VARIoT IoT vulnerabilities database
| VAR-200106-0139 | CVE-2001-0483 | Raptor Firewall HTTP Request Proxying Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. Raptor Firewall is a product distributed and maintained by Axent Technologies, Inc. Raptor is an Enterprise-level firewall, providing a mixture of features and performance.
A problem in the software package could allow intruders access to private web resources. By using the nearest interface of the firewall as a proxy, it is possible to access a system connected to the other interface of the firewall within TCP ports 79-99, and 200-65535. The firewall will only permit connections to the other side on ports in this range, excluding port 80, and using HTTP. This affects firewall rules that permit HTTP traffic.
Therefore, it is possible for a malicious user to access internal web assets, and potentially gain access to sensitive information. Axent Raptor firewall version 6.5 has a misconfiguration
| VAR-200105-0093 | CVE-2001-0288 | Cisco Switch and router vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Over the past several years, a variety of attacks against TCP initial sequence number (ISN) generation have been discussed.
A vulnerability exists in some TCP/IP stack implementations that use random increments for initial sequence numbers. Such implementations are vulnerable to statistical attack, which could allow an attacker to predict, within a reasonable range, sequence numbers of future and existing connections.
By predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections
| VAR-200106-0189 | CVE-2001-0455 | Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability.
A problem with the SNMP Daemon included in the SUNWsspop package results in a buffer overflow, and potentially the execution of arbitrary code. Upon parsing the argv[0] variable from the command line, this information is stored in a static buffer. The static buffer is vulnerable to being overflowed at 700 bytes of data. This vulnerability is only present on systems acting as the System Service Processor for an E10000, or on any system with the SUNWsspop package installed. A remote attacker could exploit this vulnerability to modify the configuration. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary
April 5, 2001
Volume 6 Number 5
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-5.php
_____
Contents:
* 80 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 03/01/2001
Brief Description: Palm OS Debug Mode allows attacker to bypass password
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Palm OS 3.5.2, Palm OS 3.3
Vulnerability: palm-debug-bypass-password
X-Force URL: http://xforce.iss.net/static/6196.php
Date Reported: 03/01/2001
Brief Description: Microsoft Exchange malformed URL request could cause a
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Microsoft Exchange 2000
Vulnerability: exchange-malformed-url-dos
X-Force URL: http://xforce.iss.net/static/6172.php
Date Reported: 03/02/2001
Brief Description: Mailx buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: OpenLinux 2.4, OpenLinux 2.3, Linux Debian 2.2
Vulnerability: mailx-bo
X-Force URL: http://xforce.iss.net/static/6181.php
Date Reported: 03/02/2001
Brief Description: SunFTP allows attackers to gain unauthorized file access
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SunFTP 1.0 Build 9
Vulnerability: sunftp-gain-access
X-Force URL: http://xforce.iss.net/static/6195.php
Date Reported: 03/02/2001
Brief Description: WinZip /zipandemail option buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions, Winzip 8.0, Windows NT All
versions
Vulnerability: winzip-zipandemail-bo
X-Force URL: http://xforce.iss.net/static/6191.php
Date Reported: 03/04/2001
Brief Description: Broker FTP Server allows remote attacker to delete files
outside the FTP root
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-delete-files
X-Force URL: http://xforce.iss.net/static/6190.php
Date Reported: 03/04/2001
Brief Description: Broker FTP allows remote user to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-list-directories
X-Force URL: http://xforce.iss.net/static/6189.php
Date Reported: 03/04/2001
Brief Description: INDEXU allows attackers to gain unauthorized system access
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: INDEXU 2.0beta and earlier
Vulnerability: indexu-gain-access
X-Force URL: http://xforce.iss.net/static/6202.php
Date Reported: 03/04/2001
Brief Description: Fastream FTP++ Client allows user to download files outside
of Web root directory
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Fastream FTP++ Server 2.0
Vulnerability: fastream-ftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6187.php
Date Reported: 03/04/2001
Brief Description: SlimServe HTTPd directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SlimServe HTTPd 1.1 and earlier
Vulnerability: slimserve-httpd-directory-traversal
X-Force URL: http://xforce.iss.net/static/6186.php
Date Reported: 03/04/2001
Brief Description: WFTPD Pro buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: WFTPD Pro 3.00
Vulnerability: wftpd-pro-bo
X-Force URL: http://xforce.iss.net/static/6184.php
Date Reported: 03/05/2001
Brief Description: IRCd tkserv buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: IRCd All versions, tkserv 1.3.0 and earlier
Vulnerability: irc-tkserv-bo
X-Force URL: http://xforce.iss.net/static/6193.php
Date Reported: 03/06/2001
Brief Description: War FTPD could allow attackers to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WarFTPD 1.67b4
Vulnerability: warftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6197.php
Date Reported: 03/06/2001
Brief Description: Internet Explorer could allow execution of commands when
used with Telnet
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Internet Explorer 5.5, Services for Unix 2.0, Windows NT All
versions, Windows 2000 All versions, Internet Explorer 5.01
Vulnerability: ie-telnet-execute-commands
X-Force URL: http://xforce.iss.net/static/6230.php
Date Reported: 03/07/2001
Brief Description: Cisco Aironet Web access allows remote attacker to
view/modify configuration
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Aironet 340 Series Wireless Bridge Firmware 8.07, Aironet
340 Series Wireless Bridge Firmware 8.24, Aironet 340 Series
Wireless Bridge Firmware 7.x
Vulnerability: cisco-aironet-web-access
X-Force URL: http://xforce.iss.net/static/6200.php
Date Reported: 03/07/2001
Brief Description: Netscape Directory Server buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Netscape Directory Server 4.1, Netscape Directory Server
4.12, Windows NT All versions
Vulnerability: netscape-directory-server-bo
X-Force URL: http://xforce.iss.net/static/6233.php
Date Reported: 03/07/2001
Brief Description: Proftpd contains configuration error in postinst script when
running as root
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-postinst-root
X-Force URL: http://xforce.iss.net/static/6208.php
Date Reported: 03/07/2001
Brief Description: proftpd /var symlink
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-var-symlink
X-Force URL: http://xforce.iss.net/static/6209.php
Date Reported: 03/07/2001
Brief Description: man2html remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: man2html prior to 1.5.23
Vulnerability: man2html-remote-dos
X-Force URL: http://xforce.iss.net/static/6211.php
Date Reported: 03/07/2001
Brief Description: Linux ePerl buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
ePerl prior to 2.2.14, Linux Debian 2.2, Linux Mandrake 7.1
Vulnerability: linux-eperl-bo
X-Force URL: http://xforce.iss.net/static/6198.php
Date Reported: 03/08/2001
Brief Description: Novell NetWare could allow attackers to gain unauthorized
access
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Novell NetWare 4.01, Novell NetWare 5.1, Novell NetWare 3.1,
Novell NetWare 4.11, Novell NetWare 5.0
Vulnerability: novell-netware-unauthorized-access
X-Force URL: http://xforce.iss.net/static/6215.php
Date Reported: 03/08/2001
Brief Description: Linux sgml-tools symlink attack
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, sgml-tools prior to
1.0.9-15, Linux Mandrake 7.2, Linux Immunix OS 6.2, Linux
Immunix OS 7.0 Beta, Linux Mandrake 6.0, Linux Mandrake 6.1,
Linux Red Hat 7.0, Linux Red Hat 6.2, Linux Debian 2.2,
Linux Mandrake 7.1, Linux Red Hat 5.2
Vulnerability: sgmltools-symlink
X-Force URL: http://xforce.iss.net/static/6201.php
Date Reported: 03/08/2001
Brief Description: HP-UX asecure denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: HP-UX 10.10, HP-UX 10.20, HP-UX 11, HP-UX 10.01
Vulnerability: hp-asecure-dos
X-Force URL: http://xforce.iss.net/static/6212.php
Date Reported: 03/08/2001
Brief Description: ascdc Afterstep buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: ascdc 0.3
Vulnerability: ascdc-afterstep-bo
X-Force URL: http://xforce.iss.net/static/6204.php
Date Reported: 03/08/2001
Brief Description: Microsoft IIS WebDAV denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: IIS 5.0
Vulnerability: iis-webdav-dos
X-Force URL: http://xforce.iss.net/static/6205.php
Date Reported: 03/08/2001
Brief Description: WEBsweeper HTTP request denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: WEBsweeper 4.0, Windows NT All versions
Vulnerability: websweeper-http-dos
X-Force URL: http://xforce.iss.net/static/6214.php
Date Reported: 03/09/2001
Brief Description: FOLDOC allows remote attackers to execute commands
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FOLDEC All versions
Vulnerability: foldoc-cgi-execute-commands
X-Force URL: http://xforce.iss.net/static/6217.php
Date Reported: 03/09/2001
Brief Description: slrn newsreader wrapping/unwrapping buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Immunix OS 7.0 Beta, Linux Debian 2.2, Linux Red Hat
7.0, Linux Immunix OS 6.2, Linux Red Hat 6.0, Linux Red Hat
6.1, Linux Red Hat 6.2
Vulnerability: slrn-wrapping-bo
X-Force URL: http://xforce.iss.net/static/6213.php
Date Reported: 03/09/2001
Brief Description: Linux mutt package contains format string when using IMAP
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0,
Linux Mandrake 7.0, Linux Mandrake 7.1, Linux Conectiva,
Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2,
Linux Red Hat 5.2
Vulnerability: mutt-imap-format-string
X-Force URL: http://xforce.iss.net/static/6235.php
Date Reported: 03/10/2001
Brief Description: FormMail could be used to flood servers with anonymous email
Risk Factor: High
Attack Type: Network Based
Platforms Affected: FormMail 1.0 to 1.6, Linux All versions
Vulnerability: formmail-anonymous-flooding
X-Force URL: http://xforce.iss.net/static/6242.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server config file buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-config-file-bo
X-Force URL: http://xforce.iss.net/static/6221.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server exec command buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-exec-bo
X-Force URL: http://xforce.iss.net/static/6219.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server map command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-bo
X-Force URL: http://xforce.iss.net/static/6218.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server 'map' command format string
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-format-string
X-Force URL: http://xforce.iss.net/static/6220.php
Date Reported: 03/11/2001
Brief Description: Ikonboard allows remote attackers to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Ikonboard 2.1.7b and earlier
Vulnerability: ikonboard-cgi-read-files
X-Force URL: http://xforce.iss.net/static/6216.php
Date Reported: 03/12/2001
Brief Description: timed daemon remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Linux SuSE 7.1, Linux Mandrake 7.2, Linux SuSE 7.0, Linux-
Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux
Mandrake 6.1, FreeBSD 4.x, Linux Mandrake 7.0, Linux SuSE
6.1, Linux Mandrake 7.1, FreeBSD 3.x, Linux SuSE 6.3, Linux
SuSE 6.4, Linux SuSE 6.2
Vulnerability: timed-remote-dos
X-Force URL: http://xforce.iss.net/static/6228.php
Date Reported: 03/12/2001
Brief Description: imap, ipop2d and ipop3d buffer overflows
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: OpenLinux eServer 2.3.1, OpenLinux eBuilder for ECential
3.0, OpenLinux eDesktop 2.4, OpenLinux 2.3, Linux SuSE 6.1,
Linux Conectiva
Vulnerability: imap-ipop2d-ipop3d-bo
X-Force URL: http://xforce.iss.net/static/6269.php
Date Reported: 03/12/2001
Brief Description: rwhod remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FreeBSD 3.x, FreeBSD 4.x, Unix All versions
Vulnerability: rwhod-remote-dos
X-Force URL: http://xforce.iss.net/static/6229.php
Date Reported: 03/13/2001
Brief Description: SunOS snmpd argv[0] buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: SunOS 5.8
Vulnerability: snmpd-argv-bo
X-Force URL: http://xforce.iss.net/static/6239.php
Date Reported: 03/13/2001
Brief Description: Mesa utah-glx symbolic link
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Mesa prior to 3.3-14, Linux Mandrake 7.2
Vulnerability: mesa-utahglx-symlink
X-Force URL: http://xforce.iss.net/static/6231.php
Date Reported: 03/14/2001
Brief Description: Linux FTPfs buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux 2.2.x, FTPfs 0.1.1
Vulnerability: ftpfs-bo
X-Force URL: http://xforce.iss.net/static/6234.php
Date Reported: 03/15/2001
Brief Description: Solaris snmpXdmid malformed DMI request buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Solaris 7, Solaris 8, Solaris 2.6
Vulnerability: solaris-snmpxdmid-bo
X-Force URL: http://xforce.iss.net/static/6245.php
Date Reported: 03/15/2001
Brief Description: vBulletin PHP Web forum allows attackers to gain elevated
privileges
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: vBulletin 1.1.5 and earlier, vBulletin 2.0beta2 and earlier,
Windows All versions, Unix All versions
Vulnerability: vbulletin-php-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6237.php
Date Reported: 03/15/2001
Brief Description: MDaemon WorldClient Web services denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions, Mdaemon
3.5.6
Vulnerability: mdaemon-webservices-dos
X-Force URL: http://xforce.iss.net/static/6240.php
Date Reported: 03/16/2001
Brief Description: SSH ssheloop.c denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SSH for Windows Server 2.4, SSH for Windows Server 2.5,
Windows All versions
Vulnerability: ssh-ssheloop-dos
X-Force URL: http://xforce.iss.net/static/6241.php
Date Reported: 03/18/2001
Brief Description: Eudora HTML emails could allow remote execution of code
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows All versions, Eudora 5.0.2
Vulnerability: eudora-html-execute-code
X-Force URL: http://xforce.iss.net/static/6262.php
Date Reported: 03/19/2001
Brief Description: ASPSeek s.cgi buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux All versions, ASPSeek 1.0.3 and earlier
Vulnerability: aspseek-scgi-bo
X-Force URL: http://xforce.iss.net/static/6248.php
Date Reported: 03/20/2001
Brief Description: HSLCTF HTTP denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: AIX All versions, Unix All versions, HSLCTF 1.0
Vulnerability: hslctf-http-dos
X-Force URL: http://xforce.iss.net/static/6250.php
Date Reported: 03/20/2001
Brief Description: LICQ received URL execute commands
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, LICQ All, Linux
Mandrake 7.1, Linux Red Hat 7.0, Linux Mandrake 7.2
Vulnerability: licq-url-execute-commands
X-Force URL: http://xforce.iss.net/static/6261.php
Date Reported: 03/20/2001
Brief Description: SurfControl SuperScout allows user to bypass filtering rules
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SurfControl SuperScout 3.0.2 and prior, Windows NT 4.0,
Windows 2000 All versions
Vulnerability: superscout-bypass-filtering
X-Force URL: http://xforce.iss.net/static/6300.php
Date Reported: 03/20/2001
Brief Description: DGUX lpsched buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: DG/UX All versions
Vulnerability: dgux-lpsched-bo
X-Force URL: http://xforce.iss.net/static/6258.php
Date Reported: 03/20/2001
Brief Description: REDIPlus stock trading software stores passwords in
plaintext
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: REDIPlus 1.0, Windows All versions
Vulnerability: rediplus-weak-security
X-Force URL: http://xforce.iss.net/static/6276.php
Date Reported: 03/20/2001
Brief Description: FCheck open() function allows the execution of commands
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO All versions, FCheck prior to 2.07.59, SunOS All
versions, Windows All versions, Unix All versions, HP-UX All
versions, Linux All versions, Solaris All versions, AIX All
versions, BSD All versions
Vulnerability: fcheck-open-execute-commands
X-Force URL: http://xforce.iss.net/static/6256.php
Date Reported: 03/20/2001
Brief Description: NTMail long URL denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, NTMail 6, Windows NT 4.0
Vulnerability: ntmail-long-url-dos
X-Force URL: http://xforce.iss.net/static/6249.php
Date Reported: 03/21/2001
Brief Description: VIM text editor allows attackers to gain elevated privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: VIM All versions, Linux Red Hat 5.2, Linux Red Hat 6.2,
Linux Red Hat 7.0
Vulnerability: vim-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6259.php
Date Reported: 03/22/2001
Brief Description: FreeBSD UFS/EXT2FS could allow disclosure of deleted data
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: UFS All versions, EXT2FS All versions, FreeBSD All versions
Vulnerability: ufs-ext2fs-data-disclosure
X-Force URL: http://xforce.iss.net/static/6268.php
Date Reported: 03/22/2001
Brief Description: Microsoft invalid digital certificates could be used for
spoofing
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows ME All versions, Windows 95 All versions, Windows 98
All versions, Windows 2000 All versions, Windows NT All
versions
Vulnerability: microsoft-invalid-digital-certificates
X-Force URL: http://xforce.iss.net/static/6265.php
Date Reported: 03/23/2001
Brief Description: Akopia Interchange could allow attacker to gain
administrative access
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Akopia Interchange 4.5.3 and 4.6.3
Vulnerability: akopia-interchange-gain-access
X-Force URL: http://xforce.iss.net/static/6273.php
Date Reported: 03/23/2001
Brief Description: Solaris /opt/JSParm/bin/perfmon allows user to create files
with root privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 2.x
Vulnerability: solaris-perfmon-create-files
X-Force URL: http://xforce.iss.net/static/6267.php
Date Reported: 03/23/2001
Brief Description: Windows user.dmp file insecure permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions
Vulnerability: win-userdmp-insecure-permission
X-Force URL: http://xforce.iss.net/static/6275.php
Date Reported: 03/23/2001
Brief Description: Compaq Web-enabled management software could allow users to
bypass proxy settings
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Compaq Web-Enabled Management All versions
Vulnerability: compaq-wbm-bypass-proxy
X-Force URL: http://xforce.iss.net/static/6264.php
Date Reported: 03/25/2001
Brief Description: MDaemon IMAP SELECT and EXAMINE command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Mdaemon 3.5.6
Vulnerability: mdaemon-imap-command-dos
X-Force URL: http://xforce.iss.net/static/6279.php
Date Reported: 03/25/2001
Brief Description: HP-UX 11.11 newgrp(1) command allows users to gain additional privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: HP-UX 11.11
Vulnerability: hp-newgrp-additional-privileges
X-Force URL: http://xforce.iss.net/static/6282.php
Date Reported: 03/26/2001
Brief Description: 602Pro LAN SUITE webprox.dll denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, 602Pro LAN SUITE 2000a All versions
Vulnerability: lan-suite-webprox-dos
X-Force URL: http://xforce.iss.net/static/6281.php
Date Reported: 03/26/2001
Brief Description: BEA WebLogic Server could allow attackers to browse Web
directories
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WebLogic Server 6.0, Windows All versions
Vulnerability: weblogic-browse-directories
X-Force URL: http://xforce.iss.net/static/6283.php
Date Reported: 03/27/2001
Brief Description: Solaris tip buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 8, Solaris 2.5.1, Solaris 2.6, Solaris 7
Vulnerability: solaris-tip-bo
X-Force URL: http://xforce.iss.net/static/6284.php
Date Reported: 03/27/2001
Brief Description: SonicWALL IKE pre-shared key is 48 bytes instead of 128
bytes
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SonicWALL TELE2 6.0.0, SonicWALL SOHO2 6.0.0
Vulnerability: sonicwall-ike-shared-keys
X-Force URL: http://xforce.iss.net/static/6304.php
Date Reported: 03/27/2001
Brief Description: Anaconda Foundation Clipper directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Anaconda Foundation Clipper 3.3
Vulnerability: anaconda-clipper-directory-traversal
X-Force URL: http://xforce.iss.net/static/6286.php
Date Reported: 03/27/2001
Brief Description: Microsoft Visual Studio VB-TSQL buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Microsoft Visual Studio 6.0
Enterprise Ed., Windows NT All versions
Vulnerability: visual-studio-vbtsql-bo
X-Force URL: http://xforce.iss.net/static/6288.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer deliver buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-deliver-bo
X-Force URL: http://xforce.iss.net/static/6302.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpadmin buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpadmin-bo
X-Force URL: http://xforce.iss.net/static/6291.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpforms buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpforms-bo
X-Force URL: http://xforce.iss.net/static/6293.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpshut buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpshut-bo
X-Force URL: http://xforce.iss.net/static/6290.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpusers buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpusers-bo
X-Force URL: http://xforce.iss.net/static/6292.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer recon buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-recon-bo
X-Force URL: http://xforce.iss.net/static/6289.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer sendmail buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-sendmail-bo
X-Force URL: http://xforce.iss.net/static/6303.php
Date Reported: 03/28/2001
Brief Description: Inframail POST command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Inframail 3.97a and earlier, Linux All
versions
Vulnerability: inframail-post-dos
X-Force URL: http://xforce.iss.net/static/6297.php
Date Reported: 03/28/2001
Brief Description: Cisco VPN 3000 Concentrators Telnet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Cisco VPN 3000 Concentrators prior to 3.0.00
Vulnerability: cisco-vpn-telnet-dos
X-Force URL: http://xforce.iss.net/static/6298.php
Date Reported: 03/28/2001
Brief Description: WebSite Professional remote manager service denial of
service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: O'Reilly WebSite Pro 3.0.37
Vulnerability: website-pro-remote-dos
X-Force URL: http://xforce.iss.net/static/6295.php
Date Reported: 03/28/2001
Brief Description: Windows Me and Plus! 98 could allow the recovery of
Compressed Folder passwords
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows 98 All versions, Windows 98 Second Edition, Windows
ME All versions
Vulnerability: win-compressed-password-recovery
X-Force URL: http://xforce.iss.net/static/6294.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
Internet Security Systems is the leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed security
services, and strategic consulting and education offerings, ISS is a
trusted security provider to more than 8,000 customers worldwide including
21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and the
Middle East. For more information, visit the Internet Security Systems web
site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOszkuDRfJiV99eG9AQFlewP8C6v84pW6UR171S6OThwkg/P7ylXIMY3P
jO+w8ohAvbsa90iLFMlGo6YY0pIKSwlacQErryVFfVcRLQ1gIQhBxoIQlwrNkB6m
XWnhroR/R7rzatML9cnHzpQKUK7Hax3LSxdxZQQwIDISxBZ4aeOTQwD+seuIos8t
8PVD8c9UO3g=
=1xgg
-----END PGP SIGNATURE-----
| VAR-200106-0176 | CVE-2001-0427 | Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability.
A problem with the SNMP Daemon included in the SUNWsspop package results in a buffer overflow, and potentially the execution of arbitrary code. Upon parsing the argv[0] variable from the command line, this information is stored in a static buffer. The static buffer is vulnerable to being overflowed at 700 bytes of data. This vulnerability is only present on systems acting as the System Service Processor for an E10000, or on any system with the SUNWsspop package installed. VPN 3060 Concentrator is prone to a denial-of-service vulnerability. Concentrators prior to Cisco VPN 3000 Series versions 2.5.2(F) have a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary
April 5, 2001
Volume 6 Number 5
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-5.php
_____
Contents:
* 80 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 03/01/2001
Brief Description: Palm OS Debug Mode allows attacker to bypass password
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Palm OS 3.5.2, Palm OS 3.3
Vulnerability: palm-debug-bypass-password
X-Force URL: http://xforce.iss.net/static/6196.php
Date Reported: 03/01/2001
Brief Description: Microsoft Exchange malformed URL request could cause a
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Microsoft Exchange 2000
Vulnerability: exchange-malformed-url-dos
X-Force URL: http://xforce.iss.net/static/6172.php
Date Reported: 03/02/2001
Brief Description: Mailx buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: OpenLinux 2.4, OpenLinux 2.3, Linux Debian 2.2
Vulnerability: mailx-bo
X-Force URL: http://xforce.iss.net/static/6181.php
Date Reported: 03/02/2001
Brief Description: SunFTP allows attackers to gain unauthorized file access
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SunFTP 1.0 Build 9
Vulnerability: sunftp-gain-access
X-Force URL: http://xforce.iss.net/static/6195.php
Date Reported: 03/02/2001
Brief Description: WinZip /zipandemail option buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions, Winzip 8.0, Windows NT All
versions
Vulnerability: winzip-zipandemail-bo
X-Force URL: http://xforce.iss.net/static/6191.php
Date Reported: 03/04/2001
Brief Description: Broker FTP Server allows remote attacker to delete files
outside the FTP root
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-delete-files
X-Force URL: http://xforce.iss.net/static/6190.php
Date Reported: 03/04/2001
Brief Description: Broker FTP allows remote user to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-list-directories
X-Force URL: http://xforce.iss.net/static/6189.php
Date Reported: 03/04/2001
Brief Description: INDEXU allows attackers to gain unauthorized system access
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: INDEXU 2.0beta and earlier
Vulnerability: indexu-gain-access
X-Force URL: http://xforce.iss.net/static/6202.php
Date Reported: 03/04/2001
Brief Description: Fastream FTP++ Client allows user to download files outside
of Web root directory
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Fastream FTP++ Server 2.0
Vulnerability: fastream-ftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6187.php
Date Reported: 03/04/2001
Brief Description: SlimServe HTTPd directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SlimServe HTTPd 1.1 and earlier
Vulnerability: slimserve-httpd-directory-traversal
X-Force URL: http://xforce.iss.net/static/6186.php
Date Reported: 03/04/2001
Brief Description: WFTPD Pro buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: WFTPD Pro 3.00
Vulnerability: wftpd-pro-bo
X-Force URL: http://xforce.iss.net/static/6184.php
Date Reported: 03/05/2001
Brief Description: IRCd tkserv buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: IRCd All versions, tkserv 1.3.0 and earlier
Vulnerability: irc-tkserv-bo
X-Force URL: http://xforce.iss.net/static/6193.php
Date Reported: 03/06/2001
Brief Description: War FTPD could allow attackers to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WarFTPD 1.67b4
Vulnerability: warftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6197.php
Date Reported: 03/06/2001
Brief Description: Internet Explorer could allow execution of commands when
used with Telnet
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Internet Explorer 5.5, Services for Unix 2.0, Windows NT All
versions, Windows 2000 All versions, Internet Explorer 5.01
Vulnerability: ie-telnet-execute-commands
X-Force URL: http://xforce.iss.net/static/6230.php
Date Reported: 03/07/2001
Brief Description: Cisco Aironet Web access allows remote attacker to
view/modify configuration
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Aironet 340 Series Wireless Bridge Firmware 8.07, Aironet
340 Series Wireless Bridge Firmware 8.24, Aironet 340 Series
Wireless Bridge Firmware 7.x
Vulnerability: cisco-aironet-web-access
X-Force URL: http://xforce.iss.net/static/6200.php
Date Reported: 03/07/2001
Brief Description: Netscape Directory Server buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Netscape Directory Server 4.1, Netscape Directory Server
4.12, Windows NT All versions
Vulnerability: netscape-directory-server-bo
X-Force URL: http://xforce.iss.net/static/6233.php
Date Reported: 03/07/2001
Brief Description: Proftpd contains configuration error in postinst script when
running as root
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-postinst-root
X-Force URL: http://xforce.iss.net/static/6208.php
Date Reported: 03/07/2001
Brief Description: proftpd /var symlink
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-var-symlink
X-Force URL: http://xforce.iss.net/static/6209.php
Date Reported: 03/07/2001
Brief Description: man2html remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: man2html prior to 1.5.23
Vulnerability: man2html-remote-dos
X-Force URL: http://xforce.iss.net/static/6211.php
Date Reported: 03/07/2001
Brief Description: Linux ePerl buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
ePerl prior to 2.2.14, Linux Debian 2.2, Linux Mandrake 7.1
Vulnerability: linux-eperl-bo
X-Force URL: http://xforce.iss.net/static/6198.php
Date Reported: 03/08/2001
Brief Description: Novell NetWare could allow attackers to gain unauthorized
access
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Novell NetWare 4.01, Novell NetWare 5.1, Novell NetWare 3.1,
Novell NetWare 4.11, Novell NetWare 5.0
Vulnerability: novell-netware-unauthorized-access
X-Force URL: http://xforce.iss.net/static/6215.php
Date Reported: 03/08/2001
Brief Description: Linux sgml-tools symlink attack
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, sgml-tools prior to
1.0.9-15, Linux Mandrake 7.2, Linux Immunix OS 6.2, Linux
Immunix OS 7.0 Beta, Linux Mandrake 6.0, Linux Mandrake 6.1,
Linux Red Hat 7.0, Linux Red Hat 6.2, Linux Debian 2.2,
Linux Mandrake 7.1, Linux Red Hat 5.2
Vulnerability: sgmltools-symlink
X-Force URL: http://xforce.iss.net/static/6201.php
Date Reported: 03/08/2001
Brief Description: HP-UX asecure denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: HP-UX 10.10, HP-UX 10.20, HP-UX 11, HP-UX 10.01
Vulnerability: hp-asecure-dos
X-Force URL: http://xforce.iss.net/static/6212.php
Date Reported: 03/08/2001
Brief Description: ascdc Afterstep buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: ascdc 0.3
Vulnerability: ascdc-afterstep-bo
X-Force URL: http://xforce.iss.net/static/6204.php
Date Reported: 03/08/2001
Brief Description: Microsoft IIS WebDAV denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: IIS 5.0
Vulnerability: iis-webdav-dos
X-Force URL: http://xforce.iss.net/static/6205.php
Date Reported: 03/08/2001
Brief Description: WEBsweeper HTTP request denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: WEBsweeper 4.0, Windows NT All versions
Vulnerability: websweeper-http-dos
X-Force URL: http://xforce.iss.net/static/6214.php
Date Reported: 03/09/2001
Brief Description: FOLDOC allows remote attackers to execute commands
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FOLDEC All versions
Vulnerability: foldoc-cgi-execute-commands
X-Force URL: http://xforce.iss.net/static/6217.php
Date Reported: 03/09/2001
Brief Description: slrn newsreader wrapping/unwrapping buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Immunix OS 7.0 Beta, Linux Debian 2.2, Linux Red Hat
7.0, Linux Immunix OS 6.2, Linux Red Hat 6.0, Linux Red Hat
6.1, Linux Red Hat 6.2
Vulnerability: slrn-wrapping-bo
X-Force URL: http://xforce.iss.net/static/6213.php
Date Reported: 03/09/2001
Brief Description: Linux mutt package contains format string when using IMAP
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0,
Linux Mandrake 7.0, Linux Mandrake 7.1, Linux Conectiva,
Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2,
Linux Red Hat 5.2
Vulnerability: mutt-imap-format-string
X-Force URL: http://xforce.iss.net/static/6235.php
Date Reported: 03/10/2001
Brief Description: FormMail could be used to flood servers with anonymous email
Risk Factor: High
Attack Type: Network Based
Platforms Affected: FormMail 1.0 to 1.6, Linux All versions
Vulnerability: formmail-anonymous-flooding
X-Force URL: http://xforce.iss.net/static/6242.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server config file buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-config-file-bo
X-Force URL: http://xforce.iss.net/static/6221.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server exec command buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-exec-bo
X-Force URL: http://xforce.iss.net/static/6219.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server map command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-bo
X-Force URL: http://xforce.iss.net/static/6218.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server 'map' command format string
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-format-string
X-Force URL: http://xforce.iss.net/static/6220.php
Date Reported: 03/11/2001
Brief Description: Ikonboard allows remote attackers to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Ikonboard 2.1.7b and earlier
Vulnerability: ikonboard-cgi-read-files
X-Force URL: http://xforce.iss.net/static/6216.php
Date Reported: 03/12/2001
Brief Description: timed daemon remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Linux SuSE 7.1, Linux Mandrake 7.2, Linux SuSE 7.0, Linux-
Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux
Mandrake 6.1, FreeBSD 4.x, Linux Mandrake 7.0, Linux SuSE
6.1, Linux Mandrake 7.1, FreeBSD 3.x, Linux SuSE 6.3, Linux
SuSE 6.4, Linux SuSE 6.2
Vulnerability: timed-remote-dos
X-Force URL: http://xforce.iss.net/static/6228.php
Date Reported: 03/12/2001
Brief Description: imap, ipop2d and ipop3d buffer overflows
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: OpenLinux eServer 2.3.1, OpenLinux eBuilder for ECential
3.0, OpenLinux eDesktop 2.4, OpenLinux 2.3, Linux SuSE 6.1,
Linux Conectiva
Vulnerability: imap-ipop2d-ipop3d-bo
X-Force URL: http://xforce.iss.net/static/6269.php
Date Reported: 03/12/2001
Brief Description: rwhod remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FreeBSD 3.x, FreeBSD 4.x, Unix All versions
Vulnerability: rwhod-remote-dos
X-Force URL: http://xforce.iss.net/static/6229.php
Date Reported: 03/13/2001
Brief Description: SunOS snmpd argv[0] buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: SunOS 5.8
Vulnerability: snmpd-argv-bo
X-Force URL: http://xforce.iss.net/static/6239.php
Date Reported: 03/13/2001
Brief Description: Mesa utah-glx symbolic link
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Mesa prior to 3.3-14, Linux Mandrake 7.2
Vulnerability: mesa-utahglx-symlink
X-Force URL: http://xforce.iss.net/static/6231.php
Date Reported: 03/14/2001
Brief Description: Linux FTPfs buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux 2.2.x, FTPfs 0.1.1
Vulnerability: ftpfs-bo
X-Force URL: http://xforce.iss.net/static/6234.php
Date Reported: 03/15/2001
Brief Description: Solaris snmpXdmid malformed DMI request buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Solaris 7, Solaris 8, Solaris 2.6
Vulnerability: solaris-snmpxdmid-bo
X-Force URL: http://xforce.iss.net/static/6245.php
Date Reported: 03/15/2001
Brief Description: vBulletin PHP Web forum allows attackers to gain elevated
privileges
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: vBulletin 1.1.5 and earlier, vBulletin 2.0beta2 and earlier,
Windows All versions, Unix All versions
Vulnerability: vbulletin-php-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6237.php
Date Reported: 03/15/2001
Brief Description: MDaemon WorldClient Web services denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions, Mdaemon
3.5.6
Vulnerability: mdaemon-webservices-dos
X-Force URL: http://xforce.iss.net/static/6240.php
Date Reported: 03/16/2001
Brief Description: SSH ssheloop.c denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SSH for Windows Server 2.4, SSH for Windows Server 2.5,
Windows All versions
Vulnerability: ssh-ssheloop-dos
X-Force URL: http://xforce.iss.net/static/6241.php
Date Reported: 03/18/2001
Brief Description: Eudora HTML emails could allow remote execution of code
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows All versions, Eudora 5.0.2
Vulnerability: eudora-html-execute-code
X-Force URL: http://xforce.iss.net/static/6262.php
Date Reported: 03/19/2001
Brief Description: ASPSeek s.cgi buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux All versions, ASPSeek 1.0.3 and earlier
Vulnerability: aspseek-scgi-bo
X-Force URL: http://xforce.iss.net/static/6248.php
Date Reported: 03/20/2001
Brief Description: HSLCTF HTTP denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: AIX All versions, Unix All versions, HSLCTF 1.0
Vulnerability: hslctf-http-dos
X-Force URL: http://xforce.iss.net/static/6250.php
Date Reported: 03/20/2001
Brief Description: LICQ received URL execute commands
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, LICQ All, Linux
Mandrake 7.1, Linux Red Hat 7.0, Linux Mandrake 7.2
Vulnerability: licq-url-execute-commands
X-Force URL: http://xforce.iss.net/static/6261.php
Date Reported: 03/20/2001
Brief Description: SurfControl SuperScout allows user to bypass filtering rules
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SurfControl SuperScout 3.0.2 and prior, Windows NT 4.0,
Windows 2000 All versions
Vulnerability: superscout-bypass-filtering
X-Force URL: http://xforce.iss.net/static/6300.php
Date Reported: 03/20/2001
Brief Description: DGUX lpsched buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: DG/UX All versions
Vulnerability: dgux-lpsched-bo
X-Force URL: http://xforce.iss.net/static/6258.php
Date Reported: 03/20/2001
Brief Description: REDIPlus stock trading software stores passwords in
plaintext
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: REDIPlus 1.0, Windows All versions
Vulnerability: rediplus-weak-security
X-Force URL: http://xforce.iss.net/static/6276.php
Date Reported: 03/20/2001
Brief Description: FCheck open() function allows the execution of commands
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO All versions, FCheck prior to 2.07.59, SunOS All
versions, Windows All versions, Unix All versions, HP-UX All
versions, Linux All versions, Solaris All versions, AIX All
versions, BSD All versions
Vulnerability: fcheck-open-execute-commands
X-Force URL: http://xforce.iss.net/static/6256.php
Date Reported: 03/20/2001
Brief Description: NTMail long URL denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, NTMail 6, Windows NT 4.0
Vulnerability: ntmail-long-url-dos
X-Force URL: http://xforce.iss.net/static/6249.php
Date Reported: 03/21/2001
Brief Description: VIM text editor allows attackers to gain elevated privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: VIM All versions, Linux Red Hat 5.2, Linux Red Hat 6.2,
Linux Red Hat 7.0
Vulnerability: vim-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6259.php
Date Reported: 03/22/2001
Brief Description: FreeBSD UFS/EXT2FS could allow disclosure of deleted data
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: UFS All versions, EXT2FS All versions, FreeBSD All versions
Vulnerability: ufs-ext2fs-data-disclosure
X-Force URL: http://xforce.iss.net/static/6268.php
Date Reported: 03/22/2001
Brief Description: Microsoft invalid digital certificates could be used for
spoofing
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows ME All versions, Windows 95 All versions, Windows 98
All versions, Windows 2000 All versions, Windows NT All
versions
Vulnerability: microsoft-invalid-digital-certificates
X-Force URL: http://xforce.iss.net/static/6265.php
Date Reported: 03/23/2001
Brief Description: Akopia Interchange could allow attacker to gain
administrative access
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Akopia Interchange 4.5.3 and 4.6.3
Vulnerability: akopia-interchange-gain-access
X-Force URL: http://xforce.iss.net/static/6273.php
Date Reported: 03/23/2001
Brief Description: Solaris /opt/JSParm/bin/perfmon allows user to create files
with root privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 2.x
Vulnerability: solaris-perfmon-create-files
X-Force URL: http://xforce.iss.net/static/6267.php
Date Reported: 03/23/2001
Brief Description: Windows user.dmp file insecure permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions
Vulnerability: win-userdmp-insecure-permission
X-Force URL: http://xforce.iss.net/static/6275.php
Date Reported: 03/23/2001
Brief Description: Compaq Web-enabled management software could allow users to
bypass proxy settings
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Compaq Web-Enabled Management All versions
Vulnerability: compaq-wbm-bypass-proxy
X-Force URL: http://xforce.iss.net/static/6264.php
Date Reported: 03/25/2001
Brief Description: MDaemon IMAP SELECT and EXAMINE command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Mdaemon 3.5.6
Vulnerability: mdaemon-imap-command-dos
X-Force URL: http://xforce.iss.net/static/6279.php
Date Reported: 03/25/2001
Brief Description: HP-UX 11.11 newgrp(1) command allows users to gain additional privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: HP-UX 11.11
Vulnerability: hp-newgrp-additional-privileges
X-Force URL: http://xforce.iss.net/static/6282.php
Date Reported: 03/26/2001
Brief Description: 602Pro LAN SUITE webprox.dll denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, 602Pro LAN SUITE 2000a All versions
Vulnerability: lan-suite-webprox-dos
X-Force URL: http://xforce.iss.net/static/6281.php
Date Reported: 03/26/2001
Brief Description: BEA WebLogic Server could allow attackers to browse Web
directories
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WebLogic Server 6.0, Windows All versions
Vulnerability: weblogic-browse-directories
X-Force URL: http://xforce.iss.net/static/6283.php
Date Reported: 03/27/2001
Brief Description: Solaris tip buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 8, Solaris 2.5.1, Solaris 2.6, Solaris 7
Vulnerability: solaris-tip-bo
X-Force URL: http://xforce.iss.net/static/6284.php
Date Reported: 03/27/2001
Brief Description: SonicWALL IKE pre-shared key is 48 bytes instead of 128
bytes
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SonicWALL TELE2 6.0.0, SonicWALL SOHO2 6.0.0
Vulnerability: sonicwall-ike-shared-keys
X-Force URL: http://xforce.iss.net/static/6304.php
Date Reported: 03/27/2001
Brief Description: Anaconda Foundation Clipper directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Anaconda Foundation Clipper 3.3
Vulnerability: anaconda-clipper-directory-traversal
X-Force URL: http://xforce.iss.net/static/6286.php
Date Reported: 03/27/2001
Brief Description: Microsoft Visual Studio VB-TSQL buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Microsoft Visual Studio 6.0
Enterprise Ed., Windows NT All versions
Vulnerability: visual-studio-vbtsql-bo
X-Force URL: http://xforce.iss.net/static/6288.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer deliver buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-deliver-bo
X-Force URL: http://xforce.iss.net/static/6302.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpadmin buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpadmin-bo
X-Force URL: http://xforce.iss.net/static/6291.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpforms buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpforms-bo
X-Force URL: http://xforce.iss.net/static/6293.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpshut buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpshut-bo
X-Force URL: http://xforce.iss.net/static/6290.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpusers buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpusers-bo
X-Force URL: http://xforce.iss.net/static/6292.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer recon buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-recon-bo
X-Force URL: http://xforce.iss.net/static/6289.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer sendmail buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-sendmail-bo
X-Force URL: http://xforce.iss.net/static/6303.php
Date Reported: 03/28/2001
Brief Description: Inframail POST command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Inframail 3.97a and earlier, Linux All
versions
Vulnerability: inframail-post-dos
X-Force URL: http://xforce.iss.net/static/6297.php
Date Reported: 03/28/2001
Brief Description: Cisco VPN 3000 Concentrators Telnet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Cisco VPN 3000 Concentrators prior to 3.0.00
Vulnerability: cisco-vpn-telnet-dos
X-Force URL: http://xforce.iss.net/static/6298.php
Date Reported: 03/28/2001
Brief Description: WebSite Professional remote manager service denial of
service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: O'Reilly WebSite Pro 3.0.37
Vulnerability: website-pro-remote-dos
X-Force URL: http://xforce.iss.net/static/6295.php
Date Reported: 03/28/2001
Brief Description: Windows Me and Plus! 98 could allow the recovery of
Compressed Folder passwords
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows 98 All versions, Windows 98 Second Edition, Windows
ME All versions
Vulnerability: win-compressed-password-recovery
X-Force URL: http://xforce.iss.net/static/6294.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
Internet Security Systems is the leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed security
services, and strategic consulting and education offerings, ISS is a
trusted security provider to more than 8,000 customers worldwide including
21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and the
Middle East. For more information, visit the Internet Security Systems web
site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOszkuDRfJiV99eG9AQFlewP8C6v84pW6UR171S6OThwkg/P7ylXIMY3P
jO+w8ohAvbsa90iLFMlGo6YY0pIKSwlacQErryVFfVcRLQ1gIQhBxoIQlwrNkB6m
XWnhroR/R7rzatML9cnHzpQKUK7Hax3LSxdxZQQwIDISxBZ4aeOTQwD+seuIos8t
8PVD8c9UO3g=
=1xgg
-----END PGP SIGNATURE-----
| VAR-200106-0110 | CVE-2001-0328 | Multiple TCP/IP implementations may use statistically predictable initial sequence numbers |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. Attacks against TCP initial sequence number generation have been discussed for some time now. It has long been recognized that the ability to know or predict ISNs can lead to TCP connection hijacking or spoofing. What was not previously illustrated was just how predictable one commonly-used method of randomizing new connection ISNs is in some modern TCP/IP implementations.
A vulnerability exists in some TCP/IP stack implementations that use random increments for initial sequence numbers. Such implementations are vulnerable to statistical attack, which could allow an attacker to predict, within a reasonable range, sequence numbers of future and existing connections.
By predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
HP SECURITY BULLETIN
HPSBTU01210 REVISION: 0
SSRT4743, SSRT4884 rev.0 - HP Tru64 UNIX TCP/IP remote Denial of
Service (DoS)
NOTICE:
There are no restrictions for distribution of this Security
Bulletin provided that it remains complete and intact.
The information in this Security Bulletin should be acted upon
as soon as possible.
INITIAL RELEASE:
15 July 2005
POTENTIAL SECURITY IMPACT:
Remote Denial of Service (DoS)
SOURCE:
Hewlett-Packard Company
HP Software Security Response Team
VULNERABILITY SUMMARY:
Several potential security vulnerabilities have been identified
in the HP Tru64 UNIX TCP/IP including ICMP, and Initial Sequence
Number generation (ISNs). These exploits could result in a remote
Denial of Service (DoS) from network throughput reduction for
TCP connections, the reset of TCP connections, or TCP spoofing.
REFERENCES:
CERT CA-2001-09, NISCC Vulnerability Advisory VU#498440 VU#532967,
CAN-2004-0790 CAN-2004-0791 CAN-2004-1060 CAN-2001-0328
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Tru64 UNIX 5.1B-3
HP Tru64 UNIX 5.1B-2/PK4
HP Tru64 UNIX 5.1A PK
HP Tru64 UNIX 4.0G PK4
HP Tru64 UNIX 4.0F PK8
BACKGROUND:
Special Instructions for the Customer
The Internet Control Message Protocol (ICMP) (RFC 792) is used in
the Internet Architecture to perform fault-isolation and recovery
(RFC816), which is the group of actions that hosts and routers
take to determine if a network failure has occurred.
The industry standard TCP specification (RFC 793) has a
vulnerability whereby ICMP packets can be used to perform a
variety of attacks such as blind connection reset attacks and
blind throughput-reduction attacks. Blind connection reset
attacks can be triggered by an attacker sending forged ICMP
"Destination Unreachable, host unreachable" packets or ICMP
"Destination Unreachable, port unreachable" packets. Blind
throughput-reduction attacks can be caused by an attacker sending
a forged ICMP type 4 (Source Quench) packet.
Path MTU Discovery (RFC 1191) describes a technique for
dynamically discovering the MTU (maximum transmission unit) of an
arbitrary internet path. This protocol uses ICMP packets from
the router to discover the MTU for a TCP connection path. An
attacker can reduce the throughput of a TCP connection by sending
forged ICMP packets (or their IPv6 counterpart) to the
discovering host, causing an incorrect Path MTU setting.
HP has addressed these potential vulnerabilities by providing a
new kernel tunable in Tru64 UNIX V5.1B and 5.1A,
icmp_tcpseqcheck. In Tru64 4.0F and 4.0G, HP has introduced two
new kernel tunables, icmp_tcpseqcheck and icmp_rejectcodemask.
The icmp_rejectcodemask tunable is already available in Tru64
UNIX V5.1B and 5.1A.
icmp_tcpseqcheck
The icmp_tcpseqcheck variable mitigates ICMP attacks against TCP
by checking that the TCP sequence number contained in the payload
of the ICMP error message is within the range of the data already
sent but not yet acknowledged. An ICMP error message that does
not pass this check is discarded. This behavior protects TCP
against spoofed ICMP packets.
Set the tunable as follows:
icmp_tcpseqcheck=1 (default)
Provides a level of protection that reduces the possibility
of considering a spoofed ICMP packet as valid
to one in two raised to the thirty-second power.
icmp_tcpseqcheck=0
Retains existing behavior, i.e., accepts all ICMP packets
icmp_rejectcodemask
In the Requirements for IP Version 4 Routers (RFC 1812), research
suggests that the use of ICMP Source Quench packets is an
ineffective (and unfair) antidote for congestion. Thus, HP
recommends completely ignoring ICMP Source Quench packets using
the icmp_rejectcodemask tunable. The icmp_rejectcodemask is a
bitmask that designates the ICMP codes that the system should
reject. For example, to reject ICMP Source Quench packets,
set the mask bit position for the ICMP_SOURCEQUENCH code 4,
which is two to the 4th power = 16 (0x10 hex).
The icmp_rejectcodemask tunable can be used to reject any
ICMP packet type, or multiple masks can be combined to reject
more than one type.
Note: the ICMP type codes are defined in
"/usr/include/netinet/ip_icmp.h".
Set the tunable as follows:
icmp_rejectcodemask = 0x10
Rejects ICMP Source Quench packets
icmp_rejectcodemask = 0 (default)
Retains existing behavior, i.e., accepts all ICMP packets
Adjusting the variables
The ICMP sequence check variable (icmp_tcpseqcheck) can be
adjusted using the sysconfig and sysconfigdb commands:
# sysconfig -q inet icmp_tcpseqcheck
inet:
icmp_tcpseqcheck = 1
# sysconfig -r inet icmp_tcpseqcheck=0
icmp_tcpseqcheck: reconfigured
# sysconfig -q inet icmp_tcpseqcheck
inet:
icmp_tcpseqcheck = 0
# sysconfig -q inet icmp_tcpseqcheck > /tmp/icmp_tcpseqcheck_merge
# sysconfigdb -m -f /tmp/icmp_tcpseqcheck_merge inet
# sysconfigdb -l inet
inet:
icmp_tcpseqcheck = 1
Similarly, the icmp_rejectcodemask variable can be adjusted using
the sysconfig and sysconfigdb commands:
# sysconfig -q inet icmp_rejectcodemask
inet:
icmp_rejectcodemask = 0
# sysconfig -r inet icmp_rejectcodemask=0x10
icmp_rejectcodemask: reconfigured
# sysconfig -q inet icmp_rejectcodemask
inet:
icmp_rejectcodemask = 16
# sysconfig -q inet icmp_rejectcodemask
> /tmp/icmp_rejectcodemask_merge
# sysconfigdb -m -f /tmp/icmp_rejectcodemask_merge inet
# sysconfigdb -l inet
inet:
icmp_rejectcodemask = 16
RESOLUTION:
Until the corrections are available in a mainstream
release patch kit, HP is releasing the following Early Release
Patch (ERP) kits publicly for use by any customer.
The ERP kits use dupatch to install and will not install over
any installed Customer Specific Patches (CSPs) that have file
intersections with the ERPs. Contact your service provider for
assistance if the ERP installation is blocked by any of your
installed CSPs.
The fixes contained in the ERP kits are scheduled to be
available in the following mainstream patch kits:
HP Tru64 Unix 5.1B-4
Early Release Patches
The ERPs deliver the following file:
/sys/BINARY/inet.mod
HP Tru64 UNIX 5.1B-3 ERP Kit Name:
T64KIT0025925-V51BB26-ES-20050628
Kit Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?
patchid=T64KIT0025925-V51BB26-ES-20050628
MD5 checksum: 129251787a426320af16cd584b982027
HP Tru64 UNIX 5.1B-2/PK4 ERP Kit Name:
T64KIT0025924-V51BB25-ES-20050628
Kit Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?
patchid=T64KIT0025924-V51BB25-ES-20050628
MD5 checksum: 5fcc77a6876db6d10ef07ac96e11b3af
HP Tru64 UNIX 5.1A PK6 ERP Kit Name:
T64KIT0025922-V51AB24-ES-20050628
Kit Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?
patchid=T64KIT0025922-V51AB24-ES-20050628
MD5 checksum: 7c373b35c95945651a1cfda96bf71421
HP Tru64 UNIX 4.0G PK4 ERP Kit Name:
T64KIT0025920-V40GB22-ES-20050628
Kit Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?
patchid=T64KIT0025920-V40GB22-ES-20050628
MD5 checksum: 13849fd555239d75d300d1cb46dc995f
HP Tru64 UNIX 4.0F PK8 ERP Kit Name:
DUXKIT0025921-V40FB22-ES-20050628
Kit Location:
http://www.itrc.hp.com/service/patch/patchDetail.do?
patchid=T64KIT0025920-V40GB22-ES-20050628
MD5 checksum: 743b614d39f185802701b7f2dd14ffa5
MD5 checksums are available from the ITRC patch database main
page:
http://www.itrc.hp.com/service/patch/mainPage.do
- From the patch database main page, click Tru64 UNIX,
then click verifying MD5 checksums under useful links.
General ITRC Patch Page:
http://www.itrc.hp.com/service/patch/mainPage
SUPPORT: For further information, contact normal HP Services
support channel.
REPORT: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com. It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information. To obtain the security-alert PGP key please send an
e-mail message to security-alert@hp.com with the Subject of
'get key' (no quotes).
SUBSCRIBE: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your IRTC security bulletins and patches
- check ALL categories for which alerts are required and
continue.
Under Step2: your IRTC operating systems
- verify your operating system selections are checked and
save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page
Subscriber's choice for Business: sign-in.
On the Web page:
Subscriber's Choice: your profile summary
- use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number:
GN = HP General SW,
MA = HP Management Agents,
MI = Misc. 3rd party SW,
MP = HP MPE/iX,
NS = HP NonStop Servers,
OV = HP OpenVMS,
PI = HP Printing & Imaging,
ST = HP Storage SW,
TL = HP Trusted Linux,
TU = HP Tru64 UNIX,
UX = HP-UX,
VV = HP Virtual Vault
System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."
(c)Copyright 2005 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQtuSLuAfOvwtKn1ZEQJXrwCgpDVfLyXvXZd3sF6bswgQ3DLz5jcAoNt2
As7Gf9BY697IdlYjIlmrirG1
=143G
-----END PGP SIGNATURE-----
| VAR-200106-0093 | CVE-2001-0376 | Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used. The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability.
A problem with the SNMP Daemon included in the SUNWsspop package results in a buffer overflow, and potentially the execution of arbitrary code. Upon parsing the argv[0] variable from the command line, this information is stored in a static buffer. The static buffer is vulnerable to being overflowed at 700 bytes of data. This vulnerability is only present on systems acting as the System Service Processor for an E10000, or on any system with the SUNWsspop package installed. Tele2 is prone to a remote security vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary
April 5, 2001
Volume 6 Number 5
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-5.php
_____
Contents:
* 80 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 03/01/2001
Brief Description: Palm OS Debug Mode allows attacker to bypass password
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Palm OS 3.5.2, Palm OS 3.3
Vulnerability: palm-debug-bypass-password
X-Force URL: http://xforce.iss.net/static/6196.php
Date Reported: 03/01/2001
Brief Description: Microsoft Exchange malformed URL request could cause a
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Microsoft Exchange 2000
Vulnerability: exchange-malformed-url-dos
X-Force URL: http://xforce.iss.net/static/6172.php
Date Reported: 03/02/2001
Brief Description: Mailx buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: OpenLinux 2.4, OpenLinux 2.3, Linux Debian 2.2
Vulnerability: mailx-bo
X-Force URL: http://xforce.iss.net/static/6181.php
Date Reported: 03/02/2001
Brief Description: SunFTP allows attackers to gain unauthorized file access
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SunFTP 1.0 Build 9
Vulnerability: sunftp-gain-access
X-Force URL: http://xforce.iss.net/static/6195.php
Date Reported: 03/02/2001
Brief Description: WinZip /zipandemail option buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions, Winzip 8.0, Windows NT All
versions
Vulnerability: winzip-zipandemail-bo
X-Force URL: http://xforce.iss.net/static/6191.php
Date Reported: 03/04/2001
Brief Description: Broker FTP Server allows remote attacker to delete files
outside the FTP root
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-delete-files
X-Force URL: http://xforce.iss.net/static/6190.php
Date Reported: 03/04/2001
Brief Description: Broker FTP allows remote user to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-list-directories
X-Force URL: http://xforce.iss.net/static/6189.php
Date Reported: 03/04/2001
Brief Description: INDEXU allows attackers to gain unauthorized system access
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: INDEXU 2.0beta and earlier
Vulnerability: indexu-gain-access
X-Force URL: http://xforce.iss.net/static/6202.php
Date Reported: 03/04/2001
Brief Description: Fastream FTP++ Client allows user to download files outside
of Web root directory
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Fastream FTP++ Server 2.0
Vulnerability: fastream-ftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6187.php
Date Reported: 03/04/2001
Brief Description: SlimServe HTTPd directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SlimServe HTTPd 1.1 and earlier
Vulnerability: slimserve-httpd-directory-traversal
X-Force URL: http://xforce.iss.net/static/6186.php
Date Reported: 03/04/2001
Brief Description: WFTPD Pro buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: WFTPD Pro 3.00
Vulnerability: wftpd-pro-bo
X-Force URL: http://xforce.iss.net/static/6184.php
Date Reported: 03/05/2001
Brief Description: IRCd tkserv buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: IRCd All versions, tkserv 1.3.0 and earlier
Vulnerability: irc-tkserv-bo
X-Force URL: http://xforce.iss.net/static/6193.php
Date Reported: 03/06/2001
Brief Description: War FTPD could allow attackers to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WarFTPD 1.67b4
Vulnerability: warftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6197.php
Date Reported: 03/06/2001
Brief Description: Internet Explorer could allow execution of commands when
used with Telnet
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Internet Explorer 5.5, Services for Unix 2.0, Windows NT All
versions, Windows 2000 All versions, Internet Explorer 5.01
Vulnerability: ie-telnet-execute-commands
X-Force URL: http://xforce.iss.net/static/6230.php
Date Reported: 03/07/2001
Brief Description: Cisco Aironet Web access allows remote attacker to
view/modify configuration
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Aironet 340 Series Wireless Bridge Firmware 8.07, Aironet
340 Series Wireless Bridge Firmware 8.24, Aironet 340 Series
Wireless Bridge Firmware 7.x
Vulnerability: cisco-aironet-web-access
X-Force URL: http://xforce.iss.net/static/6200.php
Date Reported: 03/07/2001
Brief Description: Netscape Directory Server buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Netscape Directory Server 4.1, Netscape Directory Server
4.12, Windows NT All versions
Vulnerability: netscape-directory-server-bo
X-Force URL: http://xforce.iss.net/static/6233.php
Date Reported: 03/07/2001
Brief Description: Proftpd contains configuration error in postinst script when
running as root
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-postinst-root
X-Force URL: http://xforce.iss.net/static/6208.php
Date Reported: 03/07/2001
Brief Description: proftpd /var symlink
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-var-symlink
X-Force URL: http://xforce.iss.net/static/6209.php
Date Reported: 03/07/2001
Brief Description: man2html remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: man2html prior to 1.5.23
Vulnerability: man2html-remote-dos
X-Force URL: http://xforce.iss.net/static/6211.php
Date Reported: 03/07/2001
Brief Description: Linux ePerl buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
ePerl prior to 2.2.14, Linux Debian 2.2, Linux Mandrake 7.1
Vulnerability: linux-eperl-bo
X-Force URL: http://xforce.iss.net/static/6198.php
Date Reported: 03/08/2001
Brief Description: Novell NetWare could allow attackers to gain unauthorized
access
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Novell NetWare 4.01, Novell NetWare 5.1, Novell NetWare 3.1,
Novell NetWare 4.11, Novell NetWare 5.0
Vulnerability: novell-netware-unauthorized-access
X-Force URL: http://xforce.iss.net/static/6215.php
Date Reported: 03/08/2001
Brief Description: Linux sgml-tools symlink attack
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, sgml-tools prior to
1.0.9-15, Linux Mandrake 7.2, Linux Immunix OS 6.2, Linux
Immunix OS 7.0 Beta, Linux Mandrake 6.0, Linux Mandrake 6.1,
Linux Red Hat 7.0, Linux Red Hat 6.2, Linux Debian 2.2,
Linux Mandrake 7.1, Linux Red Hat 5.2
Vulnerability: sgmltools-symlink
X-Force URL: http://xforce.iss.net/static/6201.php
Date Reported: 03/08/2001
Brief Description: HP-UX asecure denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: HP-UX 10.10, HP-UX 10.20, HP-UX 11, HP-UX 10.01
Vulnerability: hp-asecure-dos
X-Force URL: http://xforce.iss.net/static/6212.php
Date Reported: 03/08/2001
Brief Description: ascdc Afterstep buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: ascdc 0.3
Vulnerability: ascdc-afterstep-bo
X-Force URL: http://xforce.iss.net/static/6204.php
Date Reported: 03/08/2001
Brief Description: Microsoft IIS WebDAV denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: IIS 5.0
Vulnerability: iis-webdav-dos
X-Force URL: http://xforce.iss.net/static/6205.php
Date Reported: 03/08/2001
Brief Description: WEBsweeper HTTP request denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: WEBsweeper 4.0, Windows NT All versions
Vulnerability: websweeper-http-dos
X-Force URL: http://xforce.iss.net/static/6214.php
Date Reported: 03/09/2001
Brief Description: FOLDOC allows remote attackers to execute commands
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FOLDEC All versions
Vulnerability: foldoc-cgi-execute-commands
X-Force URL: http://xforce.iss.net/static/6217.php
Date Reported: 03/09/2001
Brief Description: slrn newsreader wrapping/unwrapping buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Immunix OS 7.0 Beta, Linux Debian 2.2, Linux Red Hat
7.0, Linux Immunix OS 6.2, Linux Red Hat 6.0, Linux Red Hat
6.1, Linux Red Hat 6.2
Vulnerability: slrn-wrapping-bo
X-Force URL: http://xforce.iss.net/static/6213.php
Date Reported: 03/09/2001
Brief Description: Linux mutt package contains format string when using IMAP
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0,
Linux Mandrake 7.0, Linux Mandrake 7.1, Linux Conectiva,
Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2,
Linux Red Hat 5.2
Vulnerability: mutt-imap-format-string
X-Force URL: http://xforce.iss.net/static/6235.php
Date Reported: 03/10/2001
Brief Description: FormMail could be used to flood servers with anonymous email
Risk Factor: High
Attack Type: Network Based
Platforms Affected: FormMail 1.0 to 1.6, Linux All versions
Vulnerability: formmail-anonymous-flooding
X-Force URL: http://xforce.iss.net/static/6242.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server config file buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-config-file-bo
X-Force URL: http://xforce.iss.net/static/6221.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server exec command buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-exec-bo
X-Force URL: http://xforce.iss.net/static/6219.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server map command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-bo
X-Force URL: http://xforce.iss.net/static/6218.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server 'map' command format string
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-format-string
X-Force URL: http://xforce.iss.net/static/6220.php
Date Reported: 03/11/2001
Brief Description: Ikonboard allows remote attackers to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Ikonboard 2.1.7b and earlier
Vulnerability: ikonboard-cgi-read-files
X-Force URL: http://xforce.iss.net/static/6216.php
Date Reported: 03/12/2001
Brief Description: timed daemon remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Linux SuSE 7.1, Linux Mandrake 7.2, Linux SuSE 7.0, Linux-
Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux
Mandrake 6.1, FreeBSD 4.x, Linux Mandrake 7.0, Linux SuSE
6.1, Linux Mandrake 7.1, FreeBSD 3.x, Linux SuSE 6.3, Linux
SuSE 6.4, Linux SuSE 6.2
Vulnerability: timed-remote-dos
X-Force URL: http://xforce.iss.net/static/6228.php
Date Reported: 03/12/2001
Brief Description: imap, ipop2d and ipop3d buffer overflows
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: OpenLinux eServer 2.3.1, OpenLinux eBuilder for ECential
3.0, OpenLinux eDesktop 2.4, OpenLinux 2.3, Linux SuSE 6.1,
Linux Conectiva
Vulnerability: imap-ipop2d-ipop3d-bo
X-Force URL: http://xforce.iss.net/static/6269.php
Date Reported: 03/12/2001
Brief Description: rwhod remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FreeBSD 3.x, FreeBSD 4.x, Unix All versions
Vulnerability: rwhod-remote-dos
X-Force URL: http://xforce.iss.net/static/6229.php
Date Reported: 03/13/2001
Brief Description: SunOS snmpd argv[0] buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: SunOS 5.8
Vulnerability: snmpd-argv-bo
X-Force URL: http://xforce.iss.net/static/6239.php
Date Reported: 03/13/2001
Brief Description: Mesa utah-glx symbolic link
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Mesa prior to 3.3-14, Linux Mandrake 7.2
Vulnerability: mesa-utahglx-symlink
X-Force URL: http://xforce.iss.net/static/6231.php
Date Reported: 03/14/2001
Brief Description: Linux FTPfs buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux 2.2.x, FTPfs 0.1.1
Vulnerability: ftpfs-bo
X-Force URL: http://xforce.iss.net/static/6234.php
Date Reported: 03/15/2001
Brief Description: Solaris snmpXdmid malformed DMI request buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Solaris 7, Solaris 8, Solaris 2.6
Vulnerability: solaris-snmpxdmid-bo
X-Force URL: http://xforce.iss.net/static/6245.php
Date Reported: 03/15/2001
Brief Description: vBulletin PHP Web forum allows attackers to gain elevated
privileges
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: vBulletin 1.1.5 and earlier, vBulletin 2.0beta2 and earlier,
Windows All versions, Unix All versions
Vulnerability: vbulletin-php-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6237.php
Date Reported: 03/15/2001
Brief Description: MDaemon WorldClient Web services denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions, Mdaemon
3.5.6
Vulnerability: mdaemon-webservices-dos
X-Force URL: http://xforce.iss.net/static/6240.php
Date Reported: 03/16/2001
Brief Description: SSH ssheloop.c denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SSH for Windows Server 2.4, SSH for Windows Server 2.5,
Windows All versions
Vulnerability: ssh-ssheloop-dos
X-Force URL: http://xforce.iss.net/static/6241.php
Date Reported: 03/18/2001
Brief Description: Eudora HTML emails could allow remote execution of code
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows All versions, Eudora 5.0.2
Vulnerability: eudora-html-execute-code
X-Force URL: http://xforce.iss.net/static/6262.php
Date Reported: 03/19/2001
Brief Description: ASPSeek s.cgi buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux All versions, ASPSeek 1.0.3 and earlier
Vulnerability: aspseek-scgi-bo
X-Force URL: http://xforce.iss.net/static/6248.php
Date Reported: 03/20/2001
Brief Description: HSLCTF HTTP denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: AIX All versions, Unix All versions, HSLCTF 1.0
Vulnerability: hslctf-http-dos
X-Force URL: http://xforce.iss.net/static/6250.php
Date Reported: 03/20/2001
Brief Description: LICQ received URL execute commands
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, LICQ All, Linux
Mandrake 7.1, Linux Red Hat 7.0, Linux Mandrake 7.2
Vulnerability: licq-url-execute-commands
X-Force URL: http://xforce.iss.net/static/6261.php
Date Reported: 03/20/2001
Brief Description: SurfControl SuperScout allows user to bypass filtering rules
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SurfControl SuperScout 3.0.2 and prior, Windows NT 4.0,
Windows 2000 All versions
Vulnerability: superscout-bypass-filtering
X-Force URL: http://xforce.iss.net/static/6300.php
Date Reported: 03/20/2001
Brief Description: DGUX lpsched buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: DG/UX All versions
Vulnerability: dgux-lpsched-bo
X-Force URL: http://xforce.iss.net/static/6258.php
Date Reported: 03/20/2001
Brief Description: REDIPlus stock trading software stores passwords in
plaintext
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: REDIPlus 1.0, Windows All versions
Vulnerability: rediplus-weak-security
X-Force URL: http://xforce.iss.net/static/6276.php
Date Reported: 03/20/2001
Brief Description: FCheck open() function allows the execution of commands
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO All versions, FCheck prior to 2.07.59, SunOS All
versions, Windows All versions, Unix All versions, HP-UX All
versions, Linux All versions, Solaris All versions, AIX All
versions, BSD All versions
Vulnerability: fcheck-open-execute-commands
X-Force URL: http://xforce.iss.net/static/6256.php
Date Reported: 03/20/2001
Brief Description: NTMail long URL denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, NTMail 6, Windows NT 4.0
Vulnerability: ntmail-long-url-dos
X-Force URL: http://xforce.iss.net/static/6249.php
Date Reported: 03/21/2001
Brief Description: VIM text editor allows attackers to gain elevated privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: VIM All versions, Linux Red Hat 5.2, Linux Red Hat 6.2,
Linux Red Hat 7.0
Vulnerability: vim-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6259.php
Date Reported: 03/22/2001
Brief Description: FreeBSD UFS/EXT2FS could allow disclosure of deleted data
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: UFS All versions, EXT2FS All versions, FreeBSD All versions
Vulnerability: ufs-ext2fs-data-disclosure
X-Force URL: http://xforce.iss.net/static/6268.php
Date Reported: 03/22/2001
Brief Description: Microsoft invalid digital certificates could be used for
spoofing
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows ME All versions, Windows 95 All versions, Windows 98
All versions, Windows 2000 All versions, Windows NT All
versions
Vulnerability: microsoft-invalid-digital-certificates
X-Force URL: http://xforce.iss.net/static/6265.php
Date Reported: 03/23/2001
Brief Description: Akopia Interchange could allow attacker to gain
administrative access
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Akopia Interchange 4.5.3 and 4.6.3
Vulnerability: akopia-interchange-gain-access
X-Force URL: http://xforce.iss.net/static/6273.php
Date Reported: 03/23/2001
Brief Description: Solaris /opt/JSParm/bin/perfmon allows user to create files
with root privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 2.x
Vulnerability: solaris-perfmon-create-files
X-Force URL: http://xforce.iss.net/static/6267.php
Date Reported: 03/23/2001
Brief Description: Windows user.dmp file insecure permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions
Vulnerability: win-userdmp-insecure-permission
X-Force URL: http://xforce.iss.net/static/6275.php
Date Reported: 03/23/2001
Brief Description: Compaq Web-enabled management software could allow users to
bypass proxy settings
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Compaq Web-Enabled Management All versions
Vulnerability: compaq-wbm-bypass-proxy
X-Force URL: http://xforce.iss.net/static/6264.php
Date Reported: 03/25/2001
Brief Description: MDaemon IMAP SELECT and EXAMINE command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Mdaemon 3.5.6
Vulnerability: mdaemon-imap-command-dos
X-Force URL: http://xforce.iss.net/static/6279.php
Date Reported: 03/25/2001
Brief Description: HP-UX 11.11 newgrp(1) command allows users to gain additional privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: HP-UX 11.11
Vulnerability: hp-newgrp-additional-privileges
X-Force URL: http://xforce.iss.net/static/6282.php
Date Reported: 03/26/2001
Brief Description: 602Pro LAN SUITE webprox.dll denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, 602Pro LAN SUITE 2000a All versions
Vulnerability: lan-suite-webprox-dos
X-Force URL: http://xforce.iss.net/static/6281.php
Date Reported: 03/26/2001
Brief Description: BEA WebLogic Server could allow attackers to browse Web
directories
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WebLogic Server 6.0, Windows All versions
Vulnerability: weblogic-browse-directories
X-Force URL: http://xforce.iss.net/static/6283.php
Date Reported: 03/27/2001
Brief Description: Solaris tip buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 8, Solaris 2.5.1, Solaris 2.6, Solaris 7
Vulnerability: solaris-tip-bo
X-Force URL: http://xforce.iss.net/static/6284.php
Date Reported: 03/27/2001
Brief Description: SonicWALL IKE pre-shared key is 48 bytes instead of 128
bytes
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SonicWALL TELE2 6.0.0, SonicWALL SOHO2 6.0.0
Vulnerability: sonicwall-ike-shared-keys
X-Force URL: http://xforce.iss.net/static/6304.php
Date Reported: 03/27/2001
Brief Description: Anaconda Foundation Clipper directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Anaconda Foundation Clipper 3.3
Vulnerability: anaconda-clipper-directory-traversal
X-Force URL: http://xforce.iss.net/static/6286.php
Date Reported: 03/27/2001
Brief Description: Microsoft Visual Studio VB-TSQL buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Microsoft Visual Studio 6.0
Enterprise Ed., Windows NT All versions
Vulnerability: visual-studio-vbtsql-bo
X-Force URL: http://xforce.iss.net/static/6288.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer deliver buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-deliver-bo
X-Force URL: http://xforce.iss.net/static/6302.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpadmin buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpadmin-bo
X-Force URL: http://xforce.iss.net/static/6291.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpforms buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpforms-bo
X-Force URL: http://xforce.iss.net/static/6293.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpshut buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpshut-bo
X-Force URL: http://xforce.iss.net/static/6290.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpusers buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpusers-bo
X-Force URL: http://xforce.iss.net/static/6292.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer recon buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-recon-bo
X-Force URL: http://xforce.iss.net/static/6289.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer sendmail buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-sendmail-bo
X-Force URL: http://xforce.iss.net/static/6303.php
Date Reported: 03/28/2001
Brief Description: Inframail POST command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Inframail 3.97a and earlier, Linux All
versions
Vulnerability: inframail-post-dos
X-Force URL: http://xforce.iss.net/static/6297.php
Date Reported: 03/28/2001
Brief Description: Cisco VPN 3000 Concentrators Telnet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Cisco VPN 3000 Concentrators prior to 3.0.00
Vulnerability: cisco-vpn-telnet-dos
X-Force URL: http://xforce.iss.net/static/6298.php
Date Reported: 03/28/2001
Brief Description: WebSite Professional remote manager service denial of
service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: O'Reilly WebSite Pro 3.0.37
Vulnerability: website-pro-remote-dos
X-Force URL: http://xforce.iss.net/static/6295.php
Date Reported: 03/28/2001
Brief Description: Windows Me and Plus! 98 could allow the recovery of
Compressed Folder passwords
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows 98 All versions, Windows 98 Second Edition, Windows
ME All versions
Vulnerability: win-compressed-password-recovery
X-Force URL: http://xforce.iss.net/static/6294.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
Internet Security Systems is the leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed security
services, and strategic consulting and education offerings, ISS is a
trusted security provider to more than 8,000 customers worldwide including
21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and the
Middle East. For more information, visit the Internet Security Systems web
site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOszkuDRfJiV99eG9AQFlewP8C6v84pW6UR171S6OThwkg/P7ylXIMY3P
jO+w8ohAvbsa90iLFMlGo6YY0pIKSwlacQErryVFfVcRLQ1gIQhBxoIQlwrNkB6m
XWnhroR/R7rzatML9cnHzpQKUK7Hax3LSxdxZQQwIDISxBZ4aeOTQwD+seuIos8t
8PVD8c9UO3g=
=1xgg
-----END PGP SIGNATURE-----
| VAR-200103-0029 | CVE-2000-0368 | Classic Cisco IOS Access sensitive data vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. IOS is prone to a local security vulnerability. Vulnerabilities exist in Classic Cisco IOS 9.1 and later versions
| VAR-200106-0028 | CVE-2001-0151 | Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Microsoft IIS of Web DAV Has a flaw in handling invalid requests, CPU There is a vulnerability that uses a lot of resources.Web DAV Service disruption (DoS) It may be in a state. Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability.
A problem with the SNMP Daemon included in the SUNWsspop package results in a buffer overflow, and potentially the execution of arbitrary code. Upon parsing the argv[0] variable from the command line, this information is stored in a static buffer. The static buffer is vulnerable to being overflowed at 700 bytes of data. This vulnerability is only present on systems acting as the System Service Processor for an E10000, or on any system with the SUNWsspop package installed. This vulnerability is also known to restart all IIS services. WebDAV contains a flaw in the handling of certain malformed requests. Submitting a valid WebDAV request containing numerous ':' could cause a remote restart of the server. This vulnerability has been known to affect the server performance and could lead to a denial of service condition, however this has not been verified. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary
April 5, 2001
Volume 6 Number 5
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-5.php
_____
Contents:
* 80 Reported Vulnerabilities
* Risk Factor Key
_____
Date Reported: 03/01/2001
Brief Description: Palm OS Debug Mode allows attacker to bypass password
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Palm OS 3.5.2, Palm OS 3.3
Vulnerability: palm-debug-bypass-password
X-Force URL: http://xforce.iss.net/static/6196.php
Date Reported: 03/01/2001
Brief Description: Microsoft Exchange malformed URL request could cause a
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Microsoft Exchange 2000
Vulnerability: exchange-malformed-url-dos
X-Force URL: http://xforce.iss.net/static/6172.php
Date Reported: 03/02/2001
Brief Description: Mailx buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: OpenLinux 2.4, OpenLinux 2.3, Linux Debian 2.2
Vulnerability: mailx-bo
X-Force URL: http://xforce.iss.net/static/6181.php
Date Reported: 03/02/2001
Brief Description: SunFTP allows attackers to gain unauthorized file access
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SunFTP 1.0 Build 9
Vulnerability: sunftp-gain-access
X-Force URL: http://xforce.iss.net/static/6195.php
Date Reported: 03/02/2001
Brief Description: WinZip /zipandemail option buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions, Winzip 8.0, Windows NT All
versions
Vulnerability: winzip-zipandemail-bo
X-Force URL: http://xforce.iss.net/static/6191.php
Date Reported: 03/04/2001
Brief Description: Broker FTP Server allows remote attacker to delete files
outside the FTP root
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-delete-files
X-Force URL: http://xforce.iss.net/static/6190.php
Date Reported: 03/04/2001
Brief Description: Broker FTP allows remote user to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: Broker FTP Server All versions
Vulnerability: broker-ftp-list-directories
X-Force URL: http://xforce.iss.net/static/6189.php
Date Reported: 03/04/2001
Brief Description: INDEXU allows attackers to gain unauthorized system access
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: INDEXU 2.0beta and earlier
Vulnerability: indexu-gain-access
X-Force URL: http://xforce.iss.net/static/6202.php
Date Reported: 03/04/2001
Brief Description: Fastream FTP++ Client allows user to download files outside
of Web root directory
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Fastream FTP++ Server 2.0
Vulnerability: fastream-ftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6187.php
Date Reported: 03/04/2001
Brief Description: SlimServe HTTPd directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SlimServe HTTPd 1.1 and earlier
Vulnerability: slimserve-httpd-directory-traversal
X-Force URL: http://xforce.iss.net/static/6186.php
Date Reported: 03/04/2001
Brief Description: WFTPD Pro buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: WFTPD Pro 3.00
Vulnerability: wftpd-pro-bo
X-Force URL: http://xforce.iss.net/static/6184.php
Date Reported: 03/05/2001
Brief Description: IRCd tkserv buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: IRCd All versions, tkserv 1.3.0 and earlier
Vulnerability: irc-tkserv-bo
X-Force URL: http://xforce.iss.net/static/6193.php
Date Reported: 03/06/2001
Brief Description: War FTPD could allow attackers to list directories outside
the FTP root
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WarFTPD 1.67b4
Vulnerability: warftp-directory-traversal
X-Force URL: http://xforce.iss.net/static/6197.php
Date Reported: 03/06/2001
Brief Description: Internet Explorer could allow execution of commands when
used with Telnet
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Internet Explorer 5.5, Services for Unix 2.0, Windows NT All
versions, Windows 2000 All versions, Internet Explorer 5.01
Vulnerability: ie-telnet-execute-commands
X-Force URL: http://xforce.iss.net/static/6230.php
Date Reported: 03/07/2001
Brief Description: Cisco Aironet Web access allows remote attacker to
view/modify configuration
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Aironet 340 Series Wireless Bridge Firmware 8.07, Aironet
340 Series Wireless Bridge Firmware 8.24, Aironet 340 Series
Wireless Bridge Firmware 7.x
Vulnerability: cisco-aironet-web-access
X-Force URL: http://xforce.iss.net/static/6200.php
Date Reported: 03/07/2001
Brief Description: Netscape Directory Server buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Netscape Directory Server 4.1, Netscape Directory Server
4.12, Windows NT All versions
Vulnerability: netscape-directory-server-bo
X-Force URL: http://xforce.iss.net/static/6233.php
Date Reported: 03/07/2001
Brief Description: Proftpd contains configuration error in postinst script when
running as root
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-postinst-root
X-Force URL: http://xforce.iss.net/static/6208.php
Date Reported: 03/07/2001
Brief Description: proftpd /var symlink
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Linux Debian 2.2
Vulnerability: proftpd-var-symlink
X-Force URL: http://xforce.iss.net/static/6209.php
Date Reported: 03/07/2001
Brief Description: man2html remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: man2html prior to 1.5.23
Vulnerability: man2html-remote-dos
X-Force URL: http://xforce.iss.net/static/6211.php
Date Reported: 03/07/2001
Brief Description: Linux ePerl buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
ePerl prior to 2.2.14, Linux Debian 2.2, Linux Mandrake 7.1
Vulnerability: linux-eperl-bo
X-Force URL: http://xforce.iss.net/static/6198.php
Date Reported: 03/08/2001
Brief Description: Novell NetWare could allow attackers to gain unauthorized
access
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Novell NetWare 4.01, Novell NetWare 5.1, Novell NetWare 3.1,
Novell NetWare 4.11, Novell NetWare 5.0
Vulnerability: novell-netware-unauthorized-access
X-Force URL: http://xforce.iss.net/static/6215.php
Date Reported: 03/08/2001
Brief Description: Linux sgml-tools symlink attack
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, sgml-tools prior to
1.0.9-15, Linux Mandrake 7.2, Linux Immunix OS 6.2, Linux
Immunix OS 7.0 Beta, Linux Mandrake 6.0, Linux Mandrake 6.1,
Linux Red Hat 7.0, Linux Red Hat 6.2, Linux Debian 2.2,
Linux Mandrake 7.1, Linux Red Hat 5.2
Vulnerability: sgmltools-symlink
X-Force URL: http://xforce.iss.net/static/6201.php
Date Reported: 03/08/2001
Brief Description: HP-UX asecure denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: HP-UX 10.10, HP-UX 10.20, HP-UX 11, HP-UX 10.01
Vulnerability: hp-asecure-dos
X-Force URL: http://xforce.iss.net/static/6212.php
Date Reported: 03/08/2001
Brief Description: ascdc Afterstep buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: ascdc 0.3
Vulnerability: ascdc-afterstep-bo
X-Force URL: http://xforce.iss.net/static/6204.php
Date Reported: 03/08/2001
Brief Description: Microsoft IIS WebDAV denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: IIS 5.0
Vulnerability: iis-webdav-dos
X-Force URL: http://xforce.iss.net/static/6205.php
Date Reported: 03/08/2001
Brief Description: WEBsweeper HTTP request denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: WEBsweeper 4.0, Windows NT All versions
Vulnerability: websweeper-http-dos
X-Force URL: http://xforce.iss.net/static/6214.php
Date Reported: 03/09/2001
Brief Description: FOLDOC allows remote attackers to execute commands
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FOLDEC All versions
Vulnerability: foldoc-cgi-execute-commands
X-Force URL: http://xforce.iss.net/static/6217.php
Date Reported: 03/09/2001
Brief Description: slrn newsreader wrapping/unwrapping buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Immunix OS 7.0 Beta, Linux Debian 2.2, Linux Red Hat
7.0, Linux Immunix OS 6.2, Linux Red Hat 6.0, Linux Red Hat
6.1, Linux Red Hat 6.2
Vulnerability: slrn-wrapping-bo
X-Force URL: http://xforce.iss.net/static/6213.php
Date Reported: 03/09/2001
Brief Description: Linux mutt package contains format string when using IMAP
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,
Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0,
Linux Mandrake 7.0, Linux Mandrake 7.1, Linux Conectiva,
Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2,
Linux Red Hat 5.2
Vulnerability: mutt-imap-format-string
X-Force URL: http://xforce.iss.net/static/6235.php
Date Reported: 03/10/2001
Brief Description: FormMail could be used to flood servers with anonymous email
Risk Factor: High
Attack Type: Network Based
Platforms Affected: FormMail 1.0 to 1.6, Linux All versions
Vulnerability: formmail-anonymous-flooding
X-Force URL: http://xforce.iss.net/static/6242.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server config file buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-config-file-bo
X-Force URL: http://xforce.iss.net/static/6221.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server exec command buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-exec-bo
X-Force URL: http://xforce.iss.net/static/6219.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server map command buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-bo
X-Force URL: http://xforce.iss.net/static/6218.php
Date Reported: 03/11/2001
Brief Description: Half-Life Server 'map' command format string
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Half-Life Dedicated Server All versions
Vulnerability: halflife-map-format-string
X-Force URL: http://xforce.iss.net/static/6220.php
Date Reported: 03/11/2001
Brief Description: Ikonboard allows remote attackers to read files
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Ikonboard 2.1.7b and earlier
Vulnerability: ikonboard-cgi-read-files
X-Force URL: http://xforce.iss.net/static/6216.php
Date Reported: 03/12/2001
Brief Description: timed daemon remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Linux SuSE 7.1, Linux Mandrake 7.2, Linux SuSE 7.0, Linux-
Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux
Mandrake 6.1, FreeBSD 4.x, Linux Mandrake 7.0, Linux SuSE
6.1, Linux Mandrake 7.1, FreeBSD 3.x, Linux SuSE 6.3, Linux
SuSE 6.4, Linux SuSE 6.2
Vulnerability: timed-remote-dos
X-Force URL: http://xforce.iss.net/static/6228.php
Date Reported: 03/12/2001
Brief Description: imap, ipop2d and ipop3d buffer overflows
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: OpenLinux eServer 2.3.1, OpenLinux eBuilder for ECential
3.0, OpenLinux eDesktop 2.4, OpenLinux 2.3, Linux SuSE 6.1,
Linux Conectiva
Vulnerability: imap-ipop2d-ipop3d-bo
X-Force URL: http://xforce.iss.net/static/6269.php
Date Reported: 03/12/2001
Brief Description: rwhod remote denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: FreeBSD 3.x, FreeBSD 4.x, Unix All versions
Vulnerability: rwhod-remote-dos
X-Force URL: http://xforce.iss.net/static/6229.php
Date Reported: 03/13/2001
Brief Description: SunOS snmpd argv[0] buffer overflow
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms Affected: SunOS 5.8
Vulnerability: snmpd-argv-bo
X-Force URL: http://xforce.iss.net/static/6239.php
Date Reported: 03/13/2001
Brief Description: Mesa utah-glx symbolic link
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Mesa prior to 3.3-14, Linux Mandrake 7.2
Vulnerability: mesa-utahglx-symlink
X-Force URL: http://xforce.iss.net/static/6231.php
Date Reported: 03/14/2001
Brief Description: Linux FTPfs buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Linux 2.2.x, FTPfs 0.1.1
Vulnerability: ftpfs-bo
X-Force URL: http://xforce.iss.net/static/6234.php
Date Reported: 03/15/2001
Brief Description: Solaris snmpXdmid malformed DMI request buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Solaris 7, Solaris 8, Solaris 2.6
Vulnerability: solaris-snmpxdmid-bo
X-Force URL: http://xforce.iss.net/static/6245.php
Date Reported: 03/15/2001
Brief Description: vBulletin PHP Web forum allows attackers to gain elevated
privileges
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: vBulletin 1.1.5 and earlier, vBulletin 2.0beta2 and earlier,
Windows All versions, Unix All versions
Vulnerability: vbulletin-php-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6237.php
Date Reported: 03/15/2001
Brief Description: MDaemon WorldClient Web services denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions, Mdaemon
3.5.6
Vulnerability: mdaemon-webservices-dos
X-Force URL: http://xforce.iss.net/static/6240.php
Date Reported: 03/16/2001
Brief Description: SSH ssheloop.c denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SSH for Windows Server 2.4, SSH for Windows Server 2.5,
Windows All versions
Vulnerability: ssh-ssheloop-dos
X-Force URL: http://xforce.iss.net/static/6241.php
Date Reported: 03/18/2001
Brief Description: Eudora HTML emails could allow remote execution of code
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows All versions, Eudora 5.0.2
Vulnerability: eudora-html-execute-code
X-Force URL: http://xforce.iss.net/static/6262.php
Date Reported: 03/19/2001
Brief Description: ASPSeek s.cgi buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Linux All versions, ASPSeek 1.0.3 and earlier
Vulnerability: aspseek-scgi-bo
X-Force URL: http://xforce.iss.net/static/6248.php
Date Reported: 03/20/2001
Brief Description: HSLCTF HTTP denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: AIX All versions, Unix All versions, HSLCTF 1.0
Vulnerability: hslctf-http-dos
X-Force URL: http://xforce.iss.net/static/6250.php
Date Reported: 03/20/2001
Brief Description: LICQ received URL execute commands
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Linux Mandrake Corporate Server 1.0.1, LICQ All, Linux
Mandrake 7.1, Linux Red Hat 7.0, Linux Mandrake 7.2
Vulnerability: licq-url-execute-commands
X-Force URL: http://xforce.iss.net/static/6261.php
Date Reported: 03/20/2001
Brief Description: SurfControl SuperScout allows user to bypass filtering rules
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SurfControl SuperScout 3.0.2 and prior, Windows NT 4.0,
Windows 2000 All versions
Vulnerability: superscout-bypass-filtering
X-Force URL: http://xforce.iss.net/static/6300.php
Date Reported: 03/20/2001
Brief Description: DGUX lpsched buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: DG/UX All versions
Vulnerability: dgux-lpsched-bo
X-Force URL: http://xforce.iss.net/static/6258.php
Date Reported: 03/20/2001
Brief Description: REDIPlus stock trading software stores passwords in
plaintext
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: REDIPlus 1.0, Windows All versions
Vulnerability: rediplus-weak-security
X-Force URL: http://xforce.iss.net/static/6276.php
Date Reported: 03/20/2001
Brief Description: FCheck open() function allows the execution of commands
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO All versions, FCheck prior to 2.07.59, SunOS All
versions, Windows All versions, Unix All versions, HP-UX All
versions, Linux All versions, Solaris All versions, AIX All
versions, BSD All versions
Vulnerability: fcheck-open-execute-commands
X-Force URL: http://xforce.iss.net/static/6256.php
Date Reported: 03/20/2001
Brief Description: NTMail long URL denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, NTMail 6, Windows NT 4.0
Vulnerability: ntmail-long-url-dos
X-Force URL: http://xforce.iss.net/static/6249.php
Date Reported: 03/21/2001
Brief Description: VIM text editor allows attackers to gain elevated privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: VIM All versions, Linux Red Hat 5.2, Linux Red Hat 6.2,
Linux Red Hat 7.0
Vulnerability: vim-elevate-privileges
X-Force URL: http://xforce.iss.net/static/6259.php
Date Reported: 03/22/2001
Brief Description: FreeBSD UFS/EXT2FS could allow disclosure of deleted data
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: UFS All versions, EXT2FS All versions, FreeBSD All versions
Vulnerability: ufs-ext2fs-data-disclosure
X-Force URL: http://xforce.iss.net/static/6268.php
Date Reported: 03/22/2001
Brief Description: Microsoft invalid digital certificates could be used for
spoofing
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows ME All versions, Windows 95 All versions, Windows 98
All versions, Windows 2000 All versions, Windows NT All
versions
Vulnerability: microsoft-invalid-digital-certificates
X-Force URL: http://xforce.iss.net/static/6265.php
Date Reported: 03/23/2001
Brief Description: Akopia Interchange could allow attacker to gain
administrative access
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Akopia Interchange 4.5.3 and 4.6.3
Vulnerability: akopia-interchange-gain-access
X-Force URL: http://xforce.iss.net/static/6273.php
Date Reported: 03/23/2001
Brief Description: Solaris /opt/JSParm/bin/perfmon allows user to create files
with root privileges
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 2.x
Vulnerability: solaris-perfmon-create-files
X-Force URL: http://xforce.iss.net/static/6267.php
Date Reported: 03/23/2001
Brief Description: Windows user.dmp file insecure permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows NT All versions, Windows 2000 All versions
Vulnerability: win-userdmp-insecure-permission
X-Force URL: http://xforce.iss.net/static/6275.php
Date Reported: 03/23/2001
Brief Description: Compaq Web-enabled management software could allow users to
bypass proxy settings
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms Affected: Compaq Web-Enabled Management All versions
Vulnerability: compaq-wbm-bypass-proxy
X-Force URL: http://xforce.iss.net/static/6264.php
Date Reported: 03/25/2001
Brief Description: MDaemon IMAP SELECT and EXAMINE command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Mdaemon 3.5.6
Vulnerability: mdaemon-imap-command-dos
X-Force URL: http://xforce.iss.net/static/6279.php
Date Reported: 03/25/2001
Brief Description: HP-UX 11.11 newgrp(1) command allows users to gain additional privileges
Risk Factor: High
Attack Type: Host Based
Platforms Affected: HP-UX 11.11
Vulnerability: hp-newgrp-additional-privileges
X-Force URL: http://xforce.iss.net/static/6282.php
Date Reported: 03/26/2001
Brief Description: 602Pro LAN SUITE webprox.dll denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, 602Pro LAN SUITE 2000a All versions
Vulnerability: lan-suite-webprox-dos
X-Force URL: http://xforce.iss.net/static/6281.php
Date Reported: 03/26/2001
Brief Description: BEA WebLogic Server could allow attackers to browse Web
directories
Risk Factor: High
Attack Type: Network Based
Platforms Affected: WebLogic Server 6.0, Windows All versions
Vulnerability: weblogic-browse-directories
X-Force URL: http://xforce.iss.net/static/6283.php
Date Reported: 03/27/2001
Brief Description: Solaris tip buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Solaris 8, Solaris 2.5.1, Solaris 2.6, Solaris 7
Vulnerability: solaris-tip-bo
X-Force URL: http://xforce.iss.net/static/6284.php
Date Reported: 03/27/2001
Brief Description: SonicWALL IKE pre-shared key is 48 bytes instead of 128
bytes
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: SonicWALL TELE2 6.0.0, SonicWALL SOHO2 6.0.0
Vulnerability: sonicwall-ike-shared-keys
X-Force URL: http://xforce.iss.net/static/6304.php
Date Reported: 03/27/2001
Brief Description: Anaconda Foundation Clipper directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Anaconda Foundation Clipper 3.3
Vulnerability: anaconda-clipper-directory-traversal
X-Force URL: http://xforce.iss.net/static/6286.php
Date Reported: 03/27/2001
Brief Description: Microsoft Visual Studio VB-TSQL buffer overflow
Risk Factor: Low
Attack Type: Network Based
Platforms Affected: Windows 2000 All versions, Microsoft Visual Studio 6.0
Enterprise Ed., Windows NT All versions
Vulnerability: visual-studio-vbtsql-bo
X-Force URL: http://xforce.iss.net/static/6288.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer deliver buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-deliver-bo
X-Force URL: http://xforce.iss.net/static/6302.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpadmin buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpadmin-bo
X-Force URL: http://xforce.iss.net/static/6291.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpforms buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpforms-bo
X-Force URL: http://xforce.iss.net/static/6293.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpshut buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpshut-bo
X-Force URL: http://xforce.iss.net/static/6290.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer lpusers buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-lpusers-bo
X-Force URL: http://xforce.iss.net/static/6292.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer recon buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-recon-bo
X-Force URL: http://xforce.iss.net/static/6289.php
Date Reported: 03/27/2001
Brief Description: SCO OpenServer sendmail buffer overflow
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: SCO OpenServer 5.0.6
Vulnerability: sco-openserver-sendmail-bo
X-Force URL: http://xforce.iss.net/static/6303.php
Date Reported: 03/28/2001
Brief Description: Inframail POST command denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Windows All versions, Inframail 3.97a and earlier, Linux All
versions
Vulnerability: inframail-post-dos
X-Force URL: http://xforce.iss.net/static/6297.php
Date Reported: 03/28/2001
Brief Description: Cisco VPN 3000 Concentrators Telnet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: Cisco VPN 3000 Concentrators prior to 3.0.00
Vulnerability: cisco-vpn-telnet-dos
X-Force URL: http://xforce.iss.net/static/6298.php
Date Reported: 03/28/2001
Brief Description: WebSite Professional remote manager service denial of
service
Risk Factor: Medium
Attack Type: Network Based
Platforms Affected: O'Reilly WebSite Pro 3.0.37
Vulnerability: website-pro-remote-dos
X-Force URL: http://xforce.iss.net/static/6295.php
Date Reported: 03/28/2001
Brief Description: Windows Me and Plus! 98 could allow the recovery of
Compressed Folder passwords
Risk Factor: Medium
Attack Type: Host Based
Platforms Affected: Windows 98 All versions, Windows 98 Second Edition, Windows
ME All versions
Vulnerability: win-compressed-password-recovery
X-Force URL: http://xforce.iss.net/static/6294.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
Internet Security Systems is the leading global provider of security
management solutions for the Internet, protecting digital assets and
ensuring safe and uninterrupted e-business. With its industry-leading
intrusion detection and vulnerability assessment, remote managed security
services, and strategic consulting and education offerings, ISS is a
trusted security provider to more than 8,000 customers worldwide including
21 of the 25 largest U.S. commercial banks and the top 10 U.S.
telecommunications companies. Founded in 1994, ISS is headquartered in
Atlanta, GA, with additional offices throughout North America and
international operations in Asia, Australia, Europe, Latin America and the
Middle East. For more information, visit the Internet Security Systems web
site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOszkuDRfJiV99eG9AQFlewP8C6v84pW6UR171S6OThwkg/P7ylXIMY3P
jO+w8ohAvbsa90iLFMlGo6YY0pIKSwlacQErryVFfVcRLQ1gIQhBxoIQlwrNkB6m
XWnhroR/R7rzatML9cnHzpQKUK7Hax3LSxdxZQQwIDISxBZ4aeOTQwD+seuIos8t
8PVD8c9UO3g=
=1xgg
-----END PGP SIGNATURE-----
| VAR-200106-0024 | CVE-2001-0146 | Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. A vulnerability that affects Microsoft IIS 5.0 and Exchange 2000 allows an intruder to disrupt IIS web services and web-based mail services served via an Exchange server. Microsoft Exchange is subject to a denial of service condition due to the handling of web client requests. If an authenticated user requests a specially crafted URL multiple times to the host running Exchange, the web based mail service could stop responding. A restart of the service is required in order to gain normal functionality. Update: Microsoft IIS 5.0 suffers from a similar issue
| VAR-200102-0115 | CVE-2001-1434 | IOS CVE-2001-1434 Remote Security Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read its configuration, creating an information leak. IOS is prone to a remote security vulnerability
| VAR-200102-0117 | CVE-2004-1776 | Cisco IOS/X12-X15 has default SNMP read/write string of "cable-docsis" |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both. IOS is prone to a remote security vulnerability. Cisco IOS 12.1(3) and 12.1(3)T vulnerabilities
| VAR-200108-0111 | CVE-2001-0711 | Cisco IOS ILMI SNMP Community String Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. There is a vulnerability in the remote management architecture for Asynchronous Transfer Mode (ATM) networking devices that permits unauthorized access to configuration information. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both. IOS is the operating system designed for various Cisco devices. It is maintained and distributed by Cisco systems.
A problem in the versions of IOS 11.x and 12.0 could allow unauthorized access to certain configuration variables within a Cisco device. The ILMI SNMP Community string allows read and write access to system objects in the MIB-II community group. These configuration parameters do not affect the normal operation of the device, although if changed, can cause confusion or lead to a social engineering attack.
It is possible for a malicious remote user to change configuration objects within the MIB-II Community, and rename the system, change the location name in the system, and/or the contact information for the system. This vulnerability affects only certain devices. There is a loophole in the SNMP implementation of IOS 11.x to 12.0 software, and remote attackers may use this loophole to obtain illegal access to the system
| VAR-200111-0015 | CVE-2001-0911 | PHP-Nuke Cookie Fragile encryption mechanism vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site.
When a user authenticates to a PHP-Nuke based page, a cookie is created which includes that user's account name and password. This password is encoded using Base 64 encoding, and can be immediately decoded by anyone with access to the cookies contents. This, an attacker able to gain access to this cookie may trivially learn the user's account name and password, and compromise that account.
Older versions of PHP-Nuke may also be vulnerable. PostNuke 0.6.4(and possibly earlier versions) is also vulnerable. PHP Nuke uses a global variable named '$user'. It is normally retrieved from a cookie, but can be supplied in a URL. This value contains uuencoded values for the user information and the user's password hash.
These values are decoded on the server and used in various SQL queries during the execution of PHP Nuke scripts.
Several variables used in this query contain user-supplied input. These values may be injected into a uuencoded $user variable passed in a URL.
Attackers may modify the query so that its logic forces retrieval of sensitive information associated with arbitrary users. This could be accomplished if the attacker has a valid username.
If exploited, the attacker will have gained the encrypted password and user information of the target user.
The password could then be brute-forced, allowing further compromises of security on the affected host, including arbitrary file access and remote command execution as the webserver process. There is a security issue in this CGI program, which may lead to the disclosure of sensitive information
| VAR-200102-0075 | CVE-2001-0039 | IBM AIX setclock buffer overflow in remote timeserver argument |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. There is a vulnerability in IPSwitch IMail version 6.0.5. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
| VAR-200102-0077 | CVE-2001-0041 |
IBM AIX setclock buffer overflow in remote timeserver argument
Related entries in the VARIoT exploits database: VAR-E-200012-0075 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
| VAR-200102-0027 | CVE-2001-0055 | IBM AIX setclock buffer overflow in remote timeserver argument |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Broadband Operating System is prone to a denial-of-service vulnerability. CBOS 2.4.1 and earlier versions of the Cisco 600 router are vulnerable. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
| VAR-200102-0029 | CVE-2001-0057 | IBM AIX setclock buffer overflow in remote timeserver argument |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Broadband Operating System is prone to a denial-of-service vulnerability. The vulnerability exists in Cisco 600 routers running CBOS 2.4.1 and earlier versions. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
| VAR-200102-0030 | CVE-2001-0058 | IBM AIX setclock buffer overflow in remote timeserver argument |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
| VAR-200105-0067 | CVE-2001-0321 | PHP-Nuke opendir.php Remote directory traversal vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. PHP-Nuke is prone to a remote security vulnerability. PHP-Nuke is a popular website development and management tool. PHP-Nuke's opendir.php script implementation has an input validation vulnerability. < *Link: http://www.iss.net/security_center/static/6512.php* >
| VAR-200102-0104 | CVE-2001-0102 | IBM AIX setclock buffer overflow in remote timeserver argument |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Apple Mac OS is prone to a local security vulnerability. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"