[425] in Best-of-Security
BoS: ISS Security Alert Summary v1 n5
daemon@ATHENA.MIT.EDU (X-Force)
Fri Oct 24 19:31:51 1997
Old-X-Envelope-From: xforce@arden.iss.net Thu Oct 23 07:09:20 1997
Date: Wed, 22 Oct 1997 17:08:22 -0400 (EDT)
From: X-Force <xforce@iss.net>
cc: X-Force <xforce@arden.iss.net>
Old-X-Originally-To: To: best-of-security@cyber.com.au
Old-X-Originated-From: From: X-Force <xforce@iss.net>
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
-----BEGIN PGP SIGNED MESSAGE-----
ISS Security Alert Summary
October 22, 1997
Volume 1 Number 5
X-Force Vulnerability and Threat Database: http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an email to majordomo@iss.net and within the body of the
message type: 'subscribe alert'.
- ---
Index
7 Reported New Vulnerabilities
- IBM-xdat
- www-count
- IE-spy
- smurf-dos
- NT-reg
- NEC-nosuid
- imapd-core
Risk Factor Key
- ---
Date Reported: 10/21/97
Vulnerability: IBM-xdat
Affected Platforms: AIX (4.1, 4.2)
Risk Factor: High
The xdat command starts Set Date and Time, Schedule a Job, or Remove or
View Scheduled Jobs on AIX 4.x platforms. It does not check the length of
the "TZ" environment variable which can result in a buffer overflow.
Local users can exploit this vulnerability and gain root privileges.
Reference:
http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:004.1.txt
- ---
Date Reported: 10/16/97
Vulnerability: www-count
Affected Platforms: All platforms running count.cgi 2.3
Risk Factor: High
Count.cgi is a popular web cgi program that displays the number of raw
hits on web pages as an in-line image. People use it to keep track of how
many hits their web pages have received, etc. It contains a buffer
overflow that can allow remote http users to execute commands on the
system running count.cgi. The author has released a patch and the problem
has been corrected in the upcoming release of count.cgi 2.4.
Patch:
http://www.fccc.edu/users/muquit/Count.html
Reference:
http://www.iss.net/xforce/advisories/wwwcount.asc
- ---
Date Reported: 10/16/97
Vulnerability: IE-spy
Affected Platforms: Windows NT, 95
Risk Factor: High
A security flaw exists that allows unauthorized users to "spy" on the
contents of files on the system running Microsoft Internet Explorer 4.0.
Malicious web pages can contain an IFRAME, which can copy HTML or text
files from the system to any other system for later viewing. A patch is
available to correct the vulnerable Internet Explorer version.
Patch:
http://www.microsoft.com/ie/security/?/ie/security/freiburg.htm
Reference:
http://www.jabadoo.de/press/ie4_old.html
http://www.iss.net/xforce/advisories/ie4-spy.asc (English Translation)
- ---
Date Reported: 10/13/97
Vulnerability: smurf-dos
Affected Platforms: Any platform on the Internet
Risk Factor: Medium
The smurf denial of service attack is being widely used because of the
exploit program being available on the Internet. The attack consists of
sending out hundreds of ICMP echo packets to broadcast addresses, from a
spoofed source (the victim). All of these hosts then reply to the victim
with ICMP echo replies.
Reference:
http://www.quadrunner.com/~c-huegen/smurf.txt
- ---
Date Reported: 10/10/97
Vulnerability: NT-reg
Affected Platforms: Windows NT (workstation and server
3.5, 3.5.1, 4.0)
Risk Factor: High
A security vulnerability has been found on Windows NT that allows
malicious users to install a trojan horse in the registry. The
permissions give access to "Everyone", thus users can create a program and
have the system execute it on start-up. This can result in users
obtaining unauthorized administrator rights on the system or performing
other unauthorized tasks.
References:
http://support.microsoft.com/support/kb/articles/q126/7/13.asp
http://www.infoworld.com/cgi-bin/displayStory.pl?971014.wntsecurity.htm
- ---
Date Reported: 10/10/97
Vulnerability: NEC-nosuid
Affected Platforms: EWS-UX/V Rel4.2 (R7.x, R8.x, R9.x, R10.x)
EWS-UX/V Rel4.2MP (R10.x)
UP-UX/V Rel4.2MP (R5.x, R6.x, R7.x)
UX/4800 (R11.x, R12.1)
Risk Factor: High
NEC Corporation has found and released patches for a vulnerability that
exists in the "nosuid" mount(1) option. On file systems that are mounted
with "nosuid", it still allows setuid and setgid program execution. This
vulnerability can allow local users to execute commands as other users or
even obtain root privileges.
Patches:
ftp://ftp.meshnet.or.jp/pub/48pub/security
Reference:
http://ciac.llnl.gov/ciac/bulletins/i-004.shtml
- ---
Date Reported: 10/8/97
Vulnerability: imapd-core
Affected Platforms: Any running imap 4.1b
Risk Factor: High
A vulnerability in the University of Washington's imap daemon allows
remote users to obtain a copy of the password file. A publicly
available exploit causes the imapd server to leave a core file containing
the password file and shadowed password file.
Reference:
http://www.l0pht.com/advisories/imapd.txt
- ---
Risk Factor Key:
High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.
Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and monitoring tools, providing
comprehensive software that enables organizations to proactively manage
and minimize their network security risks. For more information, contact
the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site
at http://www.iss.net.
- --------
Copyright (c) 1997 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
email xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
Please send suggestions, updates, and comments to:
X Force <xforce@iss.net> of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCUAwUBNE5leDRfJiV99eG9AQED2QP43T0XHJhVsZKasB9aJk9hOQ4oatiTIu2p
AxXuw5VvqEybOT33ghadbJS9Fh/0x02v+yMAryF2jJKBtfo07NvhzT4IRi4ThoNO
JisPfFdZfg/9WDP8/3PaipO2cnKInD6q3dQOdB0IwCgebX9yXwYbFdaKaeO7XOyx
1xC6BCmmQw==
=B7kp
-----END PGP SIGNATURE-----
