VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Firewall Server is prone to a denial-of-service vulnerability. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. CPU There is a vulnerability that consumes a large amount of resources.System disrupts service operation (DoS) It may be in a state. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Firewall-1 is a firewall software package that provides many advanced features such as content filtering and network address translation. It is distributed by Check Point Software Technologies, and designed to run on various systems such as Sparc/Solaris or the Nokia Firewall Modules. A problem with the license manager used with the Firewall-1 package could allow a Denial of Service. The problem manifests itself when the internal interface receives a large number of packets that are source routed and containing ficticious (or even valid) addresses. With each error message generated, the load on the Firewall system CPU raises. Check Point Software has acknowledged this vulnerability and a workaround is available. For the workaround, see the solution section of this vulnerability database entry. This issue will be resolved in the next service pack. There is a vulnerability in FireWall-1 version 4.1 with limited-IP license. This vulnerability can cause console congestion warning messages and CPU resource consumption. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Under very specific circumstances, an attacker can cause the affected router to stop. By attempting to make a looped connection from the router's IP address back to the same address, the unit will crash. A manual restart is required to resume operation. An attack prevents user-disconnect logging and may help the attacker carry out further attacks on the affected host or other systems on its network. Netopia R9100 Router running firmware version 4.6 is vulnerable; subsequent (and current) versions are not vulnerable. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems. CSS switches allow users access to certain functions on the switch, while enforcing access control to prevent the reading and change of configuration on the switch. Due to a problem in the handling of input, it is possible for a user to gain information on the structure of the directory by executing commands requesting non-existent filenames. Once the structure of the directory is know, it is then possible to read files within the directory. This problem makes it possible for a malicious local user to map the directory tree, and read files that may contain sensitive information. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow. A maliciously-constructed web link statement in a remote HTML document, which contains excess data argumenting an EMBED tag, could permit execution of hostile code. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. A vulnerability exists in Microsoft Information Server (IIS) in which a crafted HTTP GET request may return the contents of a file on the affected server. A possible target of such a request might be a script that should only be executable (not readable) by unauthenticated remote users. The contents of such a file might contain sensitive information such as user credentials for access to a back-end database.This is a variation of the vulnerability discussed in VU#35085 and Microsoft Security Bulletin MS00-031 and more recently in VU#28565 and Microsoft Security Bulletin MS00-044. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. It is possible for a remote attacker to view segments of a requested file. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php _____ Contents 120 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php _____ Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php _____ Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php _____ Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php _____ Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php _____ Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php _____ Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php _____ Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php _____ Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php _____ Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php _____ Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php _____ Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php _____ Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php _____ Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php _____ Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php _____ Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php _____ Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php _____ Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php _____ Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php _____ Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php _____ Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php _____ Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php _____ Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php _____ Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php _____ Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php _____ Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php _____ Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php _____ Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php _____ Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php _____ Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php _____ Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php _____ Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php _____ Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php _____ Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php _____ Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php _____ Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php _____ Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php _____ Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php _____ Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php _____ Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php _____ Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php _____ Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php _____ Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php _____ Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php _____ Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php _____ Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php _____ Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php _____ Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php _____ Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php _____ Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php _____ Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php _____ Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php _____ Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p _____ Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php _____ Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php _____ Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php _____ Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php _____ Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php _____ Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php _____ Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php _____ Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php _____ Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php _____ Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php _____ Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php _____ Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php _____ Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php _____ Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php _____ Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php _____ Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php _____ Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php _____ Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php _____ Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php _____ Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php _____ Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php _____ Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php _____ Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php _____ Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php _____ Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php _____ Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php _____ Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php _____ Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php _____ Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php _____ Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php _____ Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php _____ Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php _____ Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php _____ Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php _____ Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php _____ Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php _____ Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php _____ Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php _____ Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php _____ Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php _____ Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php _____ Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php _____ Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php _____ Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php _____ Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php _____ Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php _____ Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php _____ Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php _____ Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php _____ Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php _____ Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php _____ Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php _____ Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. Soho Firewall is prone to a denial-of-service vulnerability

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. IIS Far East Edition is prone to a cross-site scripting vulnerability

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. The Cisco Storage Router is a enterprise-level gigabit-capable routing device designed to handle storage over networks. It is distributed by Cisco Systems. A problem in the firmware used with SN 5420 routers makes it possible to gain unauthorized access and elevated privileges. A remote user may gain a developer shell from either rlogin via the fibrechannel interface of the router, or through port 8023 on the gigabit side of the router. Commands and configuration changes may be executed from the shell, and are not logged by the SN logging facility,. Cisco SN 5420 Storage Router 1.1(3) and earlier versions have vulnerabilities

Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. Aironet is prone to a remote security vulnerability

Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Aironet Ap340 is prone to a local security vulnerability

Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. Internet Firewall Toolkit is prone to a local security vulnerability

Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. SOHO Firewall is an appliance firewall by Watchguard Technologies Inc. designed for Small Office/Home Office users. It is possible for a remote intruder to gain inappropriate access to the system on which SOHO Firewall resides through specially formed HTTP requests. The web server component will grant access to known files when HTTP requests such as http://target/filename.ext are received. For example, a remote attacker may reset the password by supplying a blank request for the /passcfg object. This will clear the administrative password and will yield access to administrative functions via HTTP. An attacker could exploit this vulnerability to cause a denial of service or manage unauthorized behavior. -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2 The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net). This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes). _____ Contents 115 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php _____ Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php _____ Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php _____ Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php _____ Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php _____ Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php _____ Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php _____ Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php _____ Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php _____ Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php _____ Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php _____ Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php _____ Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php _____ Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php _____ Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php _____ Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php _____ Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php _____ Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php _____ Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php _____ Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php _____ Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php _____ Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php _____ Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php _____ Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php _____ Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php _____ Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php _____ Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php _____ Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php _____ Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php _____ Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php _____ Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php _____ Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php _____ Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php _____ Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php _____ Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php _____ Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php _____ Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php _____ Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php _____ Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php _____ Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php _____ Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php _____ Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php _____ Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php _____ Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php _____ Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php _____ Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php _____ Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php _____ Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php _____ Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php _____ Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php _____ Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php _____ Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php _____ Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php _____ Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php _____ Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php _____ Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php _____ Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php _____ Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php _____ Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php _____ Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php _____ Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php _____ Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php _____ Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php _____ Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php _____ Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php _____ Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php _____ Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php _____ Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php _____ Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php _____ Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php _____ Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php _____ Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php _____ Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php _____ Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php _____ Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php _____ Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php _____ Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php _____ Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php _____ Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php _____ Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php _____ Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php _____ Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php _____ Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php _____ Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE-----

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. SOHO Firewall is an appliance firewall by Watchguard Technologies Inc. designed for Small Office/Home Office users. SOHO Firewall is susceptible to a trivial denial of service attack. Restarting the service is required in order to regain normal functionality. Watchguard has confirmed that this vulnerability could not be implemented to launch arbitrary code. Successful exploitation of this vulnerability could assist in the development of further attacks due to the elimination of a firewall defense

Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. Check Point of VPN-1 and FireWall-1 Product supports "Fast Mode" The option contains a vulnerability that could allow access to restricted services by bypassing access control.The service of the host whose communication is blocked by the firewall may be accessed. Firewall-1 is prone to a security bypass vulnerability. Fast Mode is a setting that turns off analysis of packets in tcp sessions after the TCP 3-way handshake has completed for speed-crtitical services. It is also reportedly possible to access hosts at least one hop away on the same interface as the target host being protected. In order for this to be possible, at least one TCP service on a host protected by the firewall must be accessible by the attacker to which a SYN can be sent legitimately. The vulnerability is due to a failure to handle malformed fragmented TCP segments. Check Point Software contacted SecurityFocus with an update regarding this issue. Check the solutions section for the update. Fastmode's valid version of Check Point VPN-1/FireWall-1 4.1 SP2 is vulnerable. A remote attacker can cause a denial of service by means of an extremely long URL request to the web management interface

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. 2 Byte character (DBCS) Of the language-speaking version using Microsoft IIS Has a specific 2 A vulnerability exists in which a request containing a byte character discloses a file with a file name that cannot be viewed normally.Any file in the system may be viewed. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified. A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords. -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2 The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net). This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes). _____ Contents 115 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php _____ Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php _____ Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php _____ Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php _____ Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php _____ Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php _____ Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php _____ Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php _____ Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php _____ Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php _____ Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php _____ Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php _____ Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php _____ Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php _____ Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php _____ Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php _____ Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php _____ Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php _____ Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php _____ Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php _____ Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php _____ Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php _____ Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php _____ Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php _____ Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php _____ Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php _____ Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php _____ Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php _____ Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php _____ Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php _____ Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php _____ Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php _____ Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php _____ Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php _____ Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php _____ Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php _____ Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php _____ Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php _____ Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php _____ Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php _____ Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php _____ Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php _____ Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php _____ Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php _____ Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php _____ Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php _____ Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php _____ Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php _____ Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php _____ Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php _____ Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php _____ Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php _____ Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php _____ Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php _____ Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php _____ Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php _____ Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php _____ Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php _____ Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php _____ Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php _____ Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php _____ Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php _____ Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php _____ Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php _____ Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php _____ Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php _____ Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php _____ Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php _____ Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php _____ Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php _____ Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php _____ Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php _____ Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php _____ Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php _____ Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php _____ Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php _____ Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php _____ Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php _____ Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php _____ Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php _____ Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php _____ Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php _____ Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php _____ Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE-----

The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. As400 Firewall is prone to a denial-of-service vulnerability

WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. The SOHO 2.2 is a popular SOHO firewall by Watchguard Technologies Inc. In the case of a reboot, the firewall will be in-operable for one to five minutes. If the firewall shuts down completely, it will require a power recycle. In the case of a sustained attack, the firewall can be permanently taken off-line. It should be noted that this attack does not appear in the firewall logs except for a reboot notification. Vulnerabilities exist in WatchGuard SOHO FireWall 2.2.1 and earlier versions. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability By Sowhat of Nevis Labs Date: 2006.04.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx CVE: CVE-2006-1189 Vendor Microsoft Inc. Products affected: Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and Microsoft Windows XP Service Pack 1 Internet Explorer 6 for Microsoft Windows XP Service Pack 2 Internet Explorer 6 for Microsoft Windows Server 2003 Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft Windows Millennium Edition This vulnerability affects systems that use Double-Byte Character Sets. Systems that are affected are Windows language versions that use a Double Byte Character Set language. Examples of languages that use DBCS are Chinese, Japanese, and Korean languages. Customers using other language versions of Windows might also be affected if "Language for non-Unicode programs" has been set to a Double Byte Character Set language. Overview: There exists a buffer overflow in Microsoft Internet Explorer in the parsing of DBCS URLS. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message. This attack may be utilized wherever IE parses HTML, such as webpages, email, newsgroups, and within applications utilizing web-browsing functionality. Details: URLMON.DLL does not properly validate IDN containing double-byte character sets (DBCS), which may lead to remote code execution. Exploiting this vulnerability seems to need a lot of more work but we believe that exploitation is possible. POC: No PoC will be released for this. FIX: Microsoft has released an update for Internet Explorer which is set to address this issue. This can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx Vendor Response: 2005.12.29 Vendor notified via secure@microsoft.com 2005.12.29 Vendor responded 2006.04.11 Vendor released MS06-0xx patch 2006.04.11 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-1189 Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys, all XFocus and 0x557 guys :) References: 1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx 2. http://www.nsfocus.com/english/homepage/research/0008.htm 3. http://xforce.iss.net/xforce/xfdb/5729 4. http://www.securityfocus.com/bid/2100/discuss 5. http://www.inter-locale.com/whitepaper/IUC27-a303.html 6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx 7. [Mozilla Firefox IDN "Host:" Buffer Overflow] http://www.security-protocols.com/advisory/sp-x17-advisory.txt 8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow] http://www.security-protocols.com/advisory/sp-x18-advisory.txt 9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com /research/devnotes/1995/may/02/05.htm -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"