ID

VAR-200102-0021


CVE

CVE-2001-0049


TITLE

IBM AIX setclock buffer overflow in remote timeserver argument

Trust: 0.8

sources: CERT/CC: VU#739201

DESCRIPTION

WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. The SOHO 2.2 is a popular SOHO firewall by Watchguard Technologies Inc. In the case of a reboot, the firewall will be in-operable for one to five minutes. If the firewall shuts down completely, it will require a power recycle. In the case of a sustained attack, the firewall can be permanently taken off-line. It should be noted that this attack does not appear in the firewall logs except for a reboot notification. Vulnerabilities exist in WatchGuard SOHO FireWall 2.2.1 and earlier versions. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability By Sowhat of Nevis Labs Date: 2006.04.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx CVE: CVE-2006-1189 Vendor Microsoft Inc. Products affected: Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and Microsoft Windows XP Service Pack 1 Internet Explorer 6 for Microsoft Windows XP Service Pack 2 Internet Explorer 6 for Microsoft Windows Server 2003 Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft Windows Millennium Edition This vulnerability affects systems that use Double-Byte Character Sets. Systems that are affected are Windows language versions that use a Double Byte Character Set language. Examples of languages that use DBCS are Chinese, Japanese, and Korean languages. Customers using other language versions of Windows might also be affected if "Language for non-Unicode programs" has been set to a Double Byte Character Set language. Overview: There exists a buffer overflow in Microsoft Internet Explorer in the parsing of DBCS URLS. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message. This attack may be utilized wherever IE parses HTML, such as webpages, email, newsgroups, and within applications utilizing web-browsing functionality. Details: URLMON.DLL does not properly validate IDN containing double-byte character sets (DBCS), which may lead to remote code execution. Exploiting this vulnerability seems to need a lot of more work but we believe that exploitation is possible. POC: No PoC will be released for this. FIX: Microsoft has released an update for Internet Explorer which is set to address this issue. This can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx Vendor Response: 2005.12.29 Vendor notified via secure@microsoft.com 2005.12.29 Vendor responded 2006.04.11 Vendor released MS06-0xx patch 2006.04.11 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-1189 Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys, all XFocus and 0x557 guys :) References: 1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx 2. http://www.nsfocus.com/english/homepage/research/0008.htm 3. http://xforce.iss.net/xforce/xfdb/5729 4. http://www.securityfocus.com/bid/2100/discuss 5. http://www.inter-locale.com/whitepaper/IUC27-a303.html 6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx 7. [Mozilla Firefox IDN "Host:" Buffer Overflow] http://www.security-protocols.com/advisory/sp-x17-advisory.txt 8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow] http://www.security-protocols.com/advisory/sp-x18-advisory.txt 9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com /research/devnotes/1995/may/02/05.htm -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"

Trust: 4.23

sources: NVD: CVE-2001-0049 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // BID: 2082 // VULHUB: VHN-2871 // PACKETSTORM: 45442

AFFECTED PRODUCTS

vendor:ibmmodel: - scope: - version: -

Trust: 2.4

vendor:watchguardmodel:soho firewallscope:lteversion:2.2.1

Trust: 1.0

vendor:watchguardmodel:soho firewallscope:eqversion:2.2.1

Trust: 0.6

vendor:watchguardmodel:sohoscope:eqversion:2.2

Trust: 0.3

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#886953 // BID: 2082 // CNNVD: CNNVD-200102-097 // NVD: CVE-2001-0049

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0049
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#739201
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#808633
value: 5.36

Trust: 0.8

CARNEGIE MELLON: VU#872257
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#886953
value: 15.19

Trust: 0.8

CNNVD: CNNVD-200102-097
value: MEDIUM

Trust: 0.6

VULHUB: VHN-2871
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0049
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2871
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2871 // CNNVD: CNNVD-200102-097 // NVD: CVE-2001-0049

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0049

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 45442 // CNNVD: CNNVD-200102-097

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200102-097

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-2871

EXTERNAL IDS

db:BIDid:2082

Trust: 2.0

db:NVDid:CVE-2001-0049

Trust: 2.0

db:BIDid:2035

Trust: 0.8

db:XFid:5618

Trust: 0.8

db:CERT/CCid:VU#739201

Trust: 0.8

db:BIDid:2033

Trust: 0.8

db:XFid:5620

Trust: 0.8

db:CERT/CCid:VU#808633

Trust: 0.8

db:BIDid:2034

Trust: 0.8

db:XFid:5619

Trust: 0.8

db:CERT/CCid:VU#872257

Trust: 0.8

db:BIDid:2032

Trust: 0.8

db:XFid:5621

Trust: 0.8

db:CERT/CCid:VU#886953

Trust: 0.8

db:CNNVDid:CNNVD-200102-097

Trust: 0.7

db:BUGTRAQid:20001207 WATCHGUARD SOHO V2.2.1 DOS

Trust: 0.6

db:XFid:5665

Trust: 0.6

db:SEEBUGid:SSVID-74362

Trust: 0.1

db:EXPLOIT-DBid:20487

Trust: 0.1

db:VULHUBid:VHN-2871

Trust: 0.1

db:XFid:5729

Trust: 0.1

db:BIDid:2100

Trust: 0.1

db:PACKETSTORMid:45442

Trust: 0.1

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2871 // BID: 2082 // PACKETSTORM: 45442 // CNNVD: CNNVD-200102-097 // NVD: CVE-2001-0049

REFERENCES

url:http://www.securityfocus.com/bid/2082

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2000-12/0079.html

Trust: 1.7

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin

Trust: 1.6

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08143

Trust: 1.6

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin

Trust: 1.6

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08287

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5665

Trust: 1.1

url:http://www.securityfocus.com/bid/2035

Trust: 0.8

url:http://xforce.iss.net/static/5618.php

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07831

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07790

Trust: 0.8

url:http://www.securityfocus.com/bid/2033

Trust: 0.8

url:http://xforce.iss.net/static/5620.php

Trust: 0.8

url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6

Trust: 0.8

url:http://www.securityfocus.com/bid/2034

Trust: 0.8

url:http://xforce.iss.net/static/5619.php

Trust: 0.8

url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f

Trust: 0.8

url:http://www.securityfocus.com/bid/2032

Trust: 0.8

url:http://xforce.iss.net/static/5621.php

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy10721

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08812

Trust: 0.8

url:http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit

Trust: 0.8

url:http://xforce.iss.net/static/5665.php

Trust: 0.6

url:http://www.inter-locale.com/whitepaper/iuc27-a303.html

Trust: 0.1

url:http://xforce.iss.net/xforce/xfdb/5729

Trust: 0.1

url:http://www.security-protocols.com/advisory/sp-x17-advisory.txt

Trust: 0.1

url:http://www.nsfocus.com/english/homepage/research/0008.htm

Trust: 0.1

url:http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx

Trust: 0.1

url:http://www.nevisnetworks.com

Trust: 0.1

url:http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx

Trust: 0.1

url:http://www.security-protocols.com/advisory/sp-x18-advisory.txt

Trust: 0.1

url:http://secway.org

Trust: 0.1

url:http://www.securityfocus.com/bid/2100/discuss

Trust: 0.1

url:http://secway.org/advisory/ad20060411.txt

Trust: 0.1

url:http://cve.mitre.org),

Trust: 0.1

url:http://72.14.203.104/search?q=cache:dxn-v4fil1ij:developer.novell.com

Trust: 0.1

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2871 // PACKETSTORM: 45442 // CNNVD: CNNVD-200102-097 // NVD: CVE-2001-0049

CREDITS

This vulnerability was first reported to Bugtraq on December 8, 2000 by Filip Maertens <filip@securax.be>.

Trust: 0.9

sources: BID: 2082 // CNNVD: CNNVD-200102-097

SOURCES

db:CERT/CCid:VU#739201
db:CERT/CCid:VU#808633
db:CERT/CCid:VU#872257
db:CERT/CCid:VU#886953
db:VULHUBid:VHN-2871
db:BIDid:2082
db:PACKETSTORMid:45442
db:CNNVDid:CNNVD-200102-097
db:NVDid:CVE-2001-0049

LAST UPDATE DATE

2024-11-27T21:11:08.920000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:VULHUBid:VHN-2871date:2017-12-19T00:00:00
db:BIDid:2082date:2009-07-11T03:56:00
db:CNNVDid:CNNVD-200102-097date:2005-10-20T00:00:00
db:NVDid:CVE-2001-0049date:2017-12-19T02:29:15.987

SOURCES RELEASE DATE

db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:VULHUBid:VHN-2871date:2001-02-16T00:00:00
db:BIDid:2082date:2000-12-08T00:00:00
db:PACKETSTORMid:45442date:2006-04-14T01:00:47
db:CNNVDid:CNNVD-200102-097date:2001-02-16T00:00:00
db:NVDid:CVE-2001-0049date:2001-02-16T05:00:00