I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary December 3, 1997 Volume 1 Number 8 _X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list by sending an e-mail to [11]majordomo@iss.net and within the body of the message type: 'subscribe alert'. ___ Index 4 Reported New Vulnerabilities [12]Back to Alert List [13] - SCO-scoterm [14] - land-dos [15] - SGI-syserr [16] - SGI-permtool 4 Updates [17] - Cisco-passwdloss [18] - HP-ppl [19] - SGI-at [20] - SGI-libXt Risk Factor Key [21]Top of Page || [22]Back to Alert List ___ Date Reported: 11/20/97 Vulnerability: SCO-scoterm Affected Platforms: SCO Open Desktop/Open Server 3.0 SCO OpenServer 5.0 Risk Factor: High Santa Cruz Operation Open Server's xterm, scoterm, has a vulnerability that, if exploited, would allow any local user to execute arbitrary commands with root privileges. SCO provides a workaround as well as a patch for this problem. References: [23]ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:02a [24]http://ciac.llnl.gov/ciac/bulletins/i-016.shtml [25]Top of Page || [26]Back to Alert List ___ Date Reported: 11/19/97 Vulnerability: land-dos Affected Platforms: (From BUGTRAQ@NETSPACE.ORG 11/24, second hand information not meant to be comprehensive/accurate, contact vendor for exact operating systems and versions) AIX (3) AmigaOS AmiTCP (4.2 (Kickstart 3.0)) BeOS Preview (Release 2 PowerMac) BSDI (2.0, 2.1 (vanilla)) Cisco IOS/700 Cisco Catalyst 5xxx and 29xx switches Digital VMS FreeBSD (2.2.5-Release, 2.2.5-Stable, 3.0-Current) HP External JetDirect Print Servers IBM AS/400 OS7400 (3.7) IRIX (5.2, 5.3) MacOS MacTCP MacOS (7.6.1 (OpenTransport 1.1.2), 8.0) NetApp NFS server (4.1d, 4.3) NetBSD (1.1, 1.2, 1.2a, 1.2.1, 1.3_ALPHA) NeXTSTEP (3.0, 3.1) OpenVMS (7.1 with UCX 4.1-7) QNX (4.24) Rhapsody Developer Release SCO OpenServer (5.0.2 SMP, 5.0.4) SCO Unixware (2.1.1, 2.1.2) SunOS (4.1.3, 4.1.4) Windows 95 (vanilla) Windows 95 (with Winsock 2 and VIPUPD.EXE) Windows NT (with SP3, with SP3 and simptcp-fix) Risk Factor: High A new bug called the land attack named by its discoverer, has been posted to a security mailing list, BUGTRAQ, with an exploit that can lock up or "freeze" many different operating systems as well as network hardware. An attacker can send a SYN packet, which is normally used to open a connection, to the host they want to attack. The packet is spoofed to appear to the machine that it is coming from itself, from the same port. When the machine tries to respond to itself multiple times, it crashes. Many different operating systems and hardware such as routers, and hubs have been reported to being vulnerable to this bug. Packet filters that protect against IP address spoofing will be effective in preventing Internet-launched land attacks. Cisco has released information on how to configure their hardware to avoid this problem. References: [27]http://www.iss.net/xforce/advisories/land1.asc (original BUGTRAQ post) [28]http://www.iss.net/xforce/advisories/land2.asc (affected platforms) [29]http://www.cisco.com/warp/public/770/land-pub.shtml [30]ftp://ietf.org/internet-drafts/draft-ferguson-ingress-filtering-03.txt [31]Top of Page || [32]Back to Alert List ___ Date Reported: 11/18/97 Vulnerability: SGI-syserr Affected Platforms: All SGI systems running Desktop System Monitor Risk Factor: High IRIX's syserr is the System Error Notification Broker program and is part of the Desktop System Monitor. It monitors system events and notifies the user when the events occur. A vulnerability exists in syserr that allows local accounts to create and corrupt random files. Reference: [33]ftp://sgigate.sgi.com/security/19971103-01-PX [34]Top of Page || [35]Back to Alert List ___ Date Reported: 11/18/97 Vulnerability: SGI-permtool Affected Platforms: All SGI systems running Indigo Magic Desktop Risk Factor: High Indigo Magic Desktop contains a program called permissions tool. It is used to modify the permission bits (owner, group, and others) for files and directories (similar to chmod). It contains a vulnerability that allows local accounts to gain access to a privileged user. Reference: [36]ftp://sgigate.sgi.com/security/19971103-01-PX [37]Top of Page || [38]Back to Alert List ___ Date: 11/25/97 (ISS Security Alert Summary v1 n7) Update: Cisco-passwdloss Vendor: Cisco Platforms: LocalDirector 1.6.3 Cisco has investigated the password loss problem in LocalDirector 1.6.3 and was unable to reproduce it. They believe that the reports were caused by an error on the user's end. Cisco is currently fixing the user interface to make it more difficult for the user to lose their password without knowing it. Cisco is still trying to reproduce this to make sure their assessment is correct. Reference: [39]http://www.cisco.com/warp/public/770/ldpass-pub.shtml [40]Top of Page || [41]Back to Alert List ___ Date: 11/24/97 (HP Security Bulletin #00057 4/22/97) Update: HP-ppl Vendor: Hewlett Packard Platforms: HP-UX (9.x, 10.x) Hewlett Packard has released new patches for the ppl vulnerability that was disclosed in April (HP has *revised* HP Security Bulletin #00057). References: [42]http://us-support.external.hp.com - HP Security Bulletin #00057 [43]http://ciac.llnl.gov/ciac/bulletins/i-31a.shtml [44]Top of Page || [45]Back to Alert List ___ Date: 11/18/97 (CERT Advisory CA-97.18 6/12/97) Update: SGI-at Vendor: Silicon Graphics Inc. Platforms: IRIX (3.x, 4.x, 5.0.x, 5.1.x, 5.2, 5.3 6.0.x, 6.1, 6.2, 6.3, 6.4) The at program can be used by local users to schedule commands to be executed at a later time. It contains a vulnerability that allows local users to execute commands as root. SGI has released patches and a temporary solution for this problem. References: [46]ftp://sgigate.sgi.com/security/19971102-01-PX [47]ftp://info.cert.org/pub/cert_advisories/CA-97.18.at [48]Top of Page || [49]Back to Alert List ___ Date: 11/18/97 (CERT Advisory CA-97.11 5/1/97) Update: SGI-libXt Vendor: Silicon Graphics Inc. Platforms: IRIX (4.x, 5.0.x, 5.1.x, 5.2, 5.3 6.0.x, 6.1, 6.2, 6.3, 6.4) Silicon Graphics Inc. has released patches and a temporary solution for the buffer overflow problems in the Xt library of the X Windowing system and X application programs. Reference: [50]ftp://sgigate.sgi.com/security/19971101-01-PX [51]ftp://info.cert.org/pub/cert_advisories/CA-97.11.libXt [52]Top of Page || [53]Back to Alert List ___ Risk Factor Key: High any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium any vulnerability that provides information that has a high potential of giving access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that possibly can contain an account with a guessable password. Low any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce. Internet Security Systems, Inc., (ISS) is the pioneer and world's leading supplier of network security assessment and intrusion detection tools, providing comprehensive software that enables organizations to proactively manage and minimize their network security risks. For more information, contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site at [54]http://www.iss.net. [55]Top of Page || [56]Back to Alert List ________ Copyright (c) 1997 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [57]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [58]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X Force <[59]xforce@iss.net> of Internet Security Systems, Inc. [60]Top of Page || [61]Back to Alert List [62]News | [63]Serious Fun | [64]Mail Lists | [65]Security Library [66]Protoworx | [67]Alerts | [68]Submissions | [69]Feedback [70]Advanced Search [71]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [72]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [73]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/alerts.php3 13. http://xforce.iss.net/alerts/vol-1_num-8.php3#SCO-scoterm 14. http://xforce.iss.net/alerts/vol-1_num-8.php3#land-dos 15. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-syserr 16. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-permtool 17. http://xforce.iss.net/alerts/vol-1_num-8.php3#Cisco-passwdloss 18. http://xforce.iss.net/alerts/vol-1_num-8.php3#HP-ppl 19. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-at 20. http://xforce.iss.net/alerts/vol-1_num-8.php3#SGI-libXt 21. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 22. http://xforce.iss.net/alerts/alerts.php3 23. ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:02a 24. http://ciac.llnl.gov/ciac/bulletins/i-016.shtml 25. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 26. http://xforce.iss.net/alerts/alerts.php3 27. http://www.iss.net/xforce/advisories/land1.asc 28. http://www.iss.net/xforce/advisories/land2.asc 29. http://www.cisco.com/warp/public/770/land-pub.shtml 30. ftp://ietf.org/internet-drafts/draft-ferguson-ingress-filtering-03.txt 31. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 32. http://xforce.iss.net/alerts/alerts.php3 33. ftp://sgigate.sgi.com/security/19971103-01-PX 34. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 35. http://xforce.iss.net/alerts/alerts.php3 36. ftp://sgigate.sgi.com/security/19971103-01-PX 37. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 38. http://xforce.iss.net/alerts/alerts.php3 39. http://www.cisco.com/warp/public/770/ldpass-pub.shtml 40. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 41. http://xforce.iss.net/alerts/alerts.php3 42. http://us-support.external.hp.com/ 43. http://ciac.llnl.gov/ciac/bulletins/i-31a.shtml 44. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 45. http://xforce.iss.net/alerts/alerts.php3 46. ftp://sgigate.sgi.com/security/19971102-01-PX 47. ftp://info.cert.org/pub/cert_advisories/CA-97.18.at 48. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 49. http://xforce.iss.net/alerts/alerts.php3 50. ftp://sgigate.sgi.com/security/19971101-01-PX 51. ftp://info.cert.org/pub/cert_advisories/CA-97.11.libXt 52. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 53. http://xforce.iss.net/alerts/alerts.php3 54. http://www.iss.net/ 55. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 56. http://xforce.iss.net/alerts/alerts.php3 57. mailto:xforce@iss.net 58. http://www.iss.net/xforce/sensitive.html 59. mailto:xforce@iss.net 60. http://xforce.iss.net/alerts/vol-1_num-8.php3#list 61. http://xforce.iss.net/alerts/alerts.php3 62. http://xforce.iss.net/news.php3 63. http://xforce.iss.net/seriousfun/ 64. http://xforce.iss.net/maillists/ 65. http://xforce.iss.net/library/ 66. http://xforce.iss.net/protoworx/ 67. http://xforce.iss.net/alerts/ 68. http://xforce.iss.net/submission.php3 69. http://xforce.iss.net/feedback.php3 70. http://xforce.iss.net/search.php3 71. http://xforce.iss.net/about.php3 72. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 73. http://xforce.iss.net/privacy.php3