VARIoT IoT vulnerabilities database

kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. IBM's Net.Commerce ecommerce platform supports macros which, by default, do not properly validate requests in user-supplied input. A thoughtfully-formed request to a vulnerable script can cause the server to disclose sensitive system information, including results of arbitrary queries to the Net.Commerce database. This can allow an attacker to obtain an elevation of privileges to that of the DB2INST1 account, and potentially issue arbitrary shell commands as the DB2INST1 user. IBM fixed the vulnerable macros they ship with the product in Net.Commerce Versions 3.2 and WebSphere Commerce Suite 4.1. Custom macros created by the user may be vulnerable to this type of attack. WebSphere Commerce Suite Version 5.1 is not vulnerable at all as it does not use Net.Data macros. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. Analog is a freely available log analysis tool that provides advanced features. It was originally written by Stephen Turner. As designed, the software makes it possible for a user to remotely access network statistics using cgi scripts and HTTP FORM methods. When queried, the cgi accesses analog, and outputs statistics to a web page. Due to a buffer overflow in analog, and improper checking of input by the cgi program, it is possible for a user to supply a long ALIAS field to the analog program, which will result in a buffer overflow. The problem makes it possible for a malicious user to remotely execute arbitrary code, and execute commands with privileges equal to the httpd process. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. Requesting a specially crafted URL composed of '../' or '.../' sequences will disclose the requested file. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. CUPS is prone to a remote security vulnerability. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. Using a command function such as WM_COPYDATA, it is possible for a message to be sent through the Net DDE Agent to a trusted share with a process associated with that share. Unfortunately NetDDE Agent runs in the LOCAL SYSTEM context, therefore a local user can specify arbitrary code to be run at SYSTEM privileges. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. The problem lies in deattack.c, a program developed by CORE SDI to prevent the SSH1 protocol from being attacked by CRC32 compensation. Because a 16-bit unsigned variable is mistakenly used as a 32-bit variable in the detect_attack() function, the table index overflow problem is caused. The problem is in the detect_attack() function: ... /* detect_attack Detects a crc32 compensation attack on a packet */ int detect_attack(unsigned char *buf, word32 len, unsigned char *IV) { static word16 *h = (word16 * ) NULL; (*) static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; register word32 i , j; After allocation by xmalloc(0), the following code will be executed: for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; Since i is set as a 32-bit unsigned integer, when n=0 , the result becomes: i = HASH(c) & 0xffffffff and c can be provided by the client. If the value of i exceeds the normal range, the program will segfault when trying to access h[i]. Through careful By constructing an attack packet, the attacker may overwrite the content of any address and execute arbitrary code remotely. The attacker does not need a valid system account to carry out the attack. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services. Multiple Cisco networking products contain a denial-of-service vulnerability. The inetd service on Compaq's Tru64 UNIX is vulnerable to a denial-of-service. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit. A buffer overflow in the text editor on certain Hewlett-Packard systems could compromise system availability. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. While addressing vulnerabilities described in http://www.cisco.com/warp/public/707/SSH-multiple-pub.html, a denial of service condition has been inadvertently introduced into firmware upgrades. Firmware for routers and switches (IOS), Catalyst 6000 switches running CatOS, Cisco PIX Firewall and Cisco 11000 Content Service Switch devices may be vulnerable. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. Repeated and concurrent attacks may result in a denial of device service. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. HP-UX is prone to a denial-of-service vulnerability

The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. SSH is prone to a denial-of-service vulnerability. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. While addressing vulnerabilities described in http://www.cisco.com/warp/public/707/SSH-multiple-pub.html, a denial of service condition has been inadvertently introduced into firmware upgrades. Firmware for routers and switches (IOS), Catalyst 6000 switches running CatOS, Cisco PIX Firewall and Cisco 11000 Content Service Switch devices may be vulnerable. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. Repeated and concurrent attacks may result in a denial of device service. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. Depending on the data entered, CiscoSecure ACS for Windows NT can be made to crash or arbitrary code execution can be made possible if an unusually long packet is sent to port 2002. If the application were to crash due to an oversized packet, the CSadmin Module would automatically restart after one minute in versions 2.3x and higher. Existing sessions would re-establish although they would need to be authenticated again. In prior versions, a restart is required in order to regain normal functionality

Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. If a remote attacker is capable of sniffing or injecting traffic in between a server running CiscoSecure ACS for Windows NT and a TACACS+ client, CiscoSecure ACS for Windows NT can be made to crash if an oversized TACACS+ packet is sent to it. CiscoSecure ACS Server 2.4(2) and earlier versions have a buffer overflow vulnerability

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. There are certain Lightweight Directory Access Protocol (LDAP) servers that allow users to have undefined passwords. Vulnerabilities exist in CiscoSecure ACS Server 2.4(2) and earlier versions

The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. Like other firewalls, the Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain smtp commands can be allowed through (for example, dropping extra functionality, such as HELP or commands that could be a security concern, like EXPN or VRFY). When recieving messages, it allows all text through between "data" and "<CR><LF><CR><LF>.<CR><LF>", as this is where the body of the message would normally go and there could be words in it that are smtp commands which shouldn't be filtered. Due to the nature of SMTP and flaws in exceptional condition handling of PIX, it is reportedly possible to evade the smtp command restrictions by tricking the firewall into thinking the body of the message is being sent when it isn't. During communication with an smtp server, if the "data" command is sent before the more important information is sent, such as "rcpt to", the smtp server will return error 503, saying that rcpt was required. The firewall, however, thinks everything is alright and will let everything through until recieving "<CR><LF><CR><LF>.<CR><LF>". It is then possible for the attacker to do whatever he wishes on the email server. An old vulnerability that allowed for bypassing of SMTP content filtering has been re-introduced into PIX firmware. This vulnerability is archived in the SecurityFocus vulnerability database as Bugtraq ID: 1698

WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515). If a user sends continuous LPD requests to the serivce on default port 515, the program will consume all available CPU usage. A restart of the service is required in order to gain normal functionality. WinCOM LPD 1.00.90 is vulnerable

Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash. The malformed packet can be sent locally or remotely and can be spoofed. In the event that the switch receives the malformed ICMP packet, it will continue to operate as a switch, however, it will lose all routing functionality and will not pick up on new connections