Date Reported: 02/27/2002
Brief Description: Multiple Web browsers for MacOS and MacOS X could
allow automatic file downloads
Risk Factor: Medium
Attack Type: Network Based
Platforms: iCab Pre 2.7, iCab Pre 2.71, Microsoft Internet
Explorer 4.5 for Macintosh, Microsoft Internet
Explorer 5.0 for Macintosh, Netscape 4.77 Mac,
Netscape 4.78 Mac, OmniWeb 4.0.6, OmniWeb
4.1beta11, Opera Web Browser 5.0 Mac
Vulnerability: macos-auto-file-download
X-Force URL: http://www.iss.net/security_center/static/8348.php
----- Original Message -----
From: "X-Force" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 11, 2002 2:45 PM
Subject: ISSalert: ISS Security Alert Summary AS02-10
|
| TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
| [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
| --------------------------------------------------------------------------
-
|
| -----BEGIN PGP SIGNED MESSAGE-----
|
| Internet Security Systems Security Alert Summary AS02-10
| March 11, 2002
|
| X-Force Vulnerability and Threat Database:
| http://www.iss.net/security_center
|
| To receive these Alert Summaries, as well as other Alerts and
| Advisories, subscribe to the Internet Security Systems Alert
| mailing list at:
| http://www.iss.net/security_center/maillists
|
| This summary is available at the following address:
| http://www.iss.net/security_center/alerts/AS02-10.php
| _____
| Contents:
| * 33 Reported Vulnerabilities
| * Risk Factor Key
| _____
|
|
| Date Reported: 02/28/2002
| Brief Description: RealPlayer for Windows invalid .mp3 file denial of
| service
| Risk Factor: Low
| Attack Type: Host Based / Network Based
| Platforms: RealPlayer 8.0, Windows 2000 All versions
| Vulnerability: realplayer-mp3-invalid-dos
| X-Force URL: http://www.iss.net/security_center/static/8320.php
|
| Date Reported: 02/28/2002
| Brief Description: Cobalt RaQ alert.cgi and service.cgi cross-site
| scripting
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: Cobalt RaQ 4
| Vulnerability: cobalt-raq-css
| X-Force URL: http://www.iss.net/security_center/static/8321.php
|
| Date Reported: 02/28/2002
| Brief Description: Cobalt RaQ "dot dot" directory traversal
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: Cobalt RaQ 4
| Vulnerability: cobalt-raq-directory-traversal
| X-Force URL: http://www.iss.net/security_center/static/8322.php
|
| Date Reported: 02/28/2002
| Brief Description: Cobalt RaQ service.cgi long parameter denial of
| service
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: Cobalt RaQ 4
| Vulnerability: cobalt-raq-service-dos
| X-Force URL: http://www.iss.net/security_center/static/8323.php
|
| Date Reported: 02/28/2002
| Brief Description: Tiny Personal Firewall popup alert allows attacker
| to gain access
| Risk Factor: Medium
| Attack Type: Host Based
| Platforms: Tiny Personal Firewall 2.0.15a
| Vulnerability: tinyfw-popup-gain-access
| X-Force URL: http://www.iss.net/security_center/static/8324.php
|
| Date Reported: 02/28/2002
| Brief Description: Hotline Connect client stores password in plain
| text
| Risk Factor: Low
| Attack Type: Host Based
| Platforms: Hotline Connect 1.8.5 client
| Vulnerability: hotline-connect-plaintext-password
| X-Force URL: http://www.iss.net/security_center/static/8327.php
|
| Date Reported: 02/28/2002
| Brief Description: HP Procurve port scan telnet denial of service
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: HP Procurve Switch 4000M firmware C.08.22, HP
| Procurve Switch 4000M firmware C.09.09
| Vulnerability: hp-procurve-portscan-dos
| X-Force URL: http://www.iss.net/security_center/static/8329.php
|
| Date Reported: 03/02/2002
| Brief Description: CFS (Cryptographic File System) has multiple buffer
| overflows
| Risk Factor: High
| Attack Type: Host Based / Network Based
| Platforms: CFS prior to 1.3.3, Debian Linux 2.2
| Vulnerability: cfs-bo
| X-Force URL: http://www.iss.net/security_center/static/8330.php
|
| Date Reported: 03/01/2002
| Brief Description: Zope object created with proxy roles allows an
| attacker to gain elevated privileges
| Risk Factor: Medium
| Attack Type: Host Based / Network Based
| Platforms: Zope 2.2.0 to 2.5.x
| Vulnerability: zope-proxy-role-privileges
| X-Force URL: http://www.iss.net/security_center/static/8334.php
|
| Date Reported: 03/02/2002
| Brief Description: RealPlayer Port 1275 directory traversal
| Risk Factor: Medium
| Attack Type: Host Based / Network Based
| Platforms: RealPlayer 6.0.7
| Vulnerability: realplayer-http-directory-traversal
| X-Force URL: http://www.iss.net/security_center/static/8336.php
|
| Date Reported: 03/02/2002
| Brief Description: SPHEREserver client connections denial of service
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: SPHEREserver 0.55x, SPHEREserver 0.99x
| Vulnerability: sphereserver-connections-dos
| X-Force URL: http://www.iss.net/security_center/static/8338.php
|
| Date Reported: 03/02/2002
| Brief Description: Phorum /admin/stats.php exposes active users
| information
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: Phorum 3.3.2
| Vulnerability: phorum-admin-users-information
| X-Force URL: http://www.iss.net/security_center/static/8344.php
|
| Date Reported: 03/03/2002
| Brief Description: AeroMail attachments could allow an attacker to
| obtain sensitive files
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: AeroMail prior to 1.45
| Vulnerability: aeromail-obtain-files
| X-Force URL: http://www.iss.net/security_center/static/8345.php
|
| Date Reported: 03/03/2002
| Brief Description: AeroMail Subject header cross-site scripting
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: AeroMail prior to 1.45
| Vulnerability: aeromail-subject-css
| X-Force URL: http://www.iss.net/security_center/static/8346.php
|
| Date Reported: 03/04/2002
| Brief Description: Ntop traceEvent() function format string
| Risk Factor: High
| Attack Type: Host Based / Network Based
| Platforms: ntop 2.0
| Vulnerability: ntop-traceevent-format-string
| X-Force URL: http://www.iss.net/security_center/static/8347.php
|
| Date Reported: 02/27/2002
| Brief Description: Multiple Web browsers for MacOS and MacOS X could
| allow automatic file downloads
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: iCab Pre 2.7, iCab Pre 2.71, Microsoft Internet
| Explorer 4.5 for Macintosh, Microsoft Internet
| Explorer 5.0 for Macintosh, Netscape 4.77 Mac,
| Netscape 4.78 Mac, OmniWeb 4.0.6, OmniWeb
| 4.1beta11, Opera Web Browser 5.0 Mac
| Vulnerability: macos-auto-file-download
| X-Force URL: http://www.iss.net/security_center/static/8348.php
|
| Date Reported: 03/04/2002
| Brief Description: Sun Java Runtime Environment and Microsoft Virtual
| Machine (VM) Java applet could be used to redirect
| browser traffic when using a proxy
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: HP Java JRE/JDK prior to 1.1.8.06, HP Java JRE/JDK
| prior to 1.2.2.12, HP Java JRE/JDK prior to
| 1.3.1.00, HP-UX 10.20, HP-UX 11.x, Microsoft
| Internet Explorer 4.x, Microsoft Internet Explorer
| 5.x, Microsoft Virtual Machine 3802 and earlier,
| Sun JDK 1.1.8_007 and prior, Sun JDK 1.1.8_13 and
| prior, Sun JRE 1.1.8_007 and prior, Sun JRE
| 1.1.8_13 and prior, Sun JRE 1.2.2_010 and prior,
| Sun JRE 1.3.0_02 and prior, Sun SDK 1.2.2_010 and
| prior, Sun SDK 1.3.0_02 and prior
| Vulnerability: java-vm-session-hijacking
| X-Force URL: http://www.iss.net/security_center/static/8351.php
|
| Date Reported: 03/04/2002
| Brief Description: ReBB <IMG> tag cross-site scripting
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: ReBB All versions
| Vulnerability: rebb-img-css
| X-Force URL: http://www.iss.net/security_center/static/8353.php
|
| Date Reported: 03/05/2002
| Brief Description: Endymion MailMan ALTERNATE_TEMPLATES "dot dot" null
| byte directory traversal
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: MailMan 3.0.35 and earlier
| Vulnerability: mailman-alternate-templates-traversal
| X-Force URL: http://www.iss.net/security_center/static/8357.php
|
| Date Reported: 03/05/2002
| Brief Description: Endymion Saké Mail param_name "dot dot" null byte
| directory traversal
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: Saké Mail 1.0.36 and earlier
| Vulnerability: sakemail-paramname-directory-traversal
| X-Force URL: http://www.iss.net/security_center/static/8358.php
|
| Date Reported: 03/05/2002
| Brief Description: Microsoft SQL Server xp_dirtree buffer overflow
| Risk Factor: High
| Attack Type: Host Based / Network Based
| Platforms: Microsoft SQL Server 7.0
| Vulnerability: mssql-xp-dirtree-bo
| X-Force URL: http://www.iss.net/security_center/static/8359.php
|
| Date Reported: 03/03/2002
| Brief Description: Unreal IRCd format string in "cio_main.c" file
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: Unreal IRCd 3.1.1
| Vulnerability: unreal-ircd-format-string
| X-Force URL: http://www.iss.net/security_center/static/8360.php
|
| Date Reported: 03/01/2002
| Brief Description: Web+ webpsvc.exe buffer overflow
| Risk Factor: High
| Attack Type: Network Based
| Platforms: Web+ 4.6, Web+ 5.0
| Vulnerability: webplus-webpsvc-bo
| X-Force URL: http://www.iss.net/security_center/static/8361.php
|
| Date Reported: 03/05/2002
| Brief Description: CVS improperly initialized global variable can
| cause a denial of service
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: CVS prior to 1.10.7-9, Debian Linux 2.2
| Vulnerability: cvs-global-var-dos
| X-Force URL: http://www.iss.net/security_center/static/8366.php
|
| Date Reported: 03/06/2002
| Brief Description: MTR MTR_OPTIONS environment variable buffer
| overflow
| Risk Factor: High
| Attack Type: Host Based
| Platforms: MTR 0.45, MTR 0.46
| Vulnerability: mtr-options-bo
| X-Force URL: http://www.iss.net/security_center/static/8367.php
|
| Date Reported: 03/05/2002
| Brief Description: SH39 MailServer port 25 denial of service
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: SH39 MailServer 1.21
| Vulnerability: sh39-mailserver-dos
| X-Force URL: http://www.iss.net/security_center/static/8379.php
|
| Date Reported: 03/06/2002
| Brief Description: efingerd reverse-lookup buffer overflow
| Risk Factor: High
| Attack Type: Network Based
| Platforms: efingerd 1.3, efingerd 1.6.1
| Vulnerability: efingerd-reverse-lookup-bo
| X-Force URL: http://www.iss.net/security_center/static/8380.php
|
| Date Reported: 03/06/2002
| Brief Description: efingerd .efingerd file execution
| Risk Factor: Medium
| Attack Type: Host Based / Network Based
| Platforms: efingerd 1.3, efingerd 1.6.1
| Vulnerability: efingerd-file-execution
| X-Force URL: http://www.iss.net/security_center/static/8381.php
|
| Date Reported: 03/04/2002
| Brief Description: IIS authentication error messages reveal
| configuration information
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft IIS
| 5.1
| Vulnerability: iis-authentication-error-messages
| X-Force URL: http://www.iss.net/security_center/static/8382.php
|
| Date Reported: 03/07/2002
| Brief Description: OpenSSH off-by-one error in channel code
| Risk Factor: High
| Attack Type: Host Based / Network Based
| Platforms: Conectiva Linux 5.0, Conectiva Linux 5.1, Conectiva
| Linux 6.0, Conectiva Linux 7.0, Conectiva Linux
| ecommerce, Conectiva Linux prg graficos, EnGarde
| Secure Linux Community Edition, FreeBSD 4.4-
| Release, FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE,
| OpenPKG 1.0, OpenSSH 2.0 up to 3.0.2, OpenSSH All
| versions, Red Hat Linux 7.0, Red Hat Linux 7.1, Red
| Hat Linux 7.2, SuSE eMail Server III All versions,
| SuSE Linux 6.4, SuSE Linux 7.0, SuSE Linux 7.1,
| SuSE Linux 7.2, SuSE Linux 7.3, SuSE Linux
| Connectivity Server All versions, SuSE Linux
| Database Server All versions, SuSE Linux Enterprise
| Server 7, SuSE Linux Firewall All versions
| Vulnerability: openssh-channel-error
| X-Force URL: http://www.iss.net/security_center/static/8383.php
|
| Date Reported: 03/07/2002
| Brief Description: Microsoft Windows Shell buffer overflow can occur
| when an application has been improperly removed
| Risk Factor: High
| Attack Type: Host Based / Network Based
| Platforms: Windows 2000 All versions, Windows 98 All versions,
| Windows 98 Second Edition, Windows NT 4.0, Windows
| NT 4.0 TSE
| Vulnerability: win-shell-bo
| X-Force URL: http://www.iss.net/security_center/static/8384.php
|
| Date Reported: 03/04/2002
| Brief Description: IIS specially-crafted request reveals IP address
| Risk Factor: Low
| Attack Type: Network Based
| Platforms: Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft IIS
| 5.1
| Vulnerability: iis-request-ip-disclosure
| X-Force URL: http://www.iss.net/security_center/static/8385.php
|
| Date Reported: 03/05/2002
| Brief Description: PureTLS could allow injection attacks
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms: PureTLS 0.9b1
| Vulnerability: puretls-injection-attack
| X-Force URL: http://www.iss.net/security_center/static/8386.php
|
| _____
|
| Risk Factor Key:
|
| High Any vulnerability that provides an attacker with immediate
| access into a machine, gains superuser access, or bypasses
| a firewall. Example: A vulnerable Sendmail 8.6.5 version
| that allows an intruder to execute commands on mail server.
| Medium Any vulnerability that provides information that has a high
| potential of giving system access to an intruder. Example:
| A misconfigured TFTP or vulnerable NIS server that allows
| an intruder to get the password file that could contain an
| account with a guessable password.
| Low Any vulnerability that provides information that could
| potentially lead to a compromise. Example: A finger that
| allows an intruder to find out who is online and potential
| accounts to attempt to crack passwords via brute force
| methods.
|
| ______
|
| About Internet Security Systems (ISS)
| Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
| pioneer and world leader in software and services that protect critical
| online resources from an ever-changing spectrum of threats and misuse.
| Internet Security Systems is headquartered in Atlanta, GA, with
| additional operations throughout the Americas, Asia, Australia, Europe
| and the Middle East.
|
| Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
| worldwide.
|
| Permission is hereby granted for the electronic redistribution of this
| document. It is not to be edited or altered in any way without the
| express written consent of the Internet Security Systems X-Force. If you
| wish to reprint the whole or any part of this document in any other
| medium excluding electronic media, please email [EMAIL PROTECTED] for
| permission.
|
| Disclaimer: The information within this paper may change without notice.
| Use of this information constitutes acceptance for use in an AS IS
| condition. There are NO warranties, implied or otherwise, with regard to
| this information or its use. Any use of this information is at the
| user's risk. In no event shall the author/distributor (Internet Security
| Systems X-Force) be held liable for any damages whatsoever arising out
| of or in connection with the use or spread of this information.
|
| X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server,
| as well as at http://www.iss.net/security_center/sensitive.php
|
| Please send suggestions, updates, and comments to: X-Force
| [EMAIL PROTECTED] of Internet Security Systems, Inc
|
| -----BEGIN PGP SIGNATURE-----
| Version: 2.6.3a
| Charset: noconv
|
| iQCVAwUBPI0XSDRfJiV99eG9AQG33wQApYA9kAbp2FV9g1rUFeQ4BpVTWeg6lU1b
| Oea2dJs/iUSVrNUU2xiQd0TDtJ0Xi6fC/8NUUEV+AxdKmKLnlSE10bc/3K8h/4Jk
| qaczNTz5uD1YsdRWkT6OjqtQa0JUlCveZj88uF3i6GmqGOG+LyNMYJLR4r4hH42H
| ioyspv2G138=
| =ppCb
| -----END PGP SIGNATURE-----
|
|
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/
---------------------------------------------------------
