VARIoT IoT vulnerabilities database
| VAR-200109-0083 | CVE-2001-0684 | Netscape Collabra Malformed Data DoS Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. Collabra is a discussion server from Netscape.
A version of Collabra is vulnerable to a resource consumption attack.
Invalid input subitted repeatedly to port 5239 at small intervals will result in the consumption of available CPU cycles, impacting the Collabra server process and other applications running on the affected host. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200108-0130 | CVE-2001-0606 | HP-UX 11.04 (VVOS) Virtual Vault/IPlanet Web Server DoS Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A vulnerability exists in the IPlanet Web Server(iWS) Enterprise Edition 4.x packaged, which is embedded in Virtual Vault 4.0 on HP-UX 11.04 (VVOS) systems.
The vulnerable software is prone to an error which may cause a denial of service when handling HTTPS requests. It may be possible for this condition to be exploited by a remote attacker.
Netscape Enterprise versions 3.x are not affected by this issue.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200108-0070 | CVE-2001-0560 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. Vixie Cron is prone to a local security vulnerability.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0030 | CVE-2001-0156 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A valid user with an understanding of the internal addressing scheme in a network, could connect to any service desired.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0032 | CVE-2001-0230 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. FreeBSD is prone to a local security vulnerability.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0021 | CVE-2001-0221 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0022 | CVE-2001-0224 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. Making an invalid request to a machine running Brightstation Muscat, will disclose the physical path to the root directory. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0019 | CVE-2001-0217 | MnSCU/PALS WebPALS Remote Command Execution Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0018 | CVE-2001-0216 | MnSCU/PALS WebPALS Remote Command Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0017 | CVE-2001-0215 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A remote user could gain read access to known files outside of the root directory where Martin Hamilton ROADS resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose the requested file.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200106-0010 | CVE-2001-0204 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. Submitting multiple maliciously crafted packets to the PPTP services via a telnet connection, will cause the consumption of all available system resources.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0085 | CVE-2001-0280 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0079 | CVE-2001-0274 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0078 | CVE-2001-0273 | PGP4pine Encryption Failure Vulnerability |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0081 | CVE-2001-0276 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0064 | CVE-2001-0317 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 3.7 CVSS V3: - Severity: LOW |
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0065 | CVE-2001-0319 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. IBM's Net.Commerce ecommerce platform supports macros which, by default, do not properly validate requests in user-supplied input. A thoughtfully-formed request to a vulnerable script can cause the server to disclose sensitive system information, including results of arbitrary queries to the Net.Commerce database. This can allow an attacker to obtain an elevation of privileges to that of the DB2INST1 account, and potentially issue arbitrary shell commands as the DB2INST1 user.
IBM fixed the vulnerable macros they ship with the product in Net.Commerce Versions 3.2 and WebSphere Commerce Suite 4.1. Custom macros created by the user may be vulnerable to this type of attack. WebSphere Commerce Suite Version 5.1 is not vulnerable at all as it does not use Net.Data macros.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0055 | CVE-2001-0301 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. Analog is a freely available log analysis tool that provides advanced features. It was originally written by Stephen Turner.
As designed, the software makes it possible for a user to remotely access network statistics using cgi scripts and HTTP FORM methods. When queried, the cgi accesses analog, and outputs statistics to a web page. Due to a buffer overflow in analog, and improper checking of input by the cgi program, it is possible for a user to supply a long ALIAS field to the analog program, which will result in a buffer overflow.
The problem makes it possible for a malicious user to remotely execute arbitrary code, and execute commands with privileges equal to the httpd process. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0011 | CVE-2001-0199 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. Requesting a specially crafted URL composed of '../' or '.../' sequences will disclose the requested file. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----
| VAR-200105-0008 | CVE-2001-0194 | Multiple Cisco products consume excessive CPU resources in response to large SSH packets |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value).
As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory.
**UPDATE**:
There have been reports suggesting that exploitation of this vulnerability may be widespread.
Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available.
NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable.
Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH.
** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default.
Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur.
Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. CUPS is prone to a remote security vulnerability.
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to
verify the PGP signature on the Security Alert Summary distributed earlier
in the week. Due to this issue, X-Force is re-distributing the Security
Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary
March 5, 2001
Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries as well as other Alerts and Advisories,
subscribe to the Internet Security Systems Alert mailing list at:
http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
_____
Contents
90 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 2/27/01
Vulnerability: a1-server-dos
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server denial of service
X-Force URL: http://xforce.iss.net/static/6161.php
_____
Date Reported: 2/27/01
Vulnerability: a1-server-directory-traversal
Platforms Affected: A1 Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: A1 Server directory traversal
X-Force URL: http://xforce.iss.net/static/6162.php
_____
Date Reported: 2/27/01
Vulnerability: webreflex-web-server-dos
Platforms Affected: WebReflex
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebReflex Web server denial of service
X-Force URL: http://xforce.iss.net/static/6163.php
_____
Date Reported: 2/26/01
Vulnerability: sudo-bo-elevate-privileges
Platforms Affected: Sudo
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Sudo buffer overflow could allow elevated user privileges
X-Force URL: http://xforce.iss.net/static/6153.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-skin-overwrite-file
Platforms Affected: My GetRight
Risk Factor: High
Attack Type: Network Based
Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files
X-Force URL: http://xforce.iss.net/static/6155.php
_____
Date Reported: 2/26/01
Vulnerability: mygetright-directory-traversal
Platforms Affected: My GetRight
Risk Factor: Medium
Attack Type: Network Based
Brief Description: My GetRight directory traversal
X-Force URL: http://xforce.iss.net/static/6156.php
_____
Date Reported: 2/26/01
Vulnerability: win2k-event-viewer-bo
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Host Based
Brief Description: Windows 2000 event viewer buffer overflow
X-Force URL: http://xforce.iss.net/static/6160.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-cpu-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra CPU denial of service
X-Force URL: http://xforce.iss.net/static/6159.php
_____
Date Reported: 2/26/01
Vulnerability: netscape-collabra-kernel-dos
Platforms Affected: Netscape
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netscape Collabra Server kernel denial of service
X-Force URL: http://xforce.iss.net/static/6158.php
_____
Date Reported: 2/23/01
Vulnerability: mercur-expn-bo
Platforms Affected: MERCUR
Risk Factor: High
Attack Type: Network Based
Brief Description: MERCUR Mailserver EXPN buffer overflow
X-Force URL: http://xforce.iss.net/static/6149.php
_____
Date Reported: 2/23/01
Vulnerability: sedum-http-dos
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP server denial of service
X-Force URL: http://xforce.iss.net/static/6152.php
_____
Date Reported: 2/23/01
Vulnerability: tru64-inetd-dos
Platforms Affected: Tru64
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Tru64 UNIX inetd denial of service
X-Force URL: http://xforce.iss.net/static/6157.php
_____
Date Reported: 2/22/01
Vulnerability: outlook-vcard-bo
Platforms Affected: Microsoft Outlook
Risk Factor: High
Attack Type: Host Based
Brief Description: Outlook and Outlook Express vCards buffer overflow
X-Force URL: http://xforce.iss.net/static/6145.php
_____
Date Reported: 2/22/01
Vulnerability: ultimatebb-cookie-member-number
Platforms Affected: Ultimate Bulletin Board
Risk Factor: High
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number
X-Force URL: http://xforce.iss.net/static/6144.php
_____
Date Reported: 2/21/01
Vulnerability: ultimatebb-cookie-gain-privileges
Platforms Affected: Ultimate Bulletin Board
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information
X-Force URL: http://xforce.iss.net/static/6142.php
_____
Date Reported: 2/21/01
Vulnerability: sendmail-elevate-privileges
Platforms Affected: Sendmail
Risk Factor: High
Attack Type: Host Based
Brief Description: Sendmail -bt command could allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6147.php
_____
Date Reported: 2/21/01
Vulnerability: jre-jdk-execute-commands
Platforms Affected: JRE/JDK
Risk Factor: High
Attack Type: Host Based
Brief Description: JRE/JDK could allow unauthorized execution of commands
X-Force URL: http://xforce.iss.net/static/6143.php
_____
Date Reported: 2/20/01
Vulnerability: licq-remote-port-dos
Platforms Affected: LICQ
Risk Factor: Medium
Attack Type: Network Based
Brief Description: LICQ remote denial of service
X-Force URL: http://xforce.iss.net/static/6134.php
_____
Date Reported: 2/20/01
Vulnerability: pgp4pine-expired-keys
Platforms Affected: pgp4pine
Risk Factor: Medium
Attack Type: Host Based
Brief Description: pgp4pine may transmit messages using expired public keys
X-Force URL: http://xforce.iss.net/static/6135.php
_____
Date Reported: 2/20/01
Vulnerability: chilisoft-asp-view-files
Platforms Affected: Chili!Soft ASP
Risk Factor: High
Attack Type: Network Based
Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information
X-Force URL: http://xforce.iss.net/static/6137.php
_____
Date Reported: 2/20/01
Vulnerability: win2k-domain-controller-dos
Platforms Affected: Windows 2000
Risk Factor: once-only
Attack Type: Network/Host Based
Brief Description: Windows 2000 domain controller denial of service
X-Force URL: http://xforce.iss.net/static/6136.php
_____
Date Reported: 2/19/01
Vulnerability: asx-remote-dos
Platforms Affected: ASX Switches
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ASX switches allow remote denial of service
X-Force URL: http://xforce.iss.net/static/6133.php
_____
Date Reported: 2/18/01
Vulnerability: http-cgi-mailnews-username
Platforms Affected: Mailnews.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username
X-Force URL: http://xforce.iss.net/static/6139.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-reveal-path
Platforms Affected: BadBlue
Risk Factor: Low
Attack Type: Network Based
Brief Description: BadBlue ext.dll library reveals path
X-Force URL: http://xforce.iss.net/static/6130.php
_____
Date Reported: 2/17/01
Vulnerability: badblue-ext-dos
Platforms Affected: BadBlue
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BadBlue ext.dll library denial of service
X-Force URL: http://xforce.iss.net/static/6131.php
_____
Date Reported: 2/17/01
Vulnerability: moby-netsuite-bo
Platforms Affected: Moby's NetSuite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Moby's NetSuite Web server buffer overflow
X-Force URL: http://xforce.iss.net/static/6132.php
_____
Date Reported: 2/16/01
Vulnerability: webactive-directory-traversal
Platforms Affected: WEBactive
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: WEBactive HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6121.php
_____
Date Reported: 2/16/01
Vulnerability: esone-cgi-directory-traversal
Platforms Affected: ES.One store.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Thinking Arts ES.One store.cgi directory traversal
X-Force URL: http://xforce.iss.net/static/6124.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-username-bo
Platforms Affected: VShell
Risk Factor: High
Attack Type: Network Based
Brief Description: VShell username buffer overflow
X-Force URL: http://xforce.iss.net/static/6146.php
_____
Date Reported: 2/16/01
Vulnerability: vshell-port-forwarding-rule
Platforms Affected: VShell
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: VShell uses weak port forwarding rule
X-Force URL: http://xforce.iss.net/static/6148.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-isapi-bo
Platforms Affected: Pi3Web
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Pi3Web ISAPI tstisapi.dll denial of service
X-Force URL: http://xforce.iss.net/static/6113.php
_____
Date Reported: 2/15/01
Vulnerability: pi3web-reveal-path
Platforms Affected: Pi3Web
Risk Factor: Low
Attack Type: Network Based
Brief Description: Pi3Web reveals physical path of server
X-Force URL: http://xforce.iss.net/static/6114.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-execute-shell
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer execute shell commands
X-Force URL: http://xforce.iss.net/static/6117.php
_____
Date Reported: 2/15/01
Vulnerability: bajie-directory-traversal
Platforms Affected: Bajie HTTP JServer
Risk Factor: High
Attack Type: Network Based
Brief Description: Bajie HTTP JServer directory traversal
X-Force URL: http://xforce.iss.net/static/6115.php
_____
Date Reported: 2/15/01
Vulnerability: resin-directory-traversal
Platforms Affected: Resin
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Resin Web server directory traversal
X-Force URL: http://xforce.iss.net/static/6118.php
_____
Date Reported: 2/15/01
Vulnerability: netware-mitm-recover-passwords
Platforms Affected: Netware
Risk Factor: Low
Attack Type: Network Based
Brief Description: Netware "man in the middle" attack password recovery
X-Force URL: http://xforce.iss.net/static/6116.php
_____
Date Reported: 2/14/01
Vulnerability: firebox-pptp-dos
Platforms Affected: WatchGuard Firebox II
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard Firebox II PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6109.php
_____
Date Reported: 2/14/01
Vulnerability: hp-virtualvault-iws-dos
Platforms Affected: HP VirtualVault
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HP VirtualVault iPlanet Web Server denial of service
X-Force URL: http://xforce.iss.net/static/6110.php
_____
Date Reported: 2/14/01
Vulnerability: kicq-execute-commands
Platforms Affected: KICQ
Risk Factor: High
Attack Type: Network Based
Brief Description: kicq could allow remote execution of commands
X-Force URL: http://xforce.iss.net/static/6112.php
_____
Date Reported: 2/14/01
Vulnerability: hp-text-editor-bo
Platforms Affected: HPUX
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP Text editors buffer overflow
X-Force URL: http://xforce.iss.net/static/6111.php
_____
Date Reported: 2/13/01
Vulnerability: sendtemp-pl-read-files
Platforms Affected: sendtemp.pl
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: sendtemp.pl could allow an attacker to read files on the server
X-Force URL: http://xforce.iss.net/static/6104.php
_____
Date Reported: 2/13/01
Vulnerability: analog-alias-bo
Platforms Affected: Analog ALIAS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Analog ALIAS command buffer overflow
X-Force URL: http://xforce.iss.net/static/6105.php
_____
Date Reported: 2/13/01
Vulnerability: elm-long-string-bo
Platforms Affected: Elm
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ELM -f command long string buffer overflow
X-Force URL: http://xforce.iss.net/static/6151.php
_____
Date Reported: 2/13/01
Vulnerability: winnt-pptp-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Windows NT PPTP denial of service
X-Force URL: http://xforce.iss.net/static/6103.php
_____
Date Reported: 2/12/01
Vulnerability: startinnfeed-format-string
Platforms Affected: Inn
Risk Factor: High
Attack Type: Host Based
Brief Description: Inn 'startinnfeed' binary format string attack
X-Force URL: http://xforce.iss.net/static/6099.php
_____
Date Reported: 2/12/01
Vulnerability: his-auktion-cgi-url
Platforms Affected: HIS Auktion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized
files or execute commands
X-Force URL: http://xforce.iss.net/static/6090.php
_____
Date Reported: 2/12/01
Vulnerability: wayboard-cgi-view-files
Platforms Affected: Way-BOARD
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6091.php
_____
Date Reported: 2/12/01
Vulnerability: muskat-empower-url-dir
Platforms Affected: Musket Empower
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Musket Empower could allow attackers to gain access to the DB directory path
X-Force URL: http://xforce.iss.net/static/6093.php
_____
Date Reported: 2/12/01
Vulnerability: icq-icu-rtf-dos
Platforms Affected: LICQ
Gnome ICU
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: LICQ and Gnome ICU rtf file denial of service
X-Force URL: http://xforce.iss.net/static/6096.php
_____
Date Reported: 2/12/01
Vulnerability: commerce-cgi-view-files
Platforms Affected: Commerce.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Commerce.cgi could allow attackers to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6095.php
_____
Date Reported: 2/12/01
Vulnerability: roads-search-view-files
Platforms Affected: ROADS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program
X-Force URL: http://xforce.iss.net/static/6097.php
_____
Date Reported: 2/12/01
Vulnerability: webpage-cgi-view-info
Platforms Affected: WebPage.cgi
Risk Factor: Low
Attack Type: Network Based
Brief Description: WebPage.cgi allows attackers to view sensitive information
X-Force URL: http://xforce.iss.net/static/6100.php
_____
Date Reported: 2/12/01
Vulnerability: webspirs-cgi-view-files
Platforms Affected: WebSPIRS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files
X-Force URL: http://xforce.iss.net/static/6101.php
_____
Date Reported: 2/12/01
Vulnerability: webpals-library-cgi-url
Platforms Affected: WebPALS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WebPALS Library System CGI script could allow attackers to view
unauthorized files or execute commands
X-Force URL: http://xforce.iss.net/static/6102.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-permissions
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions
X-Force URL: http://xforce.iss.net/static/6092.php
_____
Date Reported: 2/11/01
Vulnerability: cobol-apptrack-nolicense-symlink
Platforms Affected: MicroFocus Cobol
Risk Factor: High
Attack Type: Host Based
Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense
X-Force URL: http://xforce.iss.net/static/6094.php
_____
Date Reported: 2/10/01
Vulnerability: vixie-crontab-bo
Platforms Affected: Vixie crontab
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Vixie crontab buffer overflow
X-Force URL: http://xforce.iss.net/static/6098.php
_____
Date Reported: 2/10/01
Vulnerability: novell-groupwise-bypass-policies
Platforms Affected: Novell GroupWise
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Novell Groupwise allows user to bypass policies and view files
X-Force URL: http://xforce.iss.net/static/6089.php
_____
Date Reported: 2/9/01
Vulnerability: infobot-calc-gain-access
Platforms Affected: Infobot
Risk Factor: High
Attack Type: Network Based
Brief Description: Infobot 'calc' command allows remote users to gain access
X-Force URL: http://xforce.iss.net/static/6078.php
_____
Date Reported: 2/8/01
Vulnerability: linux-sysctl-read-memory
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux kernel sysctl() read memory
X-Force URL: http://xforce.iss.net/static/6079.php
_____
Date Reported: 2/8/01
Vulnerability: openssh-bypass-authentication
Platforms Affected: OpenSSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication
X-Force URL: http://xforce.iss.net/static/6084.php
_____
Date Reported: 2/8/01
Vulnerability: lotus-notes-stored-forms
Platforms Affected: Lotus Notes
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Lotus Notes stored forms
X-Force URL: http://xforce.iss.net/static/6087.php
_____
Date Reported: 2/8/01
Vulnerability: linux-ptrace-modify-process
Platforms Affected: Linux
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux kernel ptrace modify process
X-Force URL: http://xforce.iss.net/static/6080.php
_____
Date Reported: 2/8/01
Vulnerability: ssh-deattack-overwrite-memory
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten
X-Force URL: http://xforce.iss.net/static/6083.php
_____
Date Reported: 2/7/01
Vulnerability: dc20ctrl-port-bo
Platforms Affected: FreeBSD
Risk Factor: Medium
Attack Type: Host Based
Brief Description: FreeBSD dc20ctrl port buffer overflow
X-Force URL: http://xforce.iss.net/static/6077.php
_____
Date Reported: 2/7/01
Vulnerability: ja-xklock-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: ja-xklock buffer overflow
X-Force URL: http://xforce.iss.net/static/6073.php
_____
Date Reported: 2/7/01
Vulnerability: ja-elvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ja-elvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6074.php
_____
Date Reported: 2/7/01
Vulnerability: ko-helvis-elvrec-bo
Platforms Affected: FreeBSD
Risk Factor: High
Attack Type: Host Based
Brief Description: FreeBSD ko-helvis port buffer overflow
X-Force URL: http://xforce.iss.net/static/6075.php
_____
Date Reported: 2/7/01
Vulnerability: serverworx-directory-traversal
Platforms Affected: ServerWorx
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ServerWorx directory traversal
X-Force URL: http://xforce.iss.net/static/6081.php
_____
Date Reported: 2/7/01
Vulnerability: ntlm-ssp-elevate-privileges
Platforms Affected: NTLM
Risk Factor: High
Attack Type: Host Based
Brief Description: NTLM Security Support Provider could allow elevation of privileges
X-Force URL: http://xforce.iss.net/static/6076.php
_____
Date Reported: 2/7/01
Vulnerability: ssh-session-key-recovery
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH protocol 1.5 session key recovery
X-Force URL: http://xforce.iss.net/static/6082.php
_____
Date Reported: 2/6/01
Vulnerability: aolserver-directory-traversal
Platforms Affected: AOLserver
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOLserver directory traversal
X-Force URL: http://xforce.iss.net/static/6069.php
_____
Date Reported: 2/6/01
Vulnerability: chilisoft-asp-elevate-privileges
Platforms Affected: Chili!Soft
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Chili!Soft ASP could allow elevated privileges
X-Force URL: http://xforce.iss.net/static/6072.php
_____
Date Reported: 2/6/01
Vulnerability: win-udp-dos
Platforms Affected: Windows
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows UDP socket denial of service
X-Force URL: http://xforce.iss.net/static/6070.php
_____
Date Reported: 2/5/01
Vulnerability: ssh-daemon-failed-login
Platforms Affected: SSH
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SSH daemon failed login attempts are not logged
X-Force URL: http://xforce.iss.net/static/6071.php
_____
Date Reported: 2/5/01
Vulnerability: picserver-directory-traversal
Platforms Affected: PicServer
Risk Factor: Medium
Attack Type: Network Based
Brief Description: PicServer directory traversal
X-Force URL: http://xforce.iss.net/static/6065.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-directory-traversal
Platforms Affected: BiblioWeb
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BiblioWeb Server directory traversal
X-Force URL: http://xforce.iss.net/static/6066.php
_____
Date Reported: 2/5/01
Vulnerability: biblioweb-get-dos
Platforms Affected: BiblioWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: BiblioWeb Server GET request denial of service
X-Force URL: http://xforce.iss.net/static/6068.php
_____
Date Reported: 2/5/01
Vulnerability: ibm-netcommerce-reveal-information
Platforms Affected: IBM
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM Net.Commerce could reveal sensitive information
X-Force URL: http://xforce.iss.net/static/6067.php
_____
Date Reported: 2/5/01
Vulnerability: win-dde-elevate-privileges
Platforms Affected: Windows DDE
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows DDE can allow the elevation of privileges
X-Force URL: http://xforce.iss.net/static/6062.php
_____
Date Reported: 2/4/01
Vulnerability: hsweb-directory-browsing
Platforms Affected: HSWeb
Risk Factor: Low
Attack Type: Network Based
Brief Description: HSWeb Web Server allows attacker to browse directories
X-Force URL: http://xforce.iss.net/static/6061.php
_____
Date Reported: 2/4/01
Vulnerability: sedum-directory-traversal
Platforms Affected: SEDUM
Risk Factor: Medium
Attack Type: Network Based
Brief Description: SEDUM HTTP Server directory traversal
X-Force URL: http://xforce.iss.net/static/6063.php
_____
Date Reported: 2/4/01
Vulnerability: free-java-directory-traversal
Platforms Affected: Free Java
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Free Java Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6064.php
_____
Date Reported: 2/2/01
Vulnerability: goahead-directory-traversal
Platforms Affected: GoAhead
Risk Factor: High
Attack Type: Network Based
Brief Description: GoAhead Web Server directory traversal
X-Force URL: http://xforce.iss.net/static/6046.php
_____
Date Reported: 2/2/01
Vulnerability: gnuserv-tcp-cookie-overflow
Platforms Affected: Gnuserv
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Gnuserv TCP enabled cookie buffer overflow
X-Force URL: http://xforce.iss.net/static/6056.php
_____
Date Reported: 2/2/01
Vulnerability: xmail-ctrlserver-bo
Platforms Affected: Xmail CTRLServer
Risk Factor: High
Attack Type: Network Based
Brief Description: XMail CTRLServer buffer overflow
X-Force URL: http://xforce.iss.net/static/6060.php
_____
Date Reported: 2/2/01
Vulnerability: netscape-webpublisher-acl-permissions
Platforms Affected: Netscape Web Publisher
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Netcape Web Publisher poor ACL permissions
X-Force URL: http://xforce.iss.net/static/6058.php
_____
Date Reported: 2/1/01
Vulnerability: cups-httpgets-dos
Platforms Affected: CUPS
Risk Factor: High
Attack Type: Host Based
Brief Description: CUPS httpGets() function denial of service
X-Force URL: http://xforce.iss.net/static/6043.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-get-pin
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero GET request reveals PIN information
X-Force URL: http://xforce.iss.net/static/6044.php
_____
Date Reported: 2/1/01
Vulnerability: prospero-weak-permissions
Platforms Affected: Prospero
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Prospero uses weak permissions
X-Force URL: http://xforce.iss.net/static/6045.php
_____
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
________
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services and industry-leading
expertise, ISS serves as its customers' trusted security provider
protecting digital assets and ensuring the availability, confidentiality and
integrity of computer systems and information critical to e-business
success. ISS' security management solutions protect more than 5,000
customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10
largest telecommunications companies and over 35 government agencies.
Founded in 1994, ISS is headquartered in Atlanta, GA, with additional
offices throughout North America and international operations in Asia,
Australia, Europe and Latin America. For more information, visit the ISS Web
site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this Alert
in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV
1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA
h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B
tT+ylKw4hn4=
=kfHg
-----END PGP SIGNATURE-----