[600] in Best-of-Security
BoS: ISSalert: ISS Security Alert Summary v2 n1
daemon@ATHENA.MIT.EDU (X-Force)
Wed Mar 11 07:33:31 1998
X-Delivering-To: best-of-security-mtg@menelaus.mit.edu
XDelivering-To: best-of-security@cyber.com.au
Delivering-To: best-of-security@cyber.com.au
Date: Wed, 28 Jan 1998 17:47:31 -0500 (EST)
From: X-Force <xforce@iss.net>
Cc: X-Force <xforce@arden.iss.net>
Reply-To: X-Force <xforce@iss.net>
Old-X-Originally-To: To: alert@iss.net
Old-X-Originated-From: From: X-Force <xforce@iss.net>
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
-----BEGIN PGP SIGNED MESSAGE-----
ISS Security Alert Summary
January 28, 1998
Volume 2 Number 1
X-Force Vulnerability and Threat Database: http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an email to majordomo@iss.net and within the body of the
message type: 'subscribe alert'.
___
Index
5 Reported Vulnerabilities
- Domino-write
- ssh-agent
- MSIE-dildog2
- linux-deliver
- IBM-routed
1 Update
- smurf
Risk Factor Key
___
Date Reported: 1/20/98
Vulnerability: Domino-write
Platforms Affected: All platforms running Domino 4.6
Risk Factor: High
Due to the design of Domino's database security, web users are able to
write to remote server drives and change server configuration files. Three
specific design flaws lead to sites being victimized. First, default
database ACLs are set to allow unrestricted access to all web users.
Second, databases do not correctly inherit their ACLs from their parent
template. Third, no tool is provided to verify that proper security
measures have been taken on server configuration databases. These three
problems result in databases being left open to arbitrary Web users.
Reference:
http://www.l0pht.com/advisories/domino2.txt
___
Date Reported: 1/20/98
Vulnerability: ssh-agent
Platforms Affected: Unix platforms running F-Secure SSH pre 1.3.3
Risk Factor: High
The program ssh-agent is a RSA key management program for use with the SSH
program. It is possible for an attacker to fool their own SSH client
into identifying them as another user to a remote server. Any user that
uses both RSA authentication and ssh-agent is vulnerable to having an
intruder gain remote access to their account.
References:
ftp://ftp.secnet.com/pub/advisories/SNI-23.SSH-AGENT.advisory
ftp://info.cert.org/pub/cert_advisories/CA-98.03.ssh-agent
___
Date Reported: 1/14/98
Vulnerability: MSIE-dildog2
Platforms Affected: Windows 95 OSR1, OSR2 running IE3.0x+Infoviewer,
IE4.0, IE4.01
Windows NT Workstation/Server running
IE4.0,IE4.01
Risk Factor: High
A buffer overflow condition has been found in the Microsoft Internet
Explorer 4.0(1) Suite programs Outlook Express, Windows Explorer,
and Internet Explorer. The condition can be exploited to cause the
application to page fault or execute arbitrary code.
Reference:
http://www.l0pht.com/advisories/ie4_x2.txt
___
Date Reported: 1/14/98
Vulnerability: linux-deliver
Platforms Affected: Linux Debian 1.3.1
Linux Slackware 2.x
Risk Factor: High
Deliver is the program that delivers mail to users once it has arrived at
the host. A stack overwrite exists in the function copy_message() that,
if exploited, would allow an attacker to execute arbitrary commands as
root uid.
Reference:
http://www.dec.net/ksrt/adv6.html
___
Date Reported: 1/8/98
Vulnerability: IBM-routed
Platforms Affected: AIX (3.2.x, 4.1.x, 4.2.x, 4.3.x)
Risk Factor: High
Routed is the AIX daemon that services the Routing Information Protocol
(RIP), handles router discovery, and maintains network routing tables.
There is a vulnerability in routed where the daemon will accept RIP
updates that can cause arbitrary system files to be created or modified.
Reference:
http://www.ers.ibm.com/tech-info/advisories/sva/1998/ERS-SVA-E01-1998:001.1.txt
___
Date: 1/5/98
Update: smurf
Platforms: Any platform on the Internet
CERT/CC has released an advisory that details the smurf denial of service
attack that is being widely used because of the exploit program being
available on the Internet. The attack consists of sending out hundreds of
ICMP echo packets to broadcast addresses, from a spoofed source (the
victim). All of these hosts then reply to the victim with ICMP echo
replies.
References:
ftp://ftp.cert.org/pub/cert_advisories/CA-98.01.smurf
http://www.quadrunner.com/~chuegen/smurf.txt
___
Risk Factor Key:
High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.
Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and intrusion detection tools,
providing comprehensive software that enables organizations to proactively
manage and minimize their network security risks. For more information,
contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS
Web site at http://www.iss.net.
________
Copyright (c) 1998 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
email xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X Force <xforce@iss.net> of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNM+1TDRfJiV99eG9AQEAkgQAq9D2aoB/dVtvAqgFE3cB+vp+tcd0IkWh
k9MULvWlP80e+gomp4TvA0eUHHSzx7DkGB6qs9yIzMrbx0SqoMMvBFzB1Y4jOQ/3
myedzvQitCe5POAGW8Ax2UU1CkADgJubDJfe86idYmjPmnbeYJW5EbxuMAy2c4bG
vBFKuDwIQdk=
=wP42
-----END PGP SIGNATURE-----