Date Reported: 04/16/2002 Brief Description: Microsoft Internet Explorer and Office for Macintosh HTML file:// directive buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Microsoft Internet Explorer 5.1 for Macintosh, Microsoft Office 1998 for Macintosh, Microsoft Office 2001 for Macintosh, Microsoft Office v. X Vulnerability: ms-mac-html-file-bo X-Force URL: http://www.iss.net/security_center/static/8850.php
Date Reported: 04/16/2002 Brief Description: Microsoft Internet Explorer for Macintosh could allow remote AppleScript execution Risk Factor: High Attack Type: Network Based Platforms: Microsoft Internet Explorer 5.1 for Macintosh Vulnerability: ie-mac-applescript-execution X-Force URL: http://www.iss.net/security_center/static/8851.php > Date Reported: 04/14/2002 > Brief Description: Internet Explorer history allows URLs using the > JavaScript protocol > Risk Factor: High > Attack Type: Network Based > Platforms: Microsoft Internet Explorer 6.0 > Vulnerability: ie-history-javascript-urls > X-Force URL: http://www.iss.net/security_center/static/8844.php ____________________________________________________________ \ / Scott Fosseen - Systems Engineer - Arrowhead AEA 5 \ www.aea5.k12.ia.us/aeaphone.nsf/Web/FosseenScott /____________________________________________________________ ----- Original Message ----- From: "X-Force" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 3:05 PM Subject: ISSalert: ISS Security Alert Summary AS02-16 > > TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! > -------------------------------------------------------------------------- - > > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Alert Summary AS02-16 > April 22, 2002 > > X-Force Vulnerability and Threat Database: > http://www.iss.net/security_center > > To receive these Alert Summaries, as well as other Alerts and > Advisories, subscribe to the Internet Security Systems Alert > mailing list at: > http://www.iss.net/security_center/maillists > > This summary is available at the following address: > http://www.iss.net/security_center/alerts/AS02-16.php > _____ > Contents: > * 51 Reported Vulnerabilities > * Risk Factor Key > _____ > > > Date Reported: 04/09/2002 > Brief Description: ASP-Nuke image tag cross-site scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: ASP-Nuke RC1 > Vulnerability: aspnuke-image-css > X-Force URL: http://www.iss.net/security_center/static/8829.php > > Date Reported: 04/09/2002 > Brief Description: ASP-Nuke downloads.asp and post.asp cross-site > scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: ASP-Nuke RC1, ASP-Nuke RC2 > Vulnerability: aspnuke-downloads-post-css > X-Force URL: http://www.iss.net/security_center/static/8830.php > > Date Reported: 04/09/2002 > Brief Description: ASP-Nuke user profiles.asp cross-site scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: ASP-Nuke RC1, ASP-Nuke RC2 > Vulnerability: aspnuke-user-profile-css > X-Force URL: http://www.iss.net/security_center/static/8831.php > > Date Reported: 04/09/2002 > Brief Description: ASP-Nuke local cookie modification could allow > account hijacking > Risk Factor: Medium > Attack Type: Network Based > Platforms: ASP-Nuke RC1, ASP-Nuke RC2 > Vulnerability: aspnuke-account-hijacking > X-Force URL: http://www.iss.net/security_center/static/8832.php > > Date Reported: 04/09/2002 > Brief Description: ASP-Nuke invalid cookie could reveal sensitive > information > Risk Factor: Low > Attack Type: Network Based > Platforms: ASP-Nuke RC1, ASP-Nuke RC2 > Vulnerability: aspnuke-cookie-reveal-information > X-Force URL: http://www.iss.net/security_center/static/8833.php > > Date Reported: 04/11/2002 > Brief Description: INN rnews and inews format string > Risk Factor: High > Attack Type: Host Based > Platforms: INN 2.2.3 and earlier > Vulnerability: inn-rnews-inews-format-string > X-Force URL: http://www.iss.net/security_center/static/8834.php > > Date Reported: 04/11/2002 > Brief Description: SGI IRIX mail -r core dump > Risk Factor: Medium > Attack Type: Host Based / Network Based > Platforms: IRIX 6.5 to 6.5.15f > Vulnerability: irix-mail-core-dump > X-Force URL: http://www.iss.net/security_center/static/8835.php > > Date Reported: 04/10/2002 > Brief Description: EMU Webmail allows local attacker to execute > arbitrary programs using a malicious HTTP Host > value > Risk Factor: High > Attack Type: Host Based > Platforms: EMU Webmail 4.5.x, EMU Webmail 5.1 > Vulnerability: emumail-http-host-execute > X-Force URL: http://www.iss.net/security_center/static/8836.php > > Date Reported: 04/15/2002 > Brief Description: Webalizer reverse DNS lookup buffer overflow > Risk Factor: High > Attack Type: Network Based > Platforms: Webalizer 2.01-06, Webalizer 2.01-09 > Vulnerability: webalizer-reverse-dns-bo > X-Force URL: http://www.iss.net/security_center/static/8837.php > > Date Reported: 04/08/2002 > Brief Description: SOAP::Lite allows an attacker to execute Perl > functions > Risk Factor: Medium > Attack Type: Host Based > Platforms: SOAP::Lite All versions > Vulnerability: soap-perl-execute-functions > X-Force URL: http://www.iss.net/security_center/static/8838.php > > Date Reported: 04/15/2002 > Brief Description: SGI IRIX XFS application denial service > Risk Factor: Low > Attack Type: Host Based > Platforms: IRIX 6.5 to 6.5.11f > Vulnerability: irix-xfs-dos > X-Force URL: http://www.iss.net/security_center/static/8839.php > > Date Reported: 04/13/2002 > Brief Description: SunShop Shopping Cart new customer registration > cross-site scripting > Risk Factor: High > Attack Type: Network Based > Platforms: SunShop Shopping Cart 2.5 > Vulnerability: sunshop-new-cust-css > X-Force URL: http://www.iss.net/security_center/static/8840.php > > Date Reported: 04/13/2002 > Brief Description: Burning Board BBS cross-site scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: Burning Board 1.1.1 > Vulnerability: burningboard-bbs-css > X-Force URL: http://www.iss.net/security_center/static/8841.php > > Date Reported: 04/14/2002 > Brief Description: Melange Chat Server /yell buffer overflow > Risk Factor: High > Attack Type: Network Based > Platforms: Melange Chat System 2.02-beta > Vulnerability: melange-chat-yell-bo > X-Force URL: http://www.iss.net/security_center/static/8842.php > > Date Reported: 04/14/2002 > Brief Description: ICQ .hpf file access denial of service > Risk Factor: Low > Attack Type: Host Based / Network Based > Platforms: ICQ 2000a Build 3722 > Vulnerability: icq-hpf-access-dos > X-Force URL: http://www.iss.net/security_center/static/8843.php > > Date Reported: 04/14/2002 > Brief Description: Internet Explorer history allows URLs using the > JavaScript protocol > Risk Factor: High > Attack Type: Network Based > Platforms: Microsoft Internet Explorer 6.0 > Vulnerability: ie-history-javascript-urls > X-Force URL: http://www.iss.net/security_center/static/8844.php > > Date Reported: 04/14/2002 > Brief Description: Melange Chat System long lines in melange.conf > buffer overflow > Risk Factor: High > Attack Type: Host Based > Platforms: Melange Chat System 2.02-beta > Vulnerability: melange-chat-config-bo > X-Force URL: http://www.iss.net/security_center/static/8845.php > > Date Reported: 04/14/2002 > Brief Description: Melange Chat System long file name buffer overflow > Risk Factor: High > Attack Type: Host Based / Network Based > Platforms: Melange Chat System 2.02-beta > Vulnerability: melange-chat-filename-bo > X-Force URL: http://www.iss.net/security_center/static/8846.php > > Date Reported: 04/15/2002 > Brief Description: Raptor Firewall FTP bounce attack > Risk Factor: Medium > Attack Type: Network Based > Platforms: Raptor Firewall 6.5.3i > Vulnerability: raptor-firewall-ftp-bounce > X-Force URL: http://www.iss.net/security_center/static/8847.php > > Date Reported: 04/13/2002 > Brief Description: Nortel CVX-1800 default public SNMP community string > Risk Factor: High > Attack Type: Network Based > Platforms: Nortel CVX-1800 3.6.3p24 and prior > Vulnerability: nortel-default-snmp-string > X-Force URL: http://www.iss.net/security_center/static/8848.php > > Date Reported: 04/12/2002 > Brief Description: StepWeb Search (SWS) insecure admin page > Risk Factor: Medium > Attack Type: Network Based > Platforms: StepWeb Search 2.5 > Vulnerability: sws-insecure-admin-page > X-Force URL: http://www.iss.net/security_center/static/8849.php > > Date Reported: 04/16/2002 > Brief Description: Microsoft Internet Explorer and Office for > Macintosh HTML file:// directive buffer overflow > Risk Factor: High > Attack Type: Network Based > Platforms: Microsoft Internet Explorer 5.1 for Macintosh, > Microsoft Office 1998 for Macintosh, Microsoft > Office 2001 for Macintosh, Microsoft Office v. X > Vulnerability: ms-mac-html-file-bo > X-Force URL: http://www.iss.net/security_center/static/8850.php > > Date Reported: 04/16/2002 > Brief Description: Microsoft Internet Explorer for Macintosh could > allow remote AppleScript execution > Risk Factor: High > Attack Type: Network Based > Platforms: Microsoft Internet Explorer 5.1 for Macintosh > Vulnerability: ie-mac-applescript-execution > X-Force URL: http://www.iss.net/security_center/static/8851.php > > Date Reported: 04/17/2002 > Brief Description: XPilot server buffer overflow > Risk Factor: High > Attack Type: Network Based > Platforms: Debian Linux 2.2, XPilot prior to 4.5.1 > Vulnerability: xpilot-server-bo > X-Force URL: http://www.iss.net/security_center/static/8852.php > > Date Reported: 04/17/2002 > Brief Description: IIS CodeBrws.asp sample script can be used to view > arbitrary file source code > Risk Factor: Low > Attack Type: Network Based > Platforms: Microsoft IIS 5.0 > Vulnerability: iis-codebrws-view-source > X-Force URL: http://www.iss.net/security_center/static/8853.php > > Date Reported: 04/15/2002 > Brief Description: PureSecure allows user to bypass login using SQL > injection attack > Risk Factor: High > Attack Type: Network Based > Platforms: PureSecure 1.05 > Vulnerability: puresecure-sql-injection > X-Force URL: http://www.iss.net/security_center/static/8854.php > > Date Reported: 04/16/2002 > Brief Description: Oracle ANSI outer join syntax in SQL queries can be > used to bypass ACLs > Risk Factor: Medium > Attack Type: Network Based > Platforms: Oracle9i Database Server 9.0.1.x > Vulnerability: oracle-ansi-sql-bypass-acl > X-Force URL: http://www.iss.net/security_center/static/8855.php > > Date Reported: 04/14/2002 > Brief Description: HP Photosmart Mac OS X driver uses weak permissions > Risk Factor: High > Attack Type: Host Based > Platforms: HP Photosmart driver 1.2.1, MacOS X All versions > Vulnerability: macos-photosmart-weak-permissions > X-Force URL: http://www.iss.net/security_center/static/8856.php > > Date Reported: 04/16/2002 > Brief Description: FileSeek.cgi command execution > Risk Factor: High > Attack Type: Network Based > Platforms: FileSeek.cgi All versions, FileSeek2.cgi All > versions > Vulnerability: fileseek-cgi-command-execution > X-Force URL: http://www.iss.net/security_center/static/8857.php > > Date Reported: 04/16/2002 > Brief Description: FileSeek.cgi "dot dot" directory traversal > Risk Factor: Medium > Attack Type: Network Based > Platforms: FileSeek.cgi All versions, FileSeek2.cgi All > versions > Vulnerability: fileseek-cgi-directory-traversal > X-Force URL: http://www.iss.net/security_center/static/8858.php > > Date Reported: 04/16/2002 > Brief Description: Norton Personal Firewall allows remote attacker to > bypass portscan protection using SYN/FIN scan > Risk Factor: Low > Attack Type: Network Based > Platforms: Norton Personal Firewall 2002 All versions > Vulnerability: norton-bypass-portscan-protection > X-Force URL: http://www.iss.net/security_center/static/8859.php > > Date Reported: 04/16/2002 > Brief Description: AOLserver DB proxy daemon libnspd.a library > Ns_PdLog() format string > Risk Factor: High > Attack Type: Network Based > Platforms: AOLserver 3.0 - 3.4.2 > Vulnerability: aolserver-dbproxy-format-string > X-Force URL: http://www.iss.net/security_center/static/8860.php > > Date Reported: 04/17/2002 > Brief Description: Web+ long cookie buffer overflow > Risk Factor: High > Attack Type: Network Based > Platforms: Web+ 4.6, Web+ 5.0, Windows 2000 All versions, > Windows NT All versions > Vulnerability: webplus-long-cookie-bop > X-Force URL: http://www.iss.net/security_center/static/8861.php > > Date Reported: 04/17/2002 > Brief Description: Microsoft BackOffice Server allows attacker to > bypass authentication for Web administration pages > Risk Factor: High > Attack Type: Network Based > Platforms: Microsoft BackOffice Server 4.0, Microsoft > BackOffice Server 5.0 > Vulnerability: backoffice-bypass-authentication > X-Force URL: http://www.iss.net/security_center/static/8862.php > > Date Reported: 04/17/2002 > Brief Description: libc LANG and LOCPATH buffer overflow > Risk Factor: High > Attack Type: Host Based > Platforms: Tru64 DIGITAL UNIX 4.0F, Tru64 DIGITAL UNIX 5.0, > Tru64 DIGITAL UNIX 5.1, Tru64 DIGITAL UNIX 5.1A > Vulnerability: libc-lang-locpath-bo > X-Force URL: http://www.iss.net/security_center/static/8863.php > > Date Reported: 04/17/2002 > Brief Description: WebTrends Reporting Center long string buffer > overflow > Risk Factor: High > Attack Type: Network Based > Platforms: WebTrends Reporting Center 4.0d > Vulnerability: webtrends-long-string-bo > X-Force URL: http://www.iss.net/security_center/static/8864.php > > Date Reported: 04/17/2002 > Brief Description: WebTrends Reporting Center profile variable real > path disclosure > Risk Factor: Low > Attack Type: Network Based > Platforms: WebTrends Reporting Center 4.0d > Vulnerability: webtrends-profile-path-disclosure > X-Force URL: http://www.iss.net/security_center/static/8865.php > > Date Reported: 04/18/2002 > Brief Description: ColdFusion DOS device request path disclosure > Risk Factor: Low > Attack Type: Network Based > Platforms: ColdFusion 5.0 > Vulnerability: coldfusion-dos-device-path-disclosure > X-Force URL: http://www.iss.net/security_center/static/8866.php > > Date Reported: 04/17/2002 > Brief Description: Windows 2000 LanMan denial of service > Risk Factor: Low > Attack Type: Network Based > Platforms: Windows 2000 All versions > Vulnerability: win2k-lanman-dos > X-Force URL: http://www.iss.net/security_center/static/8867.php > > Date Reported: 04/16/2002 > Brief Description: Internet Explorer dialog window cross-site > scripting > Risk Factor: High > Attack Type: Network Based > Platforms: Microsoft Internet Explorer 5.0, Microsoft Internet > Explorer 5.5, Microsoft Internet Explorer 6.0 > Vulnerability: ie-dialog-window-css > X-Force URL: http://www.iss.net/security_center/static/8868.php > > Date Reported: 04/14/2002 > Brief Description: xNewsletter email subscription form improperly > validates input > Risk Factor: Medium > Attack Type: Network Based > Platforms: xNewsletter 1.0 > Vulnerability: xnewsletter-email-subscription-validation > X-Force URL: http://www.iss.net/security_center/static/8869.php > > Date Reported: 04/16/2002 > Brief Description: AOL Instant Messenger "Direct Connection" allows > remote attacker to create files > Risk Factor: Medium > Attack Type: Network Based > Platforms: AOL Instant Messenger 4.8 beta and earlier > Vulnerability: aim-direct-connection-files > X-Force URL: http://www.iss.net/security_center/static/8870.php > > Date Reported: 04/14/2002 > Brief Description: xGB HTML image tag cross-site scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: xGB All versions > Vulnerability: xgb-img-css > X-Force URL: http://www.iss.net/security_center/static/8871.php > > Date Reported: 04/14/2002 > Brief Description: xGB PHP script can be used to execute commands > Risk Factor: Medium > Attack Type: Network Based > Platforms: xGB All versions > Vulnerability: xgb-php-command-execution > X-Force URL: http://www.iss.net/security_center/static/8872.php > > Date Reported: 04/16/2002 > Brief Description: FreeBSD syncookie "NULL" pointer denial of service > Risk Factor: Low > Attack Type: Host Based > Platforms: FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE > Vulnerability: bsd-syncookie-pointer-dos > X-Force URL: http://www.iss.net/security_center/static/8873.php > > Date Reported: 04/17/2002 > Brief Description: Pipermail could allow an attacker to view private > mailing list archives > Risk Factor: Low > Attack Type: Host Based > Platforms: Pipermail All versions > Vulnerability: pipermail-view-archives > X-Force URL: http://www.iss.net/security_center/static/8874.php > > Date Reported: 04/16/2002 > Brief Description: FreeBSD syncache "inpcb" pointer denial of service > Risk Factor: Low > Attack Type: Host Based > Platforms: FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE > Vulnerability: bsd-syncache-inpcb-dos > X-Force URL: http://www.iss.net/security_center/static/8875.php > > Date Reported: 04/18/2002 > Brief Description: Sambar Server Perl script source disclosure > Risk Factor: Low > Attack Type: Network Based > Platforms: Sambar Server 5.1p > Vulnerability: sambar-script-source-disclosure > X-Force URL: http://www.iss.net/security_center/static/8876.php > > Date Reported: 04/18/2002 > Brief Description: PVote could allow an attacker to add or delete > arbitrary polls > Risk Factor: Low > Attack Type: Network Based > Platforms: PVote prior to 1.9 > Vulnerability: pvote-add-delete-polls > X-Force URL: http://www.iss.net/security_center/static/8877.php > > Date Reported: 04/18/2002 > Brief Description: PVote could allow an attacker to change the > administrator password > Risk Factor: Medium > Attack Type: Network Based > Platforms: PVote prior to 1.9 > Vulnerability: pvote-change-admin-password > X-Force URL: http://www.iss.net/security_center/static/8878.php > > Date Reported: 04/19/2002 > Brief Description: IncrediBB HTML tag cross-site scripting > Risk Factor: Medium > Attack Type: Network Based > Platforms: IncrediBB 1.1 > Vulnerability: incredibb-html-css > X-Force URL: http://www.iss.net/security_center/static/8879.php > > _____ > > Risk Factor Key: > > High Any vulnerability that provides an attacker with immediate > access into a machine, gains superuser access, or bypasses > a firewall. Example: A vulnerable Sendmail 8.6.5 version > that allows an intruder to execute commands on mail server. > Medium Any vulnerability that provides information that has a high > potential of giving system access to an intruder. Example: > A misconfigured TFTP or vulnerable NIS server that allows > an intruder to get the password file that could contain an > account with a guessable password. > Low Any vulnerability that provides information that could > potentially lead to a compromise. Example: A finger that > allows an intruder to find out who is online and potential > accounts to attempt to crack passwords via brute force > methods. > > ______ > > About Internet Security Systems (ISS) > Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a > pioneer and world leader in software and services that protect critical > online resources from an ever-changing spectrum of threats and misuse. > Internet Security Systems is headquartered in Atlanta, GA, with > additional operations throughout the Americas, Asia, Australia, Europe > and the Middle East. > > Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved > worldwide. > > Permission is hereby granted for the electronic redistribution of this > document. It is not to be edited or altered in any way without the > express written consent of the Internet Security Systems X-Force. If you > wish to reprint the whole or any part of this document in any other > medium excluding electronic media, please email [EMAIL PROTECTED] for > permission. > > Disclaimer: The information within this paper may change without notice. > Use of this information constitutes acceptance for use in an AS IS > condition. There are NO warranties, implied or otherwise, with regard to > this information or its use. Any use of this information is at the > user's risk. In no event shall the author/distributor (Internet Security > Systems X-Force) be held liable for any damages whatsoever arising out > of or in connection with the use or spread of this information. > > X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, > as well as at http://www.iss.net/security_center/sensitive.php > > Please send suggestions, updates, and comments to: X-Force > [EMAIL PROTECTED] of Internet Security Systems, > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBPMRsvTRfJiV99eG9AQG6uAP/bLkIVeliD14fraIKg1nZgTwJt9wxGHNB > lTaj/wZJlTZ3LN/n4RJHznDiyEZH2GMKcGlLeLVSuxFupWbgBrfMnyHpfyigFbdt > txogCQe+6n9ia6lvjtllc2NpLvxZscdojbpcdB19l8M4bAIWO3as+tFjsEcS2lJU > R3C8CgUpBUg= > =FqUi > -----END PGP SIGNATURE----- > > --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/ ---------------------------------------------------------