ID

VAR-200412-1185

CVE

CVE-2004-1790

TITLE

Edimax AR-6004 ADSL Router Management Interface Cross-Site Scripting Vulnerability

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

XSS

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES

CREDITS

Discovery is credited to Rafel Ivgi.

SOURCES

LAST UPDATE DATE

2024-08-14T12:59:27.897000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE