I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary January 7, 1998 Volume 1 Number 10 _X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list by sending an e-mail to [11]majordomo@iss.net and within the body of the message type: 'subscribe alert'. ___ Index 3 Reported New Vulnerabilities [12]Back to Alert List [13] - apache-dos [14] - quake2-dos [15] - cisco-7xxcrash 2 Updates [16] - sun-pentium [17] - sgi-statd Risk Factor Key [18]Top of Page || [19]Back to Alert List ___ Date Reported: 12/30/97 Vulnerability: apache-dos Platforms Affected: Apache httpd (1.2.x, 1.3b3) Risk Level: Medium A vulnerability exists in Apache httpd servers that allow an attacker to increase the load average on the machine. When an attacker sends excessive http requests with thousands of '/'s inside, the system running the server slows down effectively denying service. This problem has a patch and will be corrected in 1.2.5 release. Reference: [20]http://www.netspace.org/cgi-bin/wa?A1=ind9712eL=bugtraq#2 Patches: [21]http://www.apache.org/dist/patches/apply_to_1.2.4/no2slash-loop-fix.patch [22]http://www.apache.org/dist/patches/apply_to_1.3b3/no2slash-loop-fix.patch [23]Top of Page || [24]Back to Alert List ___ Date Reported: 12/24/97 Vulnerability: quake2-dos Platforms Affected: Windows Machines running Quake 2 Server Risk Level: Low Quake 2 servers have a vulnerability that allows a remote attacker to shut down the server. By sending a couple of spoofed UDP packets with a return address of 127.0.0.1 or a return address of another Quake 2 server to the machine running server, the it will then try to start a game with itself, and crash. References: [25]http://www.netspace.org/cgi-bin/wa?A2=ind9712dL=bugtraq&O=T&P=828 Patch: [26]ftp://ftp.idsoftware.com/idstuff/quake2/patch_07.zip [27]Top of Page || [28]Back to Alert List ___ Date Reported: 12/15/97 Vulnerability: cisco-7xxcrash Platforms Affected: Cisco 7xx routers (IOS 700 4.1(1), 4.1(2), or 4.1 interim releases earlier than 4.1(2.1)) Risk Level: High Cisco 7xx routers running IOS 700 are vulnerable to a denial of service attack that reboots the router. An attacker can telnet to the router, and enter a very long password string that overflows the data buffer that is used for passwords. This forces the router to crash denying service to legitimate users. References: [29]http://www.cisco.com/warp/public/770/pwbuf-pub.shtml [30]http://www.netspace.org/cgi-bin/wa?A2=ind9712cL=bugtraq&O=T&P=1126 [31]Top of Page || [32]Back to Alert List ___ Date: 12/18/97 Update: sun-pentium Vendor: Sun Microsystems, Inc. Platforms: Pentium machines running Solaris (2.4, 2.5 , 2.5.1, 2.6) Sun has released patches for its Solaris Intel platforms for the Intel Pentium Invalid Operand instruction. On unpatched Pentium, and Pentium MMX systems, an unprivileged user can deny service to other users by causing the system to hang. This vulnerability does not apply to Pentium Pro or Pentium II processors. References: [33]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-161.txt [34]http://www.intel.com/support/processors/pentium/ppiie/index.htm [35]Top of Page || [36]Back to Alert List ___ Date: 12/16/97 (Cert Advisory 97.26) Update: sgi-statd Vendor: Silicon Graphics Inc. Platforms: IRIX (5.0.x, 5.1.x, 5.2, 5.3) Silicon Graphics Inc. has released a temporary solution and patches for the statd vulnerability that allows remote and local users to execute commands with root privileges. References: [37]ftp://sgigate.sgi.com/security/19971201-01-P1391 [38]ftp://info.cert.org/pub/cert_advisories/CA-97.26.statd [39]Top of Page || [40]Back to Alert List ___ Risk Factor Key: High any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium any vulnerability that provides information that has a high potential of giving access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that possibly can contain an account with a guessable password. Low any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce. Internet Security Systems, Inc., (ISS) is the pioneer and world's leading supplier of network security assessment and intrusion detection tools, providing comprehensive software that enables organizations to proactively manage and minimize their network security risks. For more information, contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site at [41]http://www.iss.net. [42]Top of Page || [43]Back to Alert List ________ Copyright (c) 1997 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [44]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [45]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X Force xforce@iss.net > of Internet Security Systems, Inc. [46]Top of Page || [47]Back to Alert List [48]News | [49]Serious Fun | [50]Mail Lists | [51]Security Library [52]Protoworx | [53]Alerts | [54]Submissions | [55]Feedback [56]Advanced Search [57]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [58]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [59]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/alerts.php3 13. http://xforce.iss.net/alerts/vol-1_num-10.php3#apache-dos 14. http://xforce.iss.net/alerts/vol-1_num-10.php3#quake2-dos 15. http://xforce.iss.net/alerts/vol-1_num-10.php3#cisco-7xxcrash 16. http://xforce.iss.net/alerts/vol-1_num-10.php3#sun-pentium 17. http://xforce.iss.net/alerts/vol-1_num-10.php3#sgi-statd 18. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 19. http://xforce.iss.net/alerts/alerts.php3 20. http://www.netspace.org/cgi-bin/wa?A1=ind9712eL=bugtraq#2 21. http://www.apache.org/dist/patches/apply_to_1.2.4/no2slash-loop-fix.patch 22. http://www.apache.org/dist/patches/apply_to_1.3b3/no2slash-loop-fix.patch 23. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 24. http://xforce.iss.net/alerts/alerts.php3 25. http://www.netspace.org/cgi-bin/wa?A2=ind9712dL=bugtraq&O=T&P=828 26. ftp://ftp.idsoftware.com/idstuff/quake2/patch_07.zip 27. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 28. http://xforce.iss.net/alerts/alerts.php3 29. http://www.cisco.com/warp/public/770/pwbuf-pub.shtml 30. http://www.netspace.org/cgi-bin/wa?A2=ind9712cL=bugtraq&O=T&P=1126 31. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 32. http://xforce.iss.net/alerts/alerts.php3 33. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-161.txt 34. http://www.intel.com/support/processors/pentium/ppiie/index.htm 35. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 36. http://xforce.iss.net/alerts/alerts.php3 37. ftp://sgigate.sgi.com/security/19971201-01-P1391 38. ftp://info.cert.org/pub/cert_advisories/CA-97.26.statd 39. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 40. http://xforce.iss.net/alerts/alerts.php3 41. http://www.iss.net/ 42. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 43. http://xforce.iss.net/alerts/alerts.php3 44. mailto:xforce@iss.net 45. http://www.iss.net/xforce/sensitive.html 46. http://xforce.iss.net/alerts/vol-1_num-10.php3#list 47. http://xforce.iss.net/alerts/alerts.php3 48. http://xforce.iss.net/news.php3 49. http://xforce.iss.net/seriousfun/ 50. http://xforce.iss.net/maillists/ 51. http://xforce.iss.net/library/ 52. http://xforce.iss.net/protoworx/ 53. http://xforce.iss.net/alerts/ 54. http://xforce.iss.net/submission.php3 55. http://xforce.iss.net/feedback.php3 56. http://xforce.iss.net/search.php3 57. http://xforce.iss.net/about.php3 58. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 59. http://xforce.iss.net/privacy.php3