I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary January 28, 1998 Volume 2 Number 1 _X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list by sending an e-mail to [11]majordomo@iss.net and within the body of the message type: 'subscribe alert'. ___ Index 5 Reported Vulnerabilities [12]Back to Alert List [13] - Domino-write [14] - ssh-agent [15] - MSIE-dildog2 [16] - linux-deliver [17] - IBM-routed 1 Update [18] - smurf Risk Factor Key [19]Top of Page || [20]Back to Alert List ___ Date Reported: 1/20/98 Vulnerability: Domino-write Platforms Affected: All platforms running Domino 4.6 Risk Factor: High Due to the design of Domino's database security, web users are able to write to remote server drives and change server configuration files. Three specific design flaws lead to sites being victimized. First, default database ACLs are set to allow unrestricted access to all web users. Second, databases do not correctly inherit their ACLs from their parent template. Third, no tool is provided to verify that proper security measures have been taken on server configuration databases. These three problems result in databases being left open to arbitrary Web users. Reference: [21]http://www.l0pht.com/advisories/domino2.txt [22]Top of Page || [23]Back to Alert List ___ Date Reported: 1/20/98 Vulnerability: ssh-agent Platforms Affected: Unix platforms running F-Secure SSH pre 1.3.3 Risk Factor: High The program ssh-agent is a RSA key management program for use with the SSH program. It is possible for an attacker to fool their own SSH client into identifying them as another user to a remote server. Any user that uses both RSA authentication and ssh-agent is vulnerable to having an intruder gain remote access to their account. References: [24]ftp://ftp.secnet.com/pub/advisories/SNI-23.SSH-AGENT.advisory [25]ftp://info.cert.org/pub/cert_advisories/CA-98.03.ssh-agent [26]Top of Page || [27]Back to Alert List ___ Date Reported: 1/14/98 Vulnerability: MSIE-dildog2 Platforms Affected: Windows 95 OSR1, OSR2 running IE3.0x+Infoviewer, IE4.0, IE4.01 Windows NT Workstation/Server running IE4.0,IE4.01 Risk Factor: High A buffer overflow condition has been found in the Microsoft Internet Explorer 4.0(1) Suite programs Outlook Express, Windows Explorer, and Internet Explorer. The condition can be exploited to cause the application to page fault or execute arbitrary code. Reference: [28]http://www.l0pht.com/advisories/ie4_x2.txt [29]Top of Page || [30]Back to Alert List ___ Date Reported: 1/14/98 Vulnerability: linux-deliver Platforms Affected: Linux Debian 1.3.1 Linux Slackware 2.x Risk Factor: High Deliver is the program that delivers mail to users once it has arrived at the host. A stack overwrite exists in the function copy_message() that, if exploited, would allow an attacker to execute arbitrary commands as root uid. Reference: [31]http://www.dec.net/ksrt/adv6.html [32]Top of Page || [33]Back to Alert List ___ Date Reported: 1/8/98 Vulnerability: IBM-routed Platforms Affected: AIX (3.2.x, 4.1.x, 4.2.x, 4.3.x) Risk Factor: High Routed is the AIX daemon that services the Routing Information Protocol (RIP), handles router discovery, and maintains network routing tables. There is a vulnerability in routed where the daemon will accept RIP updates that can cause arbitrary system files to be created or modified. Reference: [34]http://www.ers.ibm.com/tech-info/advisories/sva/1998/ERS-SVA-E01-1998:001.1 .txt [35]Top of Page || [36]Back to Alert List ___ Date: 1/5/98 Update: smurf Platforms: Any platform on the Internet CERT/CC has released an advisory that details the smurf denial of service attack that is being widely used because of the exploit program being available on the Internet. The attack consists of sending out hundreds of ICMP echo packets to broadcast addresses, from a spoofed source (the victim). All of these hosts then reply to the victim with ICMP echo replies. References: [37]ftp://ftp.cert.org/pub/cert_advisories/CA-98.01.smurf [38]http://www.quadrunner.com/~chuegen/smurf.txt [39]Top of Page || [40]Back to Alert List ___ Risk Factor Key: High any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium any vulnerability that provides information that has a high potential of giving access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that possibly can contain an account with a guessable password. Low any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce. Internet Security Systems, Inc., (ISS) is the pioneer and world's leading supplier of network security assessment and intrusion detection tools, providing comprehensive software that enables organizations to proactively manage and minimize their network security risks. For more information, contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site at [41]http://www.iss.net. [42]Top of Page || [43]Back to Alert List ________ Copyright (c) 1997 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [44]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [45]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X Force xforce@iss.net > of Internet Security Systems, Inc. [46]Top of Page || [47]Back to Alert List [48]News | [49]Serious Fun | [50]Mail Lists | [51]Security Library [52]Protoworx | [53]Alerts | [54]Submissions | [55]Feedback [56]Advanced Search [57]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [58]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [59]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/alerts.php3 13. http://xforce.iss.net/alerts/vol-2_num-1.php3#Domino-write 14. http://xforce.iss.net/alerts/vol-2_num-1.php3#ssh-agent 15. http://xforce.iss.net/alerts/vol-2_num-1.php3#MSIE-dildog2 16. http://xforce.iss.net/alerts/vol-2_num-1.php3#linux-deliver 17. http://xforce.iss.net/alerts/vol-2_num-1.php3#IBM-routed 18. http://xforce.iss.net/alerts/vol-2_num-1.php3#smurf 19. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 20. http://xforce.iss.net/alerts/alerts.php3 21. http://www.l0pht.com/advisories/domino2.txt 22. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 23. http://xforce.iss.net/alerts/alerts.php3 24. ftp://ftp.secnet.com/pub/advisories/SNI-23.SSH-AGENT.advisory 25. ftp://info.cert.org/pub/cert_advisories/CA-98.03.ssh-agent 26. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 27. http://xforce.iss.net/alerts/alerts.php3 28. http://www.l0pht.com/advisories/ie4_x2.txt 29. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 30. http://xforce.iss.net/alerts/alerts.php3 31. http://www.dec.net/ksrt/adv6.html 32. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 33. http://xforce.iss.net/alerts/alerts.php3 34. http://www.ers.ibm.com/tech-info/advisories/sva/1998/ERS-SVA-E01-1998:001.1.txt 35. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 36. http://xforce.iss.net/alerts/alerts.php3 37. ftp://ftp.cert.org/pub/cert_advisories/CA-98.01.smurf 38. http://www.quadrunner.com/~chuegen/smurf.txt 39. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 40. http://xforce.iss.net/alerts/alerts.php3 41. http://www.iss.net/ 42. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 43. http://xforce.iss.net/alerts/alerts.php3 44. mailto:xforce@iss.net 45. http://www.iss.net/xforce/sensitive.html 46. http://xforce.iss.net/alerts/vol-2_num-1.php3#list 47. http://xforce.iss.net/alerts/alerts.php3 48. http://xforce.iss.net/news.php3 49. http://xforce.iss.net/seriousfun/ 50. http://xforce.iss.net/maillists/ 51. http://xforce.iss.net/library/ 52. http://xforce.iss.net/protoworx/ 53. http://xforce.iss.net/alerts/ 54. http://xforce.iss.net/submission.php3 55. http://xforce.iss.net/feedback.php3 56. http://xforce.iss.net/search.php3 57. http://xforce.iss.net/about.php3 58. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 59. http://xforce.iss.net/privacy.php3