Date Reported: 03/14/2002 Brief Description: Windows NT/2000 debugging subsystem allows attacker to create duplicate handles Risk Factor: High Attack Type: Host Based Platforms: Windows 2000 All versions, Windows NT 4.0 Vulnerability: win-debug-duplicate-handles X-Force URL: http://www.iss.net/security_center/static/8462.php ____________________________________________________________ \ / Scott Fosseen - Systems Engineer - Arrowhead AEA 5 \ www.aea5.k12.ia.us/aeaphone.nsf/Web/FosseenScott /____________________________________________________________ ----- Original Message ----- From: "X-Force" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 26, 2002 1:31 PM Subject: ISSalert: ISS Security Alert Summary AS02-12
> > TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! > -------------------------------------------------------------------------- - > > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Alert Summary AS02-12 > March 25, 2002 > > X-Force Vulnerability and Threat Database: > http://www.iss.net/security_center > > To receive these Alert Summaries, as well as other Alerts and > Advisories, subscribe to the Internet Security Systems Alert > mailing list at: > http://www.iss.net/security_center/maillists > > This summary is available at the following address: > http://www.iss.net/security_center/alerts/AS02-12.php > _____ > Contents: > * 39 Reported Vulnerabilities > * Risk Factor Key > _____ > > > Date Reported: 03/15/2002 > Brief Description: Qpopper process denial of service > Risk Factor: Low > Attack Type: Network Based > Platforms: Qpopper 4.0.3 and prior > Vulnerability: qpopper-qpopper-dos > X-Force URL: http://www.iss.net/security_center/static/8458.php > > Date Reported: 03/13/2002 > Brief Description: Foundry Networks ServerIron Web switches incomplete > URL decoding in pattern matching could reveal > source code > Risk Factor: Low > Attack Type: Network Based > Platforms: Foundry Networks ServerIron All versions > Vulnerability: foundry-serveriron-reveal-source > X-Force URL: http://www.iss.net/security_center/static/8459.php > > Date Reported: 03/15/2002 > Brief Description: IncrediMail stores attachments in a known directory > Risk Factor: Low > Attack Type: Host Based > Platforms: IncrediMail Xe B618 and prior > Vulnerability: incredimail-insecure-attachment-directory > X-Force URL: http://www.iss.net/security_center/static/8460.php > > Date Reported: 03/14/2002 > Brief Description: Oblix NetPoint account lockout bypass could allow > brute force password guessing attempts > Risk Factor: Low > Attack Type: Network Based > Platforms: NetPoint 5.2 > Vulnerability: netpoint-account-lockout-bypass > X-Force URL: http://www.iss.net/security_center/static/8461.php > > Date Reported: 03/14/2002 > Brief Description: Windows NT/2000 debugging subsystem allows attacker > to create duplicate handles > Risk Factor: High > Attack Type: Host Based > Platforms: Windows 2000 All versions, Windows NT 4.0 > Vulnerability: win-debug-duplicate-handles > X-Force URL: http://www.iss.net/security_center/static/8462.php > > Date Reported: 03/13/2002 > Brief Description: Linux rsync fails to drop privileges for > supplementary groups in daemon mode > Risk Factor: High > Attack Type: Host Based / Network Based > Platforms: Mandrake Linux 7.1, Mandrake Linux 7.2, Mandrake > Linux 8.0, Mandrake Linux 8.1, Mandrake Linux > Corporate Server 1.0.1, Mandrake Single Network > Firewall 7.2, rsync 2.5.2 and earlier > Vulnerability: linux-rsync-inherit-privileges > X-Force URL: http://www.iss.net/security_center/static/8463.php > > Date Reported: 03/15/2002 > Brief Description: x-news world readable users.txt file could allow an > attacker to obtain administrative credentials > Risk Factor: Medium > Attack Type: Network Based > Platforms: x-news 1.1 > Vulnerability: xnews-users-world-readable > X-Force URL: http://www.iss.net/security_center/static/8465.php > > Date Reported: 03/15/2002 > Brief Description: x-stat x_stat_admin.php invalid 'action=' argument > could reveal installation path > Risk Factor: Low > Attack Type: Network Based > Platforms: x-stat 2.3 and earlier > Vulnerability: xstat-action-reveal-path > X-Force URL: http://www.iss.net/security_center/static/8466.php > > Date Reported: 03/15/2002 > Brief Description: x-stat x_stat_admin.php phpinfo() could reveal > sensitive server information > Risk Factor: Low > Attack Type: Network Based > Platforms: x-stat 2.3 and earlier > Vulnerability: xstat-phpinfo-reveal-info > X-Force URL: http://www.iss.net/security_center/static/8467.php > > Date Reported: 03/15/2002 > Brief Description: x-stat x_stat_admin.php cross-site scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: x-stat 2.3 and earlier > Vulnerability: xstat-admin-php-css > X-Force URL: http://www.iss.net/security_center/static/8468.php > > Date Reported: 03/13/2002 > Brief Description: Sketch EPS file preview command execution > Risk Factor: High > Attack Type: Host Based / Network Based > Platforms: Sketch 0.6.12 and earlier > Vulnerability: sketch-eps-command-execution > X-Force URL: http://www.iss.net/security_center/static/8469.php > > Date Reported: 03/18/2002 > Brief Description: WinSSHD incomplete connections denial of service > Risk Factor: Low > Attack Type: Network Based > Platforms: WinSSHD 1.1 > Vulnerability: winsshd-incomplete-connection-dos > X-Force URL: http://www.iss.net/security_center/static/8470.php > > Date Reported: 03/16/2002 > Brief Description: ARSC non-existent language file reveals Web root > path information > Risk Factor: Low > Attack Type: Network Based > Platforms: ARSC prior to 1.01p1 > Vulnerability: arsc-language-path-disclosure > X-Force URL: http://www.iss.net/security_center/static/8472.php > > Date Reported: 03/16/2002 > Brief Description: BG GUESTBOOK metacharacters in post form allows > cross-site scripting > Risk Factor: High > Attack Type: Network Based > Platforms: BG GUESTBOOK prior to 1.1 > Vulnerability: bgguestbook-post-css > X-Force URL: http://www.iss.net/security_center/static/8474.php > > Date Reported: 03/16/2002 > Brief Description: board-tnk metacharacters in "Web" input allows > cross-site scripting > Risk Factor: High > Attack Type: Network Based > Platforms: board-tnk prior to 1.3.1 > Vulnerability: boardtnk-web-css > X-Force URL: http://www.iss.net/security_center/static/8475.php > > Date Reported: 03/18/2002 > Brief Description: phpBB db.php script can be used to execute commands > Risk Factor: High > Attack Type: Network Based > Platforms: phpBB 2.0 RC-3 and earlier > Vulnerability: phpbb-db-command-execution > X-Force URL: http://www.iss.net/security_center/static/8476.php > > Date Reported: 03/17/2002 > Brief Description: news-tnk metacharacters in "Web" input allows > cross-site scripting > Risk Factor: High > Attack Type: Network Based > Platforms: news-tnk prior to 1.2.2 > Vulnerability: newstnk-web-css > X-Force URL: http://www.iss.net/security_center/static/8477.php > > Date Reported: 03/18/2002 > Brief Description: Big Sam '$displayBegin' variable denial of service > Risk Factor: Low > Attack Type: Network Based > Platforms: Big Sam prior to 1.1.09 > Vulnerability: bigsam-displaybegin-dos > X-Force URL: http://www.iss.net/security_center/static/8478.php > > Date Reported: 03/18/2002 > Brief Description: Big Sam "safe_mode" option reveals Web root path > information > Risk Factor: Low > Attack Type: Network Based > Platforms: Big Sam prior to 1.1.09 > Vulnerability: bigsam-safemode-path-disclosure > X-Force URL: http://www.iss.net/security_center/static/8479.php > > Date Reported: 03/18/2002 > Brief Description: Sun Java Runtime Environment and Microsoft Virtual > Machine (VM) Bytecode Verifier could allow a Java > applet to bypass security restrictions > Risk Factor: High > Attack Type: Network Based > Platforms: HP-UX 10.20, HP-UX 11.x, Microsoft Virtual Machine > 3802 and earlier, Sun JDK 1.1.8_008 and prior, Sun > JDK 1.1.8_14 and earlier, Sun JRE 1.1.8_008 and > prior, Sun JRE 1.1.8_14 and prior, Sun JRE > 1.2.2_010 and prior, Sun JRE 1.3.0_05 and prior, > Sun JRE 1.3.1_01 and prior, Sun JRE 1.3.1_01a and > prior, Sun SDK 1.2.2_010 and prior, Sun SDK > 1.3.0_05 and prior, Sun SDK 1.3.1_01 and prior, Sun > SDK 1.3.1_01a and prior > Vulnerability: java-vm-verifier-variant > X-Force URL: http://www.iss.net/security_center/static/8480.php > > Date Reported: 03/17/2002 > Brief Description: PHP-Nuke and PostNuke account hijacking > Risk Factor: Medium > Attack Type: Network Based > Platforms: PHP-Nuke 5.4 and earlier, PostNuke 0.70 and earlier > Vulnerability: phpnuke-postnuke-account-hijacking > X-Force URL: http://www.iss.net/security_center/static/8481.php > > Date Reported: 03/18/2002 > Brief Description: PHP Net Toolpack traceroute allows remote attacker > to execute commands > Risk Factor: High > Attack Type: Network Based > Platforms: PHP Net Toolpack 0.1 and prior > Vulnerability: phpnettoolpack-traceroute-command-execution > X-Force URL: http://www.iss.net/security_center/static/8482.php > > Date Reported: 03/18/2002 > Brief Description: Java Web Start could allow an attacker to access > restricted resources > Risk Factor: High > Attack Type: Network Based > Platforms: Java Web Start 1.0, Java Web Start 1.0.1, Java Web > Start 1.0.1_01, Java Web Start for HP-UX 11.x prior > to 1.0.1.01 > Vulnerability: java-webstart-access-resources > X-Force URL: http://www.iss.net/security_center/static/8483.php > > Date Reported: 03/18/2002 > Brief Description: PHP Net Toolpack traceroute uses insecure path > Risk Factor: High > Attack Type: Host Based > Platforms: PHP Net Toolpack 0.1 and prior > Vulnerability: phpnettoolpack-traceroute-insecure-path > X-Force URL: http://www.iss.net/security_center/static/8484.php > > Date Reported: 03/17/2002 > Brief Description: BSD broadcast address > Risk Factor: Low > Attack Type: Host Based > Platforms: FreeBSD 2.x, FreeBSD 3.x, FreeBSD 4.x, FreeBSD 5.0, > NetBSD 1.5.2 and prior, OpenBSD 2.x, OpenBSD 3.0 > Vulnerability: bsd-broadcast-address > X-Force URL: http://www.iss.net/security_center/static/8485.php > > Date Reported: 03/18/2002 > Brief Description: Hosting Controller "dot dot" sequences could allow > an attacker to modify directory contents > Risk Factor: Medium > Attack Type: Network Based > Platforms: Hosting Controller 1.4, Hosting Controller 1.4.1 > Vulnerability: hosting-controller-modify-directories > X-Force URL: http://www.iss.net/security_center/static/8486.php > > Date Reported: 03/16/2002 > Brief Description: Eudora stores attachments in a known directory > Risk Factor: Low > Attack Type: Host Based > Platforms: Eudora 5.1 and prior > Vulnerability: eudora-insecure-attachment-directory > X-Force URL: http://www.iss.net/security_center/static/8487.php > > Date Reported: 03/18/2002 > Brief Description: Internet Explorer JavaScript location.replace loop > denial of service > Risk Factor: Low > Attack Type: Network Based > Platforms: Microsoft Internet Explorer 5.01, Microsoft > Internet Explorer 5.5, Microsoft Internet Explorer > 6.0 > Vulnerability: ie-javascript-dos > X-Force URL: http://www.iss.net/security_center/static/8488.php > > Date Reported: 03/19/2002 > Brief Description: MSN Messenger could allow a remote attacker to > spoof messages > Risk Factor: Low > Attack Type: Network Based > Platforms: Microsoft MSN Messenger 3.6 > Vulnerability: msn-messenger-message-spoofing > X-Force URL: http://www.iss.net/security_center/static/8582.php > > Date Reported: 03/15/2002 > Brief Description: Lotus Domino bindsock Notes_ExecDirectory > environment variable buffer overflow > Risk Factor: High > Attack Type: Host Based > Platforms: Lotus Domino 5.0.4 to 5.0.9 > Vulnerability: lotus-domino-notes-execdirectory-bo > X-Force URL: http://www.iss.net/security_center/static/8583.php > > Date Reported: 03/19/2002 > Brief Description: Macromedia Flash Player FSCommand "save" > Risk Factor: High > Attack Type: Host Based / Network Based > Platforms: Flash Player 5.0 > Vulnerability: flash-fscommand-save > X-Force URL: http://www.iss.net/security_center/static/8584.php > > Date Reported: 03/15/2002 > Brief Description: Lotus Domino bindsock PATH environment variable > buffer overflow > Risk Factor: High > Attack Type: Host Based > Platforms: Lotus Domino 5.0.4 to 5.0.9 > Vulnerability: lotus-domino-path-bo > X-Force URL: http://www.iss.net/security_center/static/8585.php > > Date Reported: 03/15/2002 > Brief Description: Lotus Domino insecure temp file symlink attack > Risk Factor: Medium > Attack Type: Host Based > Platforms: Lotus Domino 5.0.7 > Vulnerability: lotus-domino-tmpfile-symlink > X-Force URL: http://www.iss.net/security_center/static/8586.php > > Date Reported: 03/19/2002 > Brief Description: Macromedia Flash Player FSCommand "exec" arbitrary command execution > Risk Factor: High > Attack Type: Host Based / Network Based > Platforms: Flash Player 5.0 > Vulnerability: flash-fscommand-exec > X-Force URL: http://www.iss.net/security_center/static/8587.php > > Date Reported: 03/19/2002 > Brief Description: Linux UDP packets allows remote attacker to > fingerprint operating system > Risk Factor: Low > Attack Type: Network Based > Platforms: Linux kernel 2.4.x > Vulnerability: linux-udp-fingerprint > X-Force URL: http://www.iss.net/security_center/static/8588.php > > Date Reported: 03/21/2002 > Brief Description: Apache HTTP Server for Windows DOS batch file > remote command execution > Risk Factor: High > Attack Type: Network Based > Platforms: Apache HTTP Server 1.3.23 and earlier, Apache HTTP > Server 2.0.28Beta and prior > Vulnerability: apache-dos-batch-command-execution > X-Force URL: http://www.iss.net/security_center/static/8589.php > > Date Reported: 03/20/2002 > Brief Description: vBulletin image tag allows cross-site scripting > Risk Factor: Low > Attack Type: Network Based > Platforms: vBulletin 2.2.2 and prior > Vulnerability: vbulletin-img-css > X-Force URL: http://www.iss.net/security_center/static/8590.php > > Date Reported: 03/17/2002 > Brief Description: PHP move_uploaded_file function could allow an > attacker to create new files on the system > Risk Factor: Medium > Attack Type: Host Based / Network Based > Platforms: PHP 4.1.2 and earlier > Vulnerability: php-moveuploadedfile-create-files > X-Force URL: http://www.iss.net/security_center/static/8591.php > > Date Reported: 03/20/2002 > Brief Description: Foundry Networks Edgelron switches uses insecure > SNMP community string by default > Risk Factor: Medium > Attack Type: Network Based > Platforms: Edgelron Fast Ethernet Switch 4802F > Vulnerability: edgelron-default-snmp-string > X-Force URL: http://www.iss.net/security_center/static/8592.php > > _____ > > Risk Factor Key: > > High Any vulnerability that provides an attacker with immediate > access into a machine, gains superuser access, or bypasses > a firewall. Example: A vulnerable Sendmail 8.6.5 version > that allows an intruder to execute commands on mail server. > Medium Any vulnerability that provides information that has a high > potential of giving system access to an intruder. Example: > A misconfigured TFTP or vulnerable NIS server that allows > an intruder to get the password file that could contain an > account with a guessable password. > Low Any vulnerability that provides information that could > potentially lead to a compromise. Example: A finger that > allows an intruder to find out who is online and potential > accounts to attempt to crack passwords via brute force > methods. > > ______ > > About Internet Security Systems (ISS) > Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a > pioneer and world leader in software and services that protect critical > online resources from an ever-changing spectrum of threats and misuse. > Internet Security Systems is headquartered in Atlanta, GA, with > additional operations throughout the Americas, Asia, Australia, Europe > and the Middle East. > > Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved > worldwide. > > Permission is hereby granted for the electronic redistribution of this > document. It is not to be edited or altered in any way without the > express written consent of the Internet Security Systems X-Force. If you > wish to reprint the whole or any part of this document in any other > medium excluding electronic media, please email [EMAIL PROTECTED] for > permission. > > Disclaimer: The information within this paper may change without notice. > Use of this information constitutes acceptance for use in an AS IS > condition. There are NO warranties, implied or otherwise, with regard to > this information or its use. Any use of this information is at the > user's risk. In no event shall the author/distributor (Internet Security > Systems X-Force) be held liable for any damages whatsoever arising out > of or in connection with the use or spread of this information. > > X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, > as well as at http://www.iss.net/security_center/sensitive.php > > Please send suggestions, updates, and comments to: X-Force > [EMAIL PROTECTED] of Internet Security Systems > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBPKDMhjRfJiV99eG9AQFs0AQAoH4vB8vw4trOay8GgMFA9uxQxlK77gmF > 8fLbS4Oz7bEiv3GYAzNCvl1degiOGsyzYgMeArmgWQr7T2od6UnW65hyUPlEKIMJ > 7Bqcxs8Dq51JLuOqz3Y8uYTWkB/iqKekGHOREw8ml35DUg07+hBZUEn68o9C1xCW > Jy6kXyTUZ50= > =1CCm > -----END PGP SIGNATURE----- > > --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/ ---------------------------------------------------------