I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary September 18, 1998 Volume 2 Number 10 X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an email to [11]majordomo@iss.net, and within the body of the message type: 'subscribe alert'. [12]Top of Page || [13]Back to Alert List ___ Contents 5 Reported Vulnerabilities - [14]Novell-NDS - [15]Sun-ping - [16]Webcam32-bo - [17]HP-dtmail - [18]IIS-exedir 2 Updates - [19]Win-backdoors - [20]Sun-mailtool Risk Factor Key [21]Top of Page || [22]Back to Alert List ___ Date Reported: 9/16/98 Vulnerability: Novell-NDS Platforms Affected: Novell NetWare (4.1, 4.11) Risk Level: Medium "Default settings during NDS installation reveal account names and other information to users who have not logged in. Learning potential account names is usually the first step before an intruder attacks a computer system." Reference: Nomad Mobile Research Centre Advisory: "Default NDS Rights" at [23]http://www.nmrc.org/ Original BUGTRAQ Post of Advisory at [24]http://www.netspace.org/cgi-bin/wa?A2=ind9809c&L=bugtraq&D=1&P=2763 [25]Top of Page || [26]Back to Alert List ___ Date Reported: 9/9/98 Vulnerability: Sun-ping Platforms Affected: Solaris (2.3, 2.4, 2.5, 2.5.1, 2.6) SunOS (4.1.3_U1, 4.1.4) Risk Level: High A buffer overflow has been discovered in the ping program. "The ping utility uses the ICMP protocol's ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from the specified host or network gateway. A buffer overflow has been discovered in the ping program which could be exploited by local users to gain root access." Reference: Sun Microsystems, Inc. Security Bulletin #00174: "ping" at [27]http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/174 [28]Top of Page || [29]Back to Alert List ___ Date Reported: 9/1/98 Vulnerability: Webcam32-bo Platforms Affected: Webcam32 (v4.5.1 to v4.8.3 beta3) Risk Level: High There is a vulnerability present in Kolban's Webcam32 v4.5.1 to v4.8.3 beta 3. This vulnerability allows a remote attacker to overflow a buffer that can result in crashing the Webcam32 software, or more seriously to execute code on the system running Webcam32. This allows complete control over a Windows 95/98 system, and user level access to a Windows NT system. Reference: ISS Vulnerability Alert: "Remote Buffer Overflow in the Kolban Webcam32 Program" at [30]http://www.iss.net/xforce/alerts/advise7.html [31]Top of Page || [32]Back to Alert List ___ Date Reported: 8/31/98 Vulnerability: HP-dtmail Platforms Affected: HP-UX (10.10, 10.20, 10.24, 10.30, 11.00) Risk Level: High Hewlett Packard has released patches for a vulnerability in the dtmail and rpc.ttdbserverd products. They are part of the HP implementation of the Common Desktop Environment and contain buffer overflows that allow an attacker to gain unauthorized access. Reference: HEWLETT-PACKARD SECURITY BULLETIN: #00084 "Security Vulnerability in dtmail/rpc.ttdbserverd on HP-UX" at [33]http://us-support.external.hp.com/ Note: Requires no-cost password to access security bulletins. [34]Top of Page || [35]Back to Alert List ___ Date Reported: 8/31/98 Vulnerability: IIS-exedir Platforms Affected: Internet Information Server (4.0) Risk Level: High If a non-administrative user can place executable code into a web site directory which allows file execution, the user may be able to run applications which could compromise the web server. Reference: ISS Security Advisory: "Executable Directories in IIS 4.0" at [36]http://www.iss.net/xforce/alerts/advise6.html [37]Top of Page || [38]Back to Alert List ___ Date Reported: 9/10/98 (ISS Security Alert Advisory Cult of the Dead Cow Back Orifice Backdoor) Update: Win-backdoors Vendor: Microsoft Platforms Affected: Windows NT Windows 95 Windows 98 This update contains information on: * Information about the NetBus backdoor that works on Windows 95/98 and NT. * A backdoor in NetBus and how to remove the program. * Dramatic increase in backdoor compromises since the release of Back Orifice. * New enhancements to Back Orifice that help hackers, and availability of additional tools to detect and remove Back Orifice. * The BoSniffer trojan horse. Reference: ISS Vulnerability Alert: "Windows Backdoors Update" at [39]http://www.iss.net/xforce/alerts/advise8.html [40]Top of Page || [41]Back to Alert List ___ Date Reported: 9/9/98 (CERT Advisory CA-98.10) Update: Sun-mailtool Vendor: Sun Microsystems, Inc. Platforms Affected: Solaris (2.3, 2.4, 2.5, 2.5.1, 2.6) SunOS (4.1.3_U1, 4.1.4) Mailtool is a utility that provides an OpenWindows interface for the mail program. Sun has released patches that correct a vulnerability in mailtool. Using this vulnerability, a remote attacker can execute arbitrary commands on the vulnerable system. References: Sun Microsystems, Inc. Security Bulletin #00175: "mailtool" at [42]http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/175 CERT Advisory CA-98.10: "Buffer Overflow in MIME-aware Mail and News Clients" at [43]http://www.cert.org/advisories/CA-98.10.mime_buffer_overflows.html [44]Top of Page || [45]Back to Alert List ___ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. Internet Security Systems, Inc. is the leading provider of adaptive network security monitoring, detection and response software that protects the security and integrity of enterprise information systems. By dynamically detecting and responding to security vulnerabilities and threats inherent in open systems, ISS's SAFEsuite family of products provide protection across the enterprise, including the Internet, extranets, and internal networks, from attacks, misuse and security policy violations. The Company has delivered its adaptive network security solutions to organizations worldwide, including firms in the Global 2000, 9 of the ten largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at [46]http://www.iss.net. [47]Top of Page || [48]Back to Alert List ___ Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please email [49]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [50]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net > of Internet Security Systems, Inc. [51]News | [52]Serious Fun | [53]Mail Lists | [54]Security Library [55]Protoworx | [56]Alerts | [57]Submissions | [58]Feedback [59]Advanced Search [60]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [61]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [62]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 13. http://xforce.iss.net/alerts/alerts.php3 14. http://xforce.iss.net/alerts/vol-2_num-10.php3#Novell-NDS 15. http://xforce.iss.net/alerts/vol-2_num-10.php3#Sun-ping 16. http://xforce.iss.net/alerts/vol-2_num-10.php3#Webcam32-bo 17. http://xforce.iss.net/alerts/vol-2_num-10.php3#HP-dtmail 18. http://xforce.iss.net/alerts/vol-2_num-10.php3#IIS-exedir 19. http://xforce.iss.net/alerts/vol-2_num-10.php3#Win-backdoors 20. http://xforce.iss.net/alerts/vol-2_num-10.php3#Sun-mailtool 21. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 22. http://xforce.iss.net/alerts/alerts.php3 23. http://www.nmrc.org/ 24. http://www.netspace.org/cgi-bin/wa?A2=ind9809c&L=bugtraq&D=1&P=2763 25. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 26. http://xforce.iss.net/alerts/alerts.php3 27. http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/174 28. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 29. http://xforce.iss.net/alerts/alerts.php3 30. http://www.iss.net/xforce/alerts/advise7.html 31. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 32. http://xforce.iss.net/alerts/alerts.php3 33. http://us-support.external.hp.com/ 34. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 35. http://xforce.iss.net/alerts/alerts.php3 36. http://www.iss.net/xforce/alerts/advise6.html 37. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 38. http://xforce.iss.net/alerts/alerts.php3 39. http://www.iss.net/xforce/alerts/advise8.html 40. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 41. http://xforce.iss.net/alerts/alerts.php3 42. http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/175 43. http://www.cert.org/advisories/CA-98.10.mime_buffer_overflows.html 44. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 45. http://xforce.iss.net/alerts/alerts.php3 46. http://www.iss.net/ 47. http://xforce.iss.net/alerts/vol-2_num-10.php3#list 48. http://xforce.iss.net/alerts/alerts.php3 49. mailto:xforce@iss.net 50. http://www.iss.net/xforce/sensitive.html 51. http://xforce.iss.net/news.php3 52. http://xforce.iss.net/seriousfun/ 53. http://xforce.iss.net/maillists/ 54. http://xforce.iss.net/library/ 55. http://xforce.iss.net/protoworx/ 56. http://xforce.iss.net/alerts/ 57. http://xforce.iss.net/submission.php3 58. http://xforce.iss.net/feedback.php3 59. http://xforce.iss.net/search.php3 60. http://xforce.iss.net/about.php3 61. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 62. http://xforce.iss.net/privacy.php3