                log files

Microsoft has released MS00-035 ("Patch Available for SQL Server 7.0
Service Pack Password Vulnerability"). When installing SQL Server
service packs on a SQL Server using mixed authentication mode, the sa
password may be written to a log file named sqlsp.log.

Patch is available at:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21546

Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2000-q2/0032.html

--> {00.23.014} MS00-036: vulnerabilities in Computer Browser NetBIOS
                service

Microsoft has released MS00-036: "Patch Available for ResetBrowser Frame
and HostAnnouncement Flooding Vulnerabilities"). These vulnerabilites
affect *all* Windows platforms. The patch discusses fixes for two
Computer Browser NetBIOS related vulnerabilities:

- The Computer Browser service supports a "reset browser" request, which
results in the system relinquish master browser control. It is possible
for an attacker to spoof these requests, causing a denial of service.

- An attacker can specifically flood a master browser with new system
registration ("host announcement") requests to the point where the table
contains the maximum entries allowed for a browse table. This results
in added congestion during replication/request for master browse tables,
leading to a denial of service.

FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/fq00-036.asp

Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2000-q2/0030.html

--> {00.23.020} Update to {99.19.012}: Eserv web interface allows an
                attacker to read any file

According to the vendor, in regards to {99.19.012} ("Eserv Web interface
lets an attacker read any file"):

"The E-Serv directory transversal vulnerability was fixed some time ago,
around version 2.8 or so. The E-Serv DoS attack as exploited by
eservx.java does not affect the latest version - it has only been tested
on E-Serv 2.71 Shareware."

The latest version of E-Serv is available at:
http://www.eserv.ru/

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0346.html

--> {00.23.023} NetOps unrestricted file access

Danware's NetOp version 6.0 includes a file-transfer mechanism.
Unfortunately, this mechanism requires no authentication--this means a
remote attacker has full read/write access to the system's file system.

No patches have been made available.

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html

--> {00.23.029} Multiple vulnerabilities in NAI WebShield SMTP
                Management Tool

Two vulnerabilities have been found in NAI's WebShield SMTP Management
Tool version 4.5.44. First, the service does not properly restrict
access to the management service on Port 9999. Second, there is a buffer
overflow in this service that lets a remote attacker execute arbitrary
code with local_system privileges.

The vendor has been contacted; no patches have been made available.

Source: Win2KSecAdvice
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0122.html
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0124.html

--- Linux News ---------------------------------------------------------

--> {00.23.012} Update to {00.22.021}: fdmount local buffer overflow

Slackware has released an updated floppy.tgz package that corrects a
locally exploitable buffer overflow in the fdmount binary. Mandrake
Software also has provided a patch to use against fdmount source.

Slackware:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/floppy.tgz
                
Mandrake Software source patch:
http://archives.neohapsis.com/archives/bugtraq/2000-05/0269.html

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0323.html

--> {00.23.015} Update to {00.22.017}: gdm XDMCP buffer overflow

SuSE has released update packages that correct {00.22.017} (gdm XDMCP
buffer overflow).

Download updated packages:

AXP:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/gnm2/gdm-2.0beta4-74.alpha.rpm
                ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/gdm-2.0beta4-74.src.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/gnm2/gdm-2.0beta4-74.alpha.rpm
                
i386:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/gnm2/gdm-2.0beta4-72.i386.rpm
                ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/gdm-2.0beta4-72.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/gnm2/gdm-2.0beta4-72.i386.rpm
                ftp://ftp.suse.com/pub/suse/i386/update/6.4/gnm2/gdm-2.0beta4-72.i386.rpm
                
Source: SuSE
http://archives.neohapsis.com/archives/vendor/2000-q2/0029.html

--> {00.23.016} Update to {00.14.006}: gpm-root doesn't drop root
                privileges

TurboLinux has released updated packages that correct {00.14.006}
("gpm-root doesn't drop root privileges"). The vulnerability allows for
a local root compromise.

Download updated packages:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/gpm-1.19.2-5.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/gpm-devel-1.19.2-5.i386.rpm
                
Source: TurboLinux (Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2000-05/0342.html

--> {00.23.017} Update to {00.21.023}: kscd SHELL local compromise

SuSE has released updated packages for {00.21.023} ("kscd SHELL local
compromise"). It lets users using kscd execute applications with gid
"disk."

Download updated packages:

AXP:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/kde1/kmulti-1.1.2-141.alpha.rpm
                ftp://ftp.suse.com/pub/suse/axp/update/6.3/kde1/kmulti-1.1.2-141.alpha.rpm
                ftp://ftp.suse.com/pub/suse/axp/update/6.4/kde1/kmulti-1.1.2-141.alpha.rpm
                
i386:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/kde1/kmulti-1.1.2-141.i386.rpm
                ftp://ftp.suse.com/pub/suse/i386/update/6.2/kde1/kmulti-1.1.2-141.i386.rpm
                ftp://ftp.suse.com/pub/suse/i386/update/6.3/kde1/kmulti-1.1.2-141.i386.rpm
                ftp://ftp.suse.com/pub/suse/i386/update/6.4/kde1/kmulti-1.1.2-140.i386.rpm
                
PPC:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kde1/kmulti-1.1.2-141.ppc.rpm

Source: SuSE
http://archives.neohapsis.com/archives/vendor/2000-q2/0031.html

--> {00.23.026} kdesud DISPLAY buffer overflow

A buffer overflow has been found in kdesud that lets a local attacker
gain gid 0. An exploit has been published.

A third-party patch is available at:
http://archives.neohapsis.com/archives/bugtraq/2000-05/0354.html

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html

--> {00.23.027} cdrecord dev parameter local buffer overflow

A buffer overflow has been found in cdrecord and its handling of the
"dev" parameter. The vulnerability lets a local attacker gain gid
"cdwriter." (80).

No patches have been made available.

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html

--- BSD News -----------------------------------------------------------

--> {00.23.019} semconfig local denial of service

An undocumented kernel semaphore control call, semconfig(2), can be used
to cause all processes waiting on semaphores to block, resulting in a
denial of service of all applications using semaphores.

NetBSD 1.4, 1.4.1, and 1.4.2:
A patch is available at:
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-sysvsem

NetBSD-current:
NetBSD-current since 20000527 contains all the fixes, and is not
vulnerable. Users of NetBSD-current should upgrade to a source tree
dated 20000527 or later.

FreeBSD:
Upgrade to FreeBSD 2.1.7.1-STABLE, 2.2.8-STABLE, 3.4-STABLE, 4.0-STABLE
or 5.0-CURRENT after the correction date (2000-05-01).

OpenBSD 2.6:
A patch is available at:
http://www.openbsd.org/errata26.html#semconfig

Source: FreeBSD, NetBSD, OpenBSD
http://archives.neohapsis.com/archives/bugtraq/2000-05/0348.html
http://archives.neohapsis.com/archives/bugtraq/2000-05/0359.html
http://archives.neohapsis.com/archives/freebsd/2000-05/0294.html

--> {00.23.021} NetBSD local "cpu-hog" DoS

NetBSD has released an advisory containing fixes for a local denial of
service. It is possible for a user to abuse system/kernel function calls
for extended periods of time; because kernel calls are not preempted,
this results in the user retaining much of the CPU's time, thus creating
a denial of service for the rest of the system.

NetBSD 1.4, 1.4.1, and 1.4.2:
A patch is available in
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-yield

For NetBSD-current:
NetBSD-current since 20000420 contains all the fixes, and is not
vulnerable. Users of NetBSD-current should upgrade to a source tree
dated 20000420 or later.

Source: NetBSD
http://archives.neohapsis.com/archives/bugtraq/2000-05/0363.html

--> {00.23.022} ftpchroot is ignored in NetBSD 1.4.2

NetBSD version 1.4.2 had a patch applied that allowed for better parsing
of /etc/ftpusers, but this caused the parsine of /etc/ftpchroot to fail.
This failure resulted in users not being chrooted, even if configured
to do so.

This problem affects only NetBSD-1.4.2 and versions of NetBSD-current
between 19990930 and 19991212; it does not affect NetBSD-1.4.1 or
earlier, or versions of NetBSD-current after 19991212 or before
19990930.

Instructions for patching 1.4.2 are available at:
http://archives.neohapsis.com/archives/bugtraq/2000-05/0357.html

Source: NetBSD (Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2000-05/0357.html

--> {00.23.025} Update to {00.22.001}: MIT Kerberos remote buffer
                overflow

FreeBSD has released updated packages addressing {00.22.001} ("MIT
Kerberos remote buffer overflow").

You can update your ports collection via the usual means to gain access
to the corrected krb5 port.

Source: FreeBSD
http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html

--- Network Appliances News --------------------------------------------

--> {00.23.011} RaQ FrontPage permission problem

Cobalt RaQs version 2 and 3i contain a bug in their FrontPage support
making it possible for one user to overwrite, change or modify another
user's files (the files are owned by 'httpd' when they are uploaded via
FrontPage).

Cobalt has released patches:

RaQ 3i:
ftp://ftp.cobaltnet.com/pub/experimental/secuirty/frontpage/fpx_patch1.tar.gz
                
RaQ 2:
ftp://ftp.cobaltnet.com/pub/experimental/secuirty/frontpage/fpx_patch1.tar.gz
                
Source: Cobalt (Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html

--> {00.23.028} Update to {00.20.012}: Cayman DSL router DoS

Cayman has released an updated image concerning the vulnerability
discussed in {00.20.012} ("Cayman DSL router DoS"). However, it looks
like another type of denial of service may still be possible. This has
not yet been confirmed.

The updated image (version 5.5.0 build r1) is available at:
ftp://www.cayman.com/pub/gatorsurf/3220/c8a550R1.COS

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html

--- AIX News -----------------------------------------------------------

--> {00.23.006} Nonprivileged local users can gain write access to files

IBM has released an advisory that indicates it is possible for
nonprivileged local users to gain write access to arbitrary files,
regardless of permissions. AIX version 3.1.x, 4.1.x, 4.2.x and 4.3.x
are affected.

IBM has released the following patches, available at:
http://techsupport.services.ibm.com/rs6k/fixes.html

AIX 3.2.x: APAR IY10111
AIX 4.1.x: APAR IY10031
AIX 4.2.x: APAR IY10001
AIX 4.3.x: APAR IY09941

Source: IBM (Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html

--- Cross-Platform News ------------------------------------------------

--> {00.23.002} PGP5i noninteractive key-generation flaw

A flaw has been found in the key-generation routine of PGP version 5i.
If you used the pgpk utility to noninteractively generate a key pair,
it is possible that PGP generated a predictable key. A noninteractive
generation session attempts to gather random bytes from /dev/random.
In contrast, an interactive session gains randomness by the variations
in user-entered keystrokes. A flaw in reading /dev/random results in
"random" bytes of the same value.

It is suggested that if you used pgpk to noninteractively generate your
key, you revoke it and generate a new key.

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html

--> {00.23.003} Multiple HP JetAdmin vulnerabilities

HP Web JetAdmin contains multiple vulnerabilities. Version 5.6 lets a
remote attacker view any file on the system using '..' notation in
conjunction with the administration Web server on Port 8000. Version
6.0 fixes this vulnerability, but introduces a denial of service
situation, where a remote attacker can cause the JetAdmin service to
become unavailable. No patches have been released for the DoS. Note that
only the NT versions have been tested and found vulnerable--it is
uncertain if other platforms are vulnerable as well.

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0277.html
http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html

--> {00.23.004} QPop euidl buffer overflow

Qualcomm Qpopper version 2.53 contains a remotely exploitable buffer
overflow in the euidl command, which lets an attacker execute arbitrary
code under the group ID of "mail." An exploit has been published.

Download version 3.1 from:
http://www.eudora.com/freeware/qpop.html#CURRENT

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html

--> {00.23.005} MDBMS remote buffer overflow

A buffer overflow has been found in MDBMS database server version
0.96b6. It is possible for a remote attacker to execute arbitrary code
as root. An exploit has been published.

A third-party patch is available at:
http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html

--> {00.23.018} xlockmore allows retrieving password hashes and viewing
                memory

A vulnerability in xlockmore prior to version 4.16 lets a local attacker
overwrite pointers to data in memory, causing xlockmore to display
memory normally not viewable to the user. Further, xlockmore reads in
the password hashes from shadow, so it is possible to retrieve password
hashes. Vulnerable platforms include FreeBSD, NetBSD, OpenBSD, Debian
GNU/Linux, TurboLinux, SCO OpenServer and UnixWare.

Many vendors have released updates.

FreeBSD has committed a new version of xlockmore into its ports
collection.

NetBSD has more upgrade information available at:
ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/x11/xlockmore/README.html
                
OpenBSD has a patch available at:
http://www.openbsd.org/errata26.html#xlockmore

Debian has released updated packages:
Alpha-
http://security.debian.org/dists/stable/updates/binary-alpha/xlockmoregl_4.12-4.1_alpha.deb
                http://security.debian.org/dists/stable/updates/binary-alpha/xlockmore4.12-4.1_alpha.deb
                
Intel ia32-
http://security.debian.org/dists/stable/updates/binary-i386/xlockmore-l_4.12-4.1_i386.deb
                http://security.debian.org/dists/stable/updates/binary-i386/xlockmore_.12-4.1_i386.deb
                
Motorola 680x0-
http://security.debian.org/dists/stable/updates/binary-m68k/xlockmore-l_4.12-4.1_m68k.deb
                http://security.debian.org/dists/stable/updates/binary-m68k/xlockmore_.12-4.1_m68k.deb
                
Sparc-
http://security.debian.org/dists/stable/updates/binary-sparc/xlockmoregl_4.12-4.1_sparc.deb
                http://security.debian.org/dists/stable/updates/binary-sparc/xlockmore4.12-4.1_sparc.deb
                
TurboLinux has released updated packages:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/xlockmore-4.16.1-1.i86.rpm
                
SCO Skunkware has a new version of xlockmore available at:
http://www.sco.com/skunkware

A general source patch is also available:
ftp://ftp.tux.org/pub/tux/bagleyd/xlockmore/index.html

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0368.html

--> {00.23.024} IPFilter race condition lets remote attacker bypass
                rules

IPFilter versions up to and including 3.3.15 and 3.4.3 contain a
vulnerability that would let an attacker bypass the rule set if the
system is using a common configuration.

As described by the vulnerability founder:

"If IPFilter rulesets are constructed such that "return-rst" and "keep
state" overlap, e.g.:

  block return-rst in proto tcp from A to V
  pass out proto tcp from V' to A' keep state

where A, A', V and V' are hostmasks that can include "any", and the
attacker matches against A and A' and the victim matches against V and
V', the attacker may exploit a race condition in the state table
generation code that results from fr_addstate()'s fault of creating a
new state entry for the outgoing RST packet generated by the
"return-rst" rule. If a new SYN packet comes in before the state entry
created by the RST expires, the state entry will allow the SYN packet
to pass through the firewall, and the explicit permissiveness of a "pass
out all keep state" or similar rules then allows the SYN-ACK and all
successive ACK's to create new state entries. The attacker merely needs
to ignore the RST's that are being sent to him and continue to attack
the victim."

A third-party patch is available at:
http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html

--> {00.23.030} Omnis development environment uses weak encryption

The encryption used by the Omnis Studio development environment version
2.4 has been found to be trivial encoding and easily crackable.

No patches have been made available.

Source: Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html

------------------------------------------------------------------------

This issue sponsored by Tivoli Systems Inc.

Each week this Tivoli sponsored newsletter will detail how you can
effectively decrease risk, reduce complexity, and lower the cost of
secure computing. Tivoli SecureWay provides a comprehensive security
management and access control solution. Learn how at:
http://www.tivoli.com/security/ncs23.html

------------------------------------------------------------------------
                
Please join us in Washington, DC, July 5-10 to enhance your security
skills and prove you have mastered the material. SANS certifications
are the industry's most difficult to obtain, but the training is
extraordinary and those who make the grade are immediately recognized
as knowledgeable and skilled. The respect that comes along with that
recognition can help you get the support to improve security in your
organization.

Or if you can't come to Washington, try the online version.

Complete program details: http://www.sans.org/dc2000.htm

Certification information: http://www.sans.org/giactc.htm

------------------------------------------------------------------------
                
If this e-mail was passed to you and you would like to begin receiving
our security e-mail newsletter on a weekly basis, we invite you to
subscribe today at http://www.networkcomputing.com/consensus/. Become
a Security Alert Consensus member!

Special Note:
To better secure your confidential information, we will no longer
include "personal URLs" in our Consensus newsletter mailings . Instead,
we have created a new form, located at http://www.sans.org/sansurl.
There, you can enter the SD number that is located near your name at
the top of the newsletter. When you submit this form, an e-mail will be
sent to you at the e-mail address on record, containing a personal URL.
With this URL, you can then make changes to your account (edit the
content of your Consensus mailing, for example) without endangering the
security of your personal URL. If you'd like to change your e-mail
address or other information, or to unsubscribe from this newsletter,
please visit your personalized URL as described above. If you have any
problems or questions, please e-mail us at <consensusnwc.com>.

Missed an issue? You can find all back issues of Security Alert
Consensus (and Security Express) online at
http://archives.neohapsis.com/.

Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.

Copyright (c) 2000 CMP Media Inc. A service of Network Computing. All
Rights Reserved.

Distributed by Network Computing (http://www.networkcomputing.com) and
The SANS Institute (http://www.sans.org).