Date Reported: 03/14/2002
Brief Description: Windows NT/2000 debugging subsystem allows attacker
to create duplicate handles
Risk Factor: High
Attack Type: Host Based
Platforms: Windows 2000 All versions, Windows NT 4.0
Vulnerability: win-debug-duplicate-handles
X-Force URL: http://www.iss.net/security_center/static/8462.php
____________________________________________________________
\
/ Scott Fosseen - Systems Engineer - Arrowhead AEA 5
\ www.aea5.k12.ia.us/aeaphone.nsf/Web/FosseenScott
/____________________________________________________________
----- Original Message -----
From: "X-Force" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 26, 2002 1:31 PM
Subject: ISSalert: ISS Security Alert Summary AS02-12
>
> TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
> --------------------------------------------------------------------------
-
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Internet Security Systems Security Alert Summary AS02-12
> March 25, 2002
>
> X-Force Vulnerability and Threat Database:
> http://www.iss.net/security_center
>
> To receive these Alert Summaries, as well as other Alerts and
> Advisories, subscribe to the Internet Security Systems Alert
> mailing list at:
> http://www.iss.net/security_center/maillists
>
> This summary is available at the following address:
> http://www.iss.net/security_center/alerts/AS02-12.php
> _____
> Contents:
> * 39 Reported Vulnerabilities
> * Risk Factor Key
> _____
>
>
> Date Reported: 03/15/2002
> Brief Description: Qpopper process denial of service
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Qpopper 4.0.3 and prior
> Vulnerability: qpopper-qpopper-dos
> X-Force URL: http://www.iss.net/security_center/static/8458.php
>
> Date Reported: 03/13/2002
> Brief Description: Foundry Networks ServerIron Web switches incomplete
> URL decoding in pattern matching could reveal
> source code
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Foundry Networks ServerIron All versions
> Vulnerability: foundry-serveriron-reveal-source
> X-Force URL: http://www.iss.net/security_center/static/8459.php
>
> Date Reported: 03/15/2002
> Brief Description: IncrediMail stores attachments in a known directory
> Risk Factor: Low
> Attack Type: Host Based
> Platforms: IncrediMail Xe B618 and prior
> Vulnerability: incredimail-insecure-attachment-directory
> X-Force URL: http://www.iss.net/security_center/static/8460.php
>
> Date Reported: 03/14/2002
> Brief Description: Oblix NetPoint account lockout bypass could allow
> brute force password guessing attempts
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: NetPoint 5.2
> Vulnerability: netpoint-account-lockout-bypass
> X-Force URL: http://www.iss.net/security_center/static/8461.php
>
> Date Reported: 03/14/2002
> Brief Description: Windows NT/2000 debugging subsystem allows attacker
> to create duplicate handles
> Risk Factor: High
> Attack Type: Host Based
> Platforms: Windows 2000 All versions, Windows NT 4.0
> Vulnerability: win-debug-duplicate-handles
> X-Force URL: http://www.iss.net/security_center/static/8462.php
>
> Date Reported: 03/13/2002
> Brief Description: Linux rsync fails to drop privileges for
> supplementary groups in daemon mode
> Risk Factor: High
> Attack Type: Host Based / Network Based
> Platforms: Mandrake Linux 7.1, Mandrake Linux 7.2, Mandrake
> Linux 8.0, Mandrake Linux 8.1, Mandrake Linux
> Corporate Server 1.0.1, Mandrake Single Network
> Firewall 7.2, rsync 2.5.2 and earlier
> Vulnerability: linux-rsync-inherit-privileges
> X-Force URL: http://www.iss.net/security_center/static/8463.php
>
> Date Reported: 03/15/2002
> Brief Description: x-news world readable users.txt file could allow an
> attacker to obtain administrative credentials
> Risk Factor: Medium
> Attack Type: Network Based
> Platforms: x-news 1.1
> Vulnerability: xnews-users-world-readable
> X-Force URL: http://www.iss.net/security_center/static/8465.php
>
> Date Reported: 03/15/2002
> Brief Description: x-stat x_stat_admin.php invalid 'action=' argument
> could reveal installation path
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: x-stat 2.3 and earlier
> Vulnerability: xstat-action-reveal-path
> X-Force URL: http://www.iss.net/security_center/static/8466.php
>
> Date Reported: 03/15/2002
> Brief Description: x-stat x_stat_admin.php phpinfo() could reveal
> sensitive server information
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: x-stat 2.3 and earlier
> Vulnerability: xstat-phpinfo-reveal-info
> X-Force URL: http://www.iss.net/security_center/static/8467.php
>
> Date Reported: 03/15/2002
> Brief Description: x-stat x_stat_admin.php cross-site scripting
> Risk Factor: Medium
> Attack Type: Network Based
> Platforms: x-stat 2.3 and earlier
> Vulnerability: xstat-admin-php-css
> X-Force URL: http://www.iss.net/security_center/static/8468.php
>
> Date Reported: 03/13/2002
> Brief Description: Sketch EPS file preview command execution
> Risk Factor: High
> Attack Type: Host Based / Network Based
> Platforms: Sketch 0.6.12 and earlier
> Vulnerability: sketch-eps-command-execution
> X-Force URL: http://www.iss.net/security_center/static/8469.php
>
> Date Reported: 03/18/2002
> Brief Description: WinSSHD incomplete connections denial of service
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: WinSSHD 1.1
> Vulnerability: winsshd-incomplete-connection-dos
> X-Force URL: http://www.iss.net/security_center/static/8470.php
>
> Date Reported: 03/16/2002
> Brief Description: ARSC non-existent language file reveals Web root
> path information
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: ARSC prior to 1.01p1
> Vulnerability: arsc-language-path-disclosure
> X-Force URL: http://www.iss.net/security_center/static/8472.php
>
> Date Reported: 03/16/2002
> Brief Description: BG GUESTBOOK metacharacters in post form allows
> cross-site scripting
> Risk Factor: High
> Attack Type: Network Based
> Platforms: BG GUESTBOOK prior to 1.1
> Vulnerability: bgguestbook-post-css
> X-Force URL: http://www.iss.net/security_center/static/8474.php
>
> Date Reported: 03/16/2002
> Brief Description: board-tnk metacharacters in "Web" input allows
> cross-site scripting
> Risk Factor: High
> Attack Type: Network Based
> Platforms: board-tnk prior to 1.3.1
> Vulnerability: boardtnk-web-css
> X-Force URL: http://www.iss.net/security_center/static/8475.php
>
> Date Reported: 03/18/2002
> Brief Description: phpBB db.php script can be used to execute commands
> Risk Factor: High
> Attack Type: Network Based
> Platforms: phpBB 2.0 RC-3 and earlier
> Vulnerability: phpbb-db-command-execution
> X-Force URL: http://www.iss.net/security_center/static/8476.php
>
> Date Reported: 03/17/2002
> Brief Description: news-tnk metacharacters in "Web" input allows
> cross-site scripting
> Risk Factor: High
> Attack Type: Network Based
> Platforms: news-tnk prior to 1.2.2
> Vulnerability: newstnk-web-css
> X-Force URL: http://www.iss.net/security_center/static/8477.php
>
> Date Reported: 03/18/2002
> Brief Description: Big Sam '$displayBegin' variable denial of service
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Big Sam prior to 1.1.09
> Vulnerability: bigsam-displaybegin-dos
> X-Force URL: http://www.iss.net/security_center/static/8478.php
>
> Date Reported: 03/18/2002
> Brief Description: Big Sam "safe_mode" option reveals Web root path
> information
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Big Sam prior to 1.1.09
> Vulnerability: bigsam-safemode-path-disclosure
> X-Force URL: http://www.iss.net/security_center/static/8479.php
>
> Date Reported: 03/18/2002
> Brief Description: Sun Java Runtime Environment and Microsoft Virtual
> Machine (VM) Bytecode Verifier could allow a Java
> applet to bypass security restrictions
> Risk Factor: High
> Attack Type: Network Based
> Platforms: HP-UX 10.20, HP-UX 11.x, Microsoft Virtual Machine
> 3802 and earlier, Sun JDK 1.1.8_008 and prior, Sun
> JDK 1.1.8_14 and earlier, Sun JRE 1.1.8_008 and
> prior, Sun JRE 1.1.8_14 and prior, Sun JRE
> 1.2.2_010 and prior, Sun JRE 1.3.0_05 and prior,
> Sun JRE 1.3.1_01 and prior, Sun JRE 1.3.1_01a and
> prior, Sun SDK 1.2.2_010 and prior, Sun SDK
> 1.3.0_05 and prior, Sun SDK 1.3.1_01 and prior, Sun
> SDK 1.3.1_01a and prior
> Vulnerability: java-vm-verifier-variant
> X-Force URL: http://www.iss.net/security_center/static/8480.php
>
> Date Reported: 03/17/2002
> Brief Description: PHP-Nuke and PostNuke account hijacking
> Risk Factor: Medium
> Attack Type: Network Based
> Platforms: PHP-Nuke 5.4 and earlier, PostNuke 0.70 and earlier
> Vulnerability: phpnuke-postnuke-account-hijacking
> X-Force URL: http://www.iss.net/security_center/static/8481.php
>
> Date Reported: 03/18/2002
> Brief Description: PHP Net Toolpack traceroute allows remote attacker
> to execute commands
> Risk Factor: High
> Attack Type: Network Based
> Platforms: PHP Net Toolpack 0.1 and prior
> Vulnerability: phpnettoolpack-traceroute-command-execution
> X-Force URL: http://www.iss.net/security_center/static/8482.php
>
> Date Reported: 03/18/2002
> Brief Description: Java Web Start could allow an attacker to access
> restricted resources
> Risk Factor: High
> Attack Type: Network Based
> Platforms: Java Web Start 1.0, Java Web Start 1.0.1, Java Web
> Start 1.0.1_01, Java Web Start for HP-UX 11.x prior
> to 1.0.1.01
> Vulnerability: java-webstart-access-resources
> X-Force URL: http://www.iss.net/security_center/static/8483.php
>
> Date Reported: 03/18/2002
> Brief Description: PHP Net Toolpack traceroute uses insecure path
> Risk Factor: High
> Attack Type: Host Based
> Platforms: PHP Net Toolpack 0.1 and prior
> Vulnerability: phpnettoolpack-traceroute-insecure-path
> X-Force URL: http://www.iss.net/security_center/static/8484.php
>
> Date Reported: 03/17/2002
> Brief Description: BSD broadcast address
> Risk Factor: Low
> Attack Type: Host Based
> Platforms: FreeBSD 2.x, FreeBSD 3.x, FreeBSD 4.x, FreeBSD 5.0,
> NetBSD 1.5.2 and prior, OpenBSD 2.x, OpenBSD 3.0
> Vulnerability: bsd-broadcast-address
> X-Force URL: http://www.iss.net/security_center/static/8485.php
>
> Date Reported: 03/18/2002
> Brief Description: Hosting Controller "dot dot" sequences could allow
> an attacker to modify directory contents
> Risk Factor: Medium
> Attack Type: Network Based
> Platforms: Hosting Controller 1.4, Hosting Controller 1.4.1
> Vulnerability: hosting-controller-modify-directories
> X-Force URL: http://www.iss.net/security_center/static/8486.php
>
> Date Reported: 03/16/2002
> Brief Description: Eudora stores attachments in a known directory
> Risk Factor: Low
> Attack Type: Host Based
> Platforms: Eudora 5.1 and prior
> Vulnerability: eudora-insecure-attachment-directory
> X-Force URL: http://www.iss.net/security_center/static/8487.php
>
> Date Reported: 03/18/2002
> Brief Description: Internet Explorer JavaScript location.replace loop
> denial of service
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Microsoft Internet Explorer 5.01, Microsoft
> Internet Explorer 5.5, Microsoft Internet Explorer
> 6.0
> Vulnerability: ie-javascript-dos
> X-Force URL: http://www.iss.net/security_center/static/8488.php
>
> Date Reported: 03/19/2002
> Brief Description: MSN Messenger could allow a remote attacker to
> spoof messages
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Microsoft MSN Messenger 3.6
> Vulnerability: msn-messenger-message-spoofing
> X-Force URL: http://www.iss.net/security_center/static/8582.php
>
> Date Reported: 03/15/2002
> Brief Description: Lotus Domino bindsock Notes_ExecDirectory
> environment variable buffer overflow
> Risk Factor: High
> Attack Type: Host Based
> Platforms: Lotus Domino 5.0.4 to 5.0.9
> Vulnerability: lotus-domino-notes-execdirectory-bo
> X-Force URL: http://www.iss.net/security_center/static/8583.php
>
> Date Reported: 03/19/2002
> Brief Description: Macromedia Flash Player FSCommand "save"
> Risk Factor: High
> Attack Type: Host Based / Network Based
> Platforms: Flash Player 5.0
> Vulnerability: flash-fscommand-save
> X-Force URL: http://www.iss.net/security_center/static/8584.php
>
> Date Reported: 03/15/2002
> Brief Description: Lotus Domino bindsock PATH environment variable
> buffer overflow
> Risk Factor: High
> Attack Type: Host Based
> Platforms: Lotus Domino 5.0.4 to 5.0.9
> Vulnerability: lotus-domino-path-bo
> X-Force URL: http://www.iss.net/security_center/static/8585.php
>
> Date Reported: 03/15/2002
> Brief Description: Lotus Domino insecure temp file symlink attack
> Risk Factor: Medium
> Attack Type: Host Based
> Platforms: Lotus Domino 5.0.7
> Vulnerability: lotus-domino-tmpfile-symlink
> X-Force URL: http://www.iss.net/security_center/static/8586.php
>
> Date Reported: 03/19/2002
> Brief Description: Macromedia Flash Player FSCommand "exec" arbitrary
command execution
> Risk Factor: High
> Attack Type: Host Based / Network Based
> Platforms: Flash Player 5.0
> Vulnerability: flash-fscommand-exec
> X-Force URL: http://www.iss.net/security_center/static/8587.php
>
> Date Reported: 03/19/2002
> Brief Description: Linux UDP packets allows remote attacker to
> fingerprint operating system
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: Linux kernel 2.4.x
> Vulnerability: linux-udp-fingerprint
> X-Force URL: http://www.iss.net/security_center/static/8588.php
>
> Date Reported: 03/21/2002
> Brief Description: Apache HTTP Server for Windows DOS batch file
> remote command execution
> Risk Factor: High
> Attack Type: Network Based
> Platforms: Apache HTTP Server 1.3.23 and earlier, Apache HTTP
> Server 2.0.28Beta and prior
> Vulnerability: apache-dos-batch-command-execution
> X-Force URL: http://www.iss.net/security_center/static/8589.php
>
> Date Reported: 03/20/2002
> Brief Description: vBulletin image tag allows cross-site scripting
> Risk Factor: Low
> Attack Type: Network Based
> Platforms: vBulletin 2.2.2 and prior
> Vulnerability: vbulletin-img-css
> X-Force URL: http://www.iss.net/security_center/static/8590.php
>
> Date Reported: 03/17/2002
> Brief Description: PHP move_uploaded_file function could allow an
> attacker to create new files on the system
> Risk Factor: Medium
> Attack Type: Host Based / Network Based
> Platforms: PHP 4.1.2 and earlier
> Vulnerability: php-moveuploadedfile-create-files
> X-Force URL: http://www.iss.net/security_center/static/8591.php
>
> Date Reported: 03/20/2002
> Brief Description: Foundry Networks Edgelron switches uses insecure
> SNMP community string by default
> Risk Factor: Medium
> Attack Type: Network Based
> Platforms: Edgelron Fast Ethernet Switch 4802F
> Vulnerability: edgelron-default-snmp-string
> X-Force URL: http://www.iss.net/security_center/static/8592.php
>
> _____
>
> Risk Factor Key:
>
> High Any vulnerability that provides an attacker with immediate
> access into a machine, gains superuser access, or bypasses
> a firewall. Example: A vulnerable Sendmail 8.6.5 version
> that allows an intruder to execute commands on mail server.
> Medium Any vulnerability that provides information that has a high
> potential of giving system access to an intruder. Example:
> A misconfigured TFTP or vulnerable NIS server that allows
> an intruder to get the password file that could contain an
> account with a guessable password.
> Low Any vulnerability that provides information that could
> potentially lead to a compromise. Example: A finger that
> allows an intruder to find out who is online and potential
> accounts to attempt to crack passwords via brute force
> methods.
>
> ______
>
> About Internet Security Systems (ISS)
> Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
> pioneer and world leader in software and services that protect critical
> online resources from an ever-changing spectrum of threats and misuse.
> Internet Security Systems is headquartered in Atlanta, GA, with
> additional operations throughout the Americas, Asia, Australia, Europe
> and the Middle East.
>
> Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
> worldwide.
>
> Permission is hereby granted for the electronic redistribution of this
> document. It is not to be edited or altered in any way without the
> express written consent of the Internet Security Systems X-Force. If you
> wish to reprint the whole or any part of this document in any other
> medium excluding electronic media, please email [EMAIL PROTECTED] for
> permission.
>
> Disclaimer: The information within this paper may change without notice.
> Use of this information constitutes acceptance for use in an AS IS
> condition. There are NO warranties, implied or otherwise, with regard to
> this information or its use. Any use of this information is at the
> user's risk. In no event shall the author/distributor (Internet Security
> Systems X-Force) be held liable for any damages whatsoever arising out
> of or in connection with the use or spread of this information.
>
> X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server,
> as well as at http://www.iss.net/security_center/sensitive.php
>
> Please send suggestions, updates, and comments to: X-Force
> [EMAIL PROTECTED] of Internet Security Systems
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBPKDMhjRfJiV99eG9AQFs0AQAoH4vB8vw4trOay8GgMFA9uxQxlK77gmF
> 8fLbS4Oz7bEiv3GYAzNCvl1degiOGsyzYgMeArmgWQr7T2od6UnW65hyUPlEKIMJ
> 7Bqcxs8Dq51JLuOqz3Y8uYTWkB/iqKekGHOREw8ml35DUg07+hBZUEn68o9C1xCW
> Jy6kXyTUZ50=
> =1CCm
> -----END PGP SIGNATURE-----
>
>
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/
---------------------------------------------------------
