Date Reported: 11/24/2001
Brief Description: Badtrans worm with keystroke logging
functionality
Risk Factor: High
Attack Type: Host Based
Platforms Affected: Windows 2000 All versions, Windows 95 All
versions, Windows 98 All versions, Windows ME
All versions, Windows NT All versions, Windows
XP All versions
Vulnerability: badtrans-worm
X-Force URL: http://xforce.iss.net/static/7607.php
----- Original Message -----
From: "X-Force" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 03, 2001 3:48 PM
Subject: ISSalert: ISS Security Alert Summary AS01-09
|
| TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
| [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
| --------------------------------------------------------------------------
-
|
| -----BEGIN PGP SIGNED MESSAGE-----
|
| Internet Security Systems Security Alert Summary AS01-09
| December 03, 2001
|
| X-Force Vulnerability and Threat Database: http://xforce.iss.net
|
| To receive these Alert Summaries, as well as other Alerts and
| Advisories, subscribe to the Internet Security Systems Alert
| mailing list at: http://xforce.iss.net/maillists/index.php
|
| This summary is available at the following address:
| http://xforce.iss.net/alerts/AS01-09.php
|
| _____
| Contents:
| * 43 Reported Vulnerabilities
| * Risk Factor Key
| _____
|
| Date Reported: 11/19/2001
| Brief Description: Intel HDCP authentication keys
| Risk Factor: Low
| Attack Type: Host Based / Network Based
| Platforms Affected: HDCP 1.0
| Vulnerability: hdcp-authentication-keys
| X-Force URL: http://xforce.iss.net/static/7612.php
|
| Date Reported: 11/19/2001
| Brief Description: Microsoft IIS allows attackers to create fake
| log entries
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: Microsoft IIS 5.0
| Vulnerability: iis-fake-log-entry
| X-Force URL: http://xforce.iss.net/static/7613.php
|
| Date Reported: 11/19/2001
| Brief Description: Internet Explorer HTTP_USER_AGENT could allow
| attacker to determine the existence of patch
| Q312461
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: Microsoft Internet Explorer 5.5, Microsoft
| Internet Explorer 6
| Vulnerability: ie-q312461-patch-existence
| X-Force URL: http://xforce.iss.net/static/7581.php
|
| Date Reported: 11/19/2001
| Brief Description: OpenSSH with Kerberos allows attacker to gain
| elevated privileges
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: OpenSSH 3.0
| Vulnerability: openssh-kerberos-elevate-privileges
| X-Force URL: http://xforce.iss.net/static/7598.php
|
| Date Reported: 11/20/2001
| Brief Description: Thttpd 'Basic Authentication' feature buffer
| overflow
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: thttpd 2.20b and earlier
| Vulnerability: thttpd-basic-authentication-bo
| X-Force URL: http://xforce.iss.net/static/7595.php
|
| Date Reported: 11/21/2001
| Brief Description: Linux kernel vmlinux denial of service
| Risk Factor: Low
| Attack Type: Host Based
| Platforms Affected: Linux kernel 2.4.x
| Vulnerability: linux-vmlinux-dos
| X-Force URL: http://xforce.iss.net/static/7591.php
|
| Date Reported: 11/21/2001
| Brief Description: Netscape Web browser for MacOS prints passwords in
| plaintext
| Risk Factor: Medium
| Attack Type: Host Based
| Platforms Affected: Macintosh All versions
| Vulnerability: macos-netscape-print-passwords
| X-Force URL: http://xforce.iss.net/static/7593.php
|
| Date Reported: 11/21/2001
| Brief Description: Linux-Mandrake expect package could allow
| unauthorized users to gain root privileges
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: Mandrake Linux 8.1
| Vulnerability: linux-expect-unauth-root
| X-Force URL: http://xforce.iss.net/static/7604.php
|
| Date Reported: 11/21/2001
| Brief Description: Internet Explorer allows an attacker to
| determine password characters
| Risk Factor: Low
| Attack Type: Host Based
| Platforms Affected: Microsoft Internet Explorer 4.0, Microsoft
| Internet Explorer 5.x, Microsoft Internet
| Explorer 6
| Vulnerability: ie-password-character-information
| X-Force URL: http://xforce.iss.net/static/7592.php
|
| Date Reported: 11/21/2001
| Brief Description: CBlade worm infects Microsoft SQL Servers
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: Microsoft SQL Server 7.0, Microsoft SQL Server
| 6.x
| Vulnerability: cblade-worm
| X-Force URL: http://xforce.iss.net/static/7610.php
|
| Date Reported: 11/21/2001
| Brief Description: Legato NetWorker reverse DNS authentication can
| be bypassed
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: Networker 6.0
| Vulnerability: networker-reverse-dns-bypass-auth
| X-Force URL: http://xforce.iss.net/static/7601.php
|
| Date Reported: 11/21/2001
| Brief Description: Linux pmake .SHELL variable buffer overflow
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: pmake 2.1.33 and earlier
| Vulnerability: pmake-shell-bo
| X-Force URL: http://xforce.iss.net/static/7603.php
|
| Date Reported: 11/21/2001
| Brief Description: Linux pmake .SHELL variable format string
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: pmake 2.1.33 and earlier
| Vulnerability: pmake-shell-format-string
| X-Force URL: http://xforce.iss.net/static/7602.php
|
| Date Reported: 11/21/2001
| Brief Description: Windows XP helpctr.exe buffer overflow
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: Windows XP All versions
| Vulnerability: winxp-helpctr-bo
| X-Force URL: http://xforce.iss.net/static/7605.php
|
| Date Reported: 11/22/2001
| Brief Description: Informix SQL Web DataBlade module "dot dot"
| directory traversal
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: Informix SQL 9.20.UC2, Informix SQL 7.31.UC5
| Vulnerability: informix-web-datablade-directory-traversal
| X-Force URL: http://xforce.iss.net/static/7585.php
|
| Date Reported: 11/22/2001
| Brief Description: Jakarta Tomcat reveals installation path
| Risk Factor: Low
| Attack Type: Host Based
| Platforms Affected: Jakarta Tomcat 4.0.1
| Vulnerability: tomcat-reveal-install-path
| X-Force URL: http://xforce.iss.net/static/7599.php
|
| Date Reported: 11/22/2001
| Brief Description: PHP-Nuke and PostNuke use weak encryption for
| passwords stored in authentication cookies
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: PHP-Nuke 5.2, PHP-Nuke 5.1, PHP-Nuke 5.3.1,
| PostNuke 0.64
| Vulnerability: phpnuke-postnuke-insecure-passwords
| X-Force URL: http://xforce.iss.net/static/7596.php
|
| Date Reported: 11/22/2001
| Brief Description: Rwhoisd syslog() remote format string
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: Rwhoisd 1.5.7, Rwhoisd 1.5.7.1, Rwhoisd 1.5.3,
| Rwhoisd 1.5.5, Rwhoisd 1.5.6, Rwhoisd 1.5.1a,
| Rwhoisd 1.5.2
| Vulnerability: rwhoisd-syslog-format-string
| X-Force URL: http://xforce.iss.net/static/7597.php
|
| Date Reported: 11/22/2001
| Brief Description: susehelp CGI scripts remote command execution
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: SuSE Linux 7.2, SuSE Linux 7.3
| Vulnerability: susehelp-cgi-command-execution
| X-Force URL: http://xforce.iss.net/static/7583.php
|
| Date Reported: 11/23/2001
| Brief Description: Red Hat Stronghold Secure Web Server could allow
| an attacker to obtain sensitive server
| information
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: Stronghold Secure Web server 2.3, Stronghold
| Secure Web Server 2.4, Stronghold Secure Web
| Server 3.0
| Vulnerability: stronghold-webserver-obtain-information
| X-Force URL: http://xforce.iss.net/static/7582.php
|
| Date Reported: 11/23/2001
| Brief Description: REX 6000 MicroPDA transmits plaintext password
| information
| Risk Factor: Low
| Attack Type: Host Based
| Platforms Affected: Xircom Rex 6000 All versions
| Vulnerability: rex6000-pda-password-retrieval
| X-Force URL: http://xforce.iss.net/static/7584.php
|
| Date Reported: 11/24/2001
| Brief Description: Badtrans worm with keystroke logging
| functionality
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: Windows 2000 All versions, Windows 95 All
| versions, Windows 98 All versions, Windows ME
| All versions, Windows NT All versions, Windows
| XP All versions
| Vulnerability: badtrans-worm
| X-Force URL: http://xforce.iss.net/static/7607.php
|
| Date Reported: 11/26/2001
| Brief Description: AutoNice Daemon (AND) format string
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: AND 1.0.4 and earlier
| Vulnerability: and-format-string
| X-Force URL: http://xforce.iss.net/static/7606.php
|
| Date Reported: 11/26/2001
| Brief Description: Sun NetDynamics session ID hijacking
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: NetDynamics 5.0, NetDynamics 4.1, NetDynamics
| 4.1.2, NetDynamics 4.1.3, NetDynamics 4.0
| Vulnerability: netdynamics-session-hijacking
| X-Force URL: http://xforce.iss.net/static/7620.php
|
| Date Reported: 11/26/2001
| Brief Description: Xitami Webserver stores admin password in
| plaintext in 'default.aut' file
| Risk Factor: Medium
| Attack Type: Host Based / Network Based
| Platforms Affected: Xitami Web Servers All versions
| Vulnerability: xitami-default-password-plaintext
| X-Force URL: http://xforce.iss.net/static/7600.php
|
| Date Reported: 11/27/2001
| Brief Description: Audiogalaxy stores account name and password in
| plaintext within a cookie
| Risk Factor: Low
| Attack Type: Host Based / Network Based
| Platforms Affected: Audiogalaxy All versions
| Vulnerability: audiogalaxy-plaintext-password
| X-Force URL: http://xforce.iss.net/static/7621.php
|
| Date Reported: 11/27/2001
| Brief Description: WU-FTPD glob() function error handling heap
| corruption
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: Caldera OpenLinux 2.3, Caldera OpenLinux
| eBuilder All versions, Caldera OpenLinux
| eDesktop 2.4, Caldera OpenLinux eServer 2.3.1,
| Caldera OpenLinux Server 3.1, Conectiva Linux
| 6.0, Conectiva Linux 5.0, Conectiva Linux prg
| graficos, Conectiva Linux ecommerce, Conectiva
| Linux 5.1, Conectiva Linux 7.0, Immunix OS 7.0
| Vulnerability: wuftp-glob-heap-corruption
| X-Force URL: http://xforce.iss.net/static/7611.php
|
| Date Reported: 11/27/2001
| Brief Description: Allaire JRun could allow an attacker to view
| contents of the Web root directory and
| subdirectories
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: JRun 3.0, JRun 3.1
| Vulnerability: allaire-jrun-view-directory
| X-Force URL: http://xforce.iss.net/static/7623.php
|
| Date Reported: 11/27/2001
| Brief Description: Allaire JRun could allow an attacker to view
| contents of files
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: JRun 3.0, JRun 3.1, JRun 2.3.3
| Vulnerability: allaire-jrun-view-source
| X-Force URL: http://xforce.iss.net/static/7622.php
|
| Date Reported: 11/27/2001
| Brief Description: GNOME libgtop_daemon remote format string
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: libgtop_daemon 1.0.12 and earlier
| Vulnerability: libgtop-format-string
| X-Force URL: http://xforce.iss.net/static/7608.php
|
| Date Reported: 11/27/2001
| Brief Description: Sendpage.pl $message command execution
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: sendpage.pl All versions
| Vulnerability: sendpage-message-command-execution
| X-Force URL: http://xforce.iss.net/static/7609.php
|
| Date Reported: 11/27/2001
| Brief Description: UNICOS NQS daemon batch job allows root
| compromise using format string attack
| Risk Factor: High
| Attack Type: Host Based
| Platforms Affected: UNICOS 2.0.5.54 and earlier
| Vulnerability: unicos-nqsd-format-string
| X-Force URL: http://xforce.iss.net/static/7618.php
|
| Date Reported: 11/28/2001
| Brief Description: Cisco IOS Firewall with CBAC allows attacker to
| bypass access control list
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: Cisco IOS 12.1(x), Cisco IOS 11.3(x), Cisco IOS
| 12.0(x), Cisco IOS 12.2(x), Cisco IOS 11.2(x)
| Vulnerability: ios-cbac-bypass-acl
| X-Force URL: http://xforce.iss.net/static/7614.php
|
| Date Reported: 11/28/2001
| Brief Description: Mailman cross-site scripting using JavaScript
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: Mailman prior to 2.0.8
| Vulnerability: mailman-java-css
| X-Force URL: http://xforce.iss.net/static/7617.php
|
| Date Reported: 11/28/2001
| Brief Description: PowerFTP "dot dot" directory traversal
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: PowerFTP 2.03
| Vulnerability: powerftp-dot-directory-traversal
| X-Force URL: http://xforce.iss.net/static/7615.php
|
| Date Reported: 11/28/2001
| Brief Description: PowerFTP long command denial of service
| Risk Factor: Low
| Attack Type: Network Based
| Platforms Affected: PowerFTP 2.03
| Vulnerability: powerftp-long-command-dos
| X-Force URL: http://xforce.iss.net/static/7616.php
|
| Date Reported: 11/28/2001
| Brief Description: TWIG stores password in plaintext in cookies
| Risk Factor: Medium
| Attack Type: Host Based
| Platforms Affected: TWIG 2.7.4 and earlier
| Vulnerability: twig-password-plaintext-cookie
| X-Force URL: http://xforce.iss.net/static/7619.php
|
| Date Reported: 11/29/2001
| Brief Description: Alchemy HTTP server allows remote attacker to
| execute arbitrary commands using "dot dot"
| attack
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: Alchemy Eye 2.0 to 2.6.18
| Vulnerability: alchemy-http-dot-commands
| X-Force URL: http://xforce.iss.net/static/7625.php
|
| Date Reported: 11/29/2001
| Brief Description: Alchemy HTTP server "dot dot" attack and "NUL"
| device
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: Alchemy Eye 2.6.19 to 3.0.10
| Vulnerability: alchemy-http-dot-variant
| X-Force URL: http://xforce.iss.net/static/7626.php
|
| Date Reported: 11/29/2001
| Brief Description: PGPMail $CONFIG variable allows remote attacker
| to execute commands
| Risk Factor: High
| Attack Type: Network Based
| Platforms Affected: PGPMail 1.31
| Vulnerability: pgpmail-config-execute-commands
| X-Force URL: http://xforce.iss.net/static/7627.php
|
| Date Reported: 11/30/2001
| Brief Description: Alchemy HTTP server allows a remote attacker to
| view log files
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: Alchemy Eye 1.9.x to 2.6.18, Alchemy Network
| Monitor 1.9.x to 2.6.18
| Vulnerability: alchemy-http-view-log
| X-Force URL: http://xforce.iss.net/static/7630.php
|
| Date Reported: 11/30/2001
| Brief Description: AspUpload 'UploadScript11.asp' script allows
| files to be uploaded to arbitrary directories
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: AspUpload 2.1
| Vulnerability: aspupload-upload-directory-traversal
| X-Force URL: http://xforce.iss.net/static/7628.php
|
| Date Reported: 11/30/2001
| Brief Description: AspUpload 'DirectoryListing.asp' script allows
| directory browsing and download arbitrary files
| Risk Factor: Medium
| Attack Type: Network Based
| Platforms Affected: AspUpload 2.1
| Vulnerability: aspupload-directory-browsing-download
| X-Force URL: http://xforce.iss.net/static/7629.php
|
| _____
|
| Risk Factor Key:
|
| High Any vulnerability that provides an attacker with immediate
| access into a machine, gains superuser access, or bypasses
| a firewall. Example: A vulnerable Sendmail 8.6.5 version
| that allows an intruder to execute commands on mail server.
| Medium Any vulnerability that provides information that has a high
| potential of giving system access to an intruder. Example:
| A misconfigured TFTP or vulnerable NIS server that allows
| an intruder to get the password file that could contain an
| account with a guessable password.
| Low Any vulnerability that provides information that could
| potentially lead to a compromise. Example: A finger that
| allows an intruder to find out who is online and potential
| accounts to attempt to crack passwords via brute force
| methods.
|
| ______
|
| About Internet Security Systems (ISS)
| Internet Security Systems is a leading global provider of security
| management solutions for the Internet, protecting digital assets and
| ensuring safe and uninterrupted e-business. With its industry-leading
| intrusion detection and vulnerability assessment, remote managed
| security services, and strategic consulting and education offerings, ISS
| is a trusted security provider to more than 8,000 customers worldwide
| including 21 of the 25 largest U.S. commercial banks and the top 10 U.S.
| telecommunications companies. Founded in 1994, ISS is headquartered in
| Atlanta, GA, with additional offices throughout North America and
| international operations in Asia, Australia, Europe, Latin America and
| the Middle East. For more information, visit the Internet Security
| Systems web site at www.iss.net or call 888-901-7477.
|
| Copyright (c) 2001 Internet Security Systems, Inc. All rights reserved
| worldwide.
|
| Permission is hereby granted for the redistribution of this Alert
| electronically. It is not to be edited in any way without express consent
of
| the X-Force. If you wish to reprint the whole or any part of this Alert in
| any other medium excluding electronic medium, please e-mail [EMAIL PROTECTED]
| for permission.
|
| Disclaimer
|
| The information within this paper may change without notice. Use of this
| information constitutes acceptance for use in an AS IS condition. There
are
| NO warranties with regard to this information. In no event shall the
author
| be liable for any damages whatsoever arising out of or in connection with
| the use or spread of this information. Any use of this information is at
the
| user's own risk.
|
| X-Force PGP Key available at: http://xforce.iss.net/sensitive.php
| as well as on MIT's PGP key server and PGP.com's key server.
|
| Please send suggestions, updates, and comments to: X-Force
| [EMAIL PROTECTED] of Internet Security Systems, Inc.
|
|
|
| -----BEGIN PGP SIGNATURE-----
| Version: 2.6.3a
| Charset: noconv
|
| iQCVAwUBPAvy5zRfJiV99eG9AQECowQAuRKu8TGejrcMrMlX1OGgpEy407dqhtmS
| sUNwdiWwlMcr71xV3b26haTQ8zIbjJprX9AqhwgRNylDhSEzxDz3pOytwhapkfl4
| VjpEOlp/EI8HOMpKUyRiWxyOgQX8fs9akrSNZPTBd3sWQcc2itkbJaDzlJycAzDQ
| 5J9W1sRi9JU=
| =MKtg
| -----END PGP SIGNATURE-----
|
|
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/[email protected]/
---------------------------------------------------------
