I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary September 24, 1997 Volume 1 Number 3 --- 5 Reported New Vulnerabilities [10]Back to Alert List [11]- SGI-schemebo [12]- rdist-bo3 [13]- Sun-libX11bo [14]- OpenBSD-iosig [15]- SGI-lockout --- Date Reported: 9/15/97 Vulnerability: SGI-schemebo Affected Platforms: IRIX (5.0.x, 5.1.x, 5.2, 5.3, 6.0.x, 6.1, 6.2, 6.3, 6.4) Risk Factor: High SGI uses /usr/lib/iaf/scheme as its login program which allows arguments to be passed to it. An attacker can send a set of arguments that can result in a buffer overflow condition. Arbitrary commands can be executed as a result of this vulnerability as a privileged account. References: [16]ftp://sgigate.sgi.com/security/19970508-02-PX [17]http://ciac.llnl.gov/ciac/bulletins/h-106.shtml [18]Top of Page || [19]Back to Alert List --- Date Reported: 9/16/97 Vulnerability: rdist-bo3 Affected Platforms: AIX (3.2, 4.1, 4.2) FreeBSD (2.1.0) Solaris (currently producting patches) SunOS (currently producing patches) Risk Factor: High A buffer overflow problem has been found in set-uid 'root' versions of rdist. It is possible to make rdist execute user created code as 'root' which results in the execution of arbitrary commands such as /usr/bin/csh. References: [20]ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist [21]http://ciac.llnl.gov/ciac/bulletins/h-107.shtml [22]Top of Page || [23]Back to Alert List --- Date Reported: 9/17/97 Vulnerability: Sun-libX11bo Affected Platforms: SunOS (4.1.3, 4.1.4) Solaris (2.3, 2.4, 2.5, 2.5.1) Risk Factor: High The X Windows system library, libX11, contains several buffer overflows that may be exploited through setuid and setgid programs that link libX11. These exploits can lead to increased access including the 'root' user account. References: [24]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-154.txt [25]http://ciac.llnl.gov/ciac/bulletins/h-108.shtml [26]Top of Page || [27]Back to Alert List --- Date Reported: 9/15/97 Vulnerability: OpenBSD-iosig Affected Platforms: BSD (4.4 based) - BSDI - NetBSD - OpenBSD - FreeBSD Risk Factor: Medium OpenBSD (as well as other 4.4BSD kernel based operating systems) contains a vulnerability in the way it handles certain i/o signals. This bug allows unprivileged users to send signals to arbitrary processes of programs on the system and inturrupt its operation, or even kill the process all together. Reference: [28]http://www.cdc.net/~x/advisories/open-iosig.asc [29]Top of Page || [30]Back to Alert List --- Date Reported: 9/15/97 Vulnerability: SGI-lockout Affected Platforms: IRIX (5.0.x, 5.1.x, 5.2, 5.3, 6.0.x, 6.1, 6.2, 6.3, 6.4) Risk Factor: Low A vulnerability exists in IRIX's login program. LOCKOUT is used to lock out accounts when a given number of unsuccessful login attempts has been reached. When the LOCKOUT value is set to a value greater than zero, files can be created or corrupted. References: [31]ftp://sgigate.sgi.com/security/19970508-02-PX [32]http://ciac.llnl.gov/ciac/bulletins/h-106.shtml [33]Top of Page || [34]Back to Alert List --- Risk Factor Key: High any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium any vulnerability that provides information that has a high potential of giving access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that possibly can contain an account with a guessable password. Low any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce. [35]Top of Page || [36]Back to Alert List -------- Copyright (c) 1997 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [37]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Please send suggestions, updates, and comments to: X Force [38]xforce@iss.net of Internet Security Systems, Inc. Internet Security Systems, Inc. Internet Security Systems, Inc., (ISS) is the pioneer and world's leading supplier of network security assessment and monitoring tools, providing comprehensive software that enables organizations to proactively manage and minimize their network security risks. ISS' SAFEsuite® product family automatically detects, monitors, and responds to the growing number of network security vulnerabilities and threats. The Atlanta-based company's flagship product, Internet Scanner, is the world's leading security auditing tool used to eliminate network security vulnerabilities in corporations, government agencies, and financial institutions including 9 out of the top 10 U.S. banks. ISS' real time attack recognition and response tool, RealSecure(tm), is the leading network monitoring software used to automatically guard networks from external threats and internal misuse. For more information, contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site at [39]http://www.iss.net. [40]Top of Page || [41]Back to Alert List [42]News | [43]Serious Fun | [44]Mail Lists | [45]Security Library [46]Protoworx | [47]Alerts | [48]Submissions | [49]Feedback [50]Advanced Search [51]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [52]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [53]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://xforce.iss.net/alerts/alerts.php3 11. http://xforce.iss.net/alerts/vol-1_num-3.php3#SCHEMEBO 12. http://xforce.iss.net/alerts/vol-1_num-3.php3#RDIST 13. http://xforce.iss.net/alerts/vol-1_num-3.php3#LIB 14. http://xforce.iss.net/alerts/vol-1_num-3.php3#OPEN 15. http://xforce.iss.net/alerts/vol-1_num-3.php3#SGI 16. ftp://sgigate.sgi.com/security/19970508-02-PX 17. http://ciac.llnl.gov/ciac/bulletins/h-106.shtml 18. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 19. http://xforce.iss.net/alerts/alerts.php3 20. ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist 21. http://ciac.llnl.gov/ciac/bulletins/h-107.shtml 22. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 23. http://xforce.iss.net/alerts/alerts.php3 24. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-154.txt 25. http://ciac.llnl.gov/ciac/bulletins/h-108.shtml 26. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 27. http://xforce.iss.net/alerts/alerts.php3 28. http://www.cdc.net/~x/advisories/open-iosig.asc 29. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 30. http://xforce.iss.net/alerts/alerts.php3 31. ftp://sgigate.sgi.com/security/19970508-02-PX 32. http://ciac.llnl.gov/ciac/bulletins/h-106.shtml 33. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 34. http://xforce.iss.net/alerts/alerts.php3 35. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 36. http://xforce.iss.net/alerts/alerts.php3 37. mailto:x-force@iss.net 38. mailto:x-force@iss.net 39. http://www.iss.net/ 40. http://xforce.iss.net/alerts/vol-1_num-3.php3#list 41. http://xforce.iss.net/alerts/alerts.php3 42. http://xforce.iss.net/news.php3 43. http://xforce.iss.net/seriousfun/ 44. http://xforce.iss.net/maillists/ 45. http://xforce.iss.net/library/ 46. http://xforce.iss.net/protoworx/ 47. http://xforce.iss.net/alerts/ 48. http://xforce.iss.net/submission.php3 49. http://xforce.iss.net/feedback.php3 50. http://xforce.iss.net/search.php3 51. http://xforce.iss.net/about.php3 52. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 53. http://xforce.iss.net/privacy.php3