I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary April 24, 1998 Volume 2 Number 5 X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an e-mail to [11]majordomo@iss.net, and within the body of the message type: 'subscribe alert'. [12]Top of Page || [13]Back to Alert List ___ Contents 4 Reported Vulnerabilities - [14]SGI-LicenseManager - [15]Sun-rpcbind - [16]bind-bo - [17]bind-dos 3 Updates - [18]HP-inetd - [19]SGI-suidperl/sperl - [20]SGI-suid_exec Risk Factor Key [21]Top of Page || [22]Back to Alert List ___ Date Reported: 4/13/98 Vulnerability: SGI-LicenseManager Platforms Affected: IRIX (5.3, 6.1, 6.2, 6.3) Risk Level: High LicenseManager is a program used to view and manage FLEXlm and NetLS software licenses. Vulnerabilities have been found that would allow an attacker with a user account on the system to manipulate root-owned files and even gain root access both locally and remotely. This vulnerability has been discussed on newsgroups and mailing lists and it is recommended that workarounds be applied to vulnerable systems. References: [23]ftp://sgigate.sgi.com/security/19980406-01-PX [24]http://www.ciac.org/ciac/bulletins/i-045.shtml [25]Top of Page || [26]Back to Alert List ___ Date Reported: 4/8/98 Vulnerability: Sun-rpcbind Platforms Affected: Solaris (2.3, 2.4, 2.5, 2.5.1, 2.6) Risk Level: High >From Sun Security Bulletin: The rpcbind program is a server that converts RPC program numbers into universal addresses. When an RPC service is started, it registers itself with rpcbind by telling rpcbind the address to which the RPC service is listening, and the RPC program numbers it is prepared to serve. A vulnerability has been discovered in rpcbind which, if exploited, can be used to overwrite arbitrary files and permit unauthorized system access. Reference: [27]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-167.txt [28]http://www.ciac.org/ciac/bulletins/h-70a.shtml [29]Top of Page || [30]Back to Alert List ___ Date Reported: 4/8/98 Vulnerability: bind-bo Platforms Affected: BIND (4.9 prior to 4.9.7, 8 prior to 8.1.2) Risk Level: High A buffer overflow exists in BIND versions 4.9 prior to 4.9.7, and BIND versions 8 prior to 8.1.2. A malicious remote user can send a specially formatted inverse-query TCP stream that would crash the BIND server and allow the attacker to gain root access. References: [31]ftp://info.cert.org/pub/cert_advisories/CA-98.05.bind_problems [32]http://www.ciac.org/ciac/bulletins/i-044.shtml [33]Top of Page || [34]Back to Alert List ___ Date Reported: 4/8/98 Vulnerability: bind-dos Platforms Affected: BIND (4.9 prior to 4.9.7, 8 prior to 8.1.2) Risk Level: Medium A malicious remote user can format a DNS message that would cause BIND 4.9 and BIND 8 servers to read from invalid memory locations. This would crash the BIND server. References: [35]ftp://info.cert.org/pub/cert_advisories/CA-98.05.bind_problems [36]http://www.ciac.org/ciac/bulletins/i-044.shtml [37]Top of Page || [38]Back to Alert List ___ Date Reported: 4/13/98 (ISS Security Alert Summary v2 n4) Update: HP-inetd Vendor: Hewlett Packard Platforms Affected: HP-UX (9.x, 10.x) HP has released patches that correct the vulnerability that exists in HP-UX's inetd service. Improperly coded routines could result in denial-of-service attacks resulting in the loss of networking. References: HP Security Bulletin #00077 - [39]http://us-support.external.hp.com/ [40]http://ciac.llnl.gov/ciac/bulletins/i-039.shtml [41]Top of Page || [42]Back to Alert List ___ Date Reported: 4/6/98 (CERT CA-97.17) Update: SGI-suidperl/sperl Vendor: Silicon Graphics Inc. Platforms Affected: IRIX (any running suidperl/sperl 5.003 and lower) The suidperl or sperl program is an altered versions of PERL which allows PERL scripts to be run under the setuid of a particular user. A buffer overflow exists that would allow a local user to execute arbitrary commands as the user root. References: [43]ftp://sgigate.sgi.com/security/19980404-01-I [44]ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl [45]Top of Page || [46]Back to Alert List ___ Date Reported: 4/6/98 (AUSCERT AA-96.17) Update: SGI-suid_exec Vendor: Silicon Graphics Inc. Platforms Affected: IRIX (5.x, 6.x) The suid_exec command, which is part of ksh software distributions, is used to execute shell scripts setuid. A buffer overflow has been discovered in suid_exec that would allow any user with a local account to execute commands with root privileges. This vulnerability can be exploited both locally and remotely. References: [47]ftp://sgigate.sgi.com/security/19980405-01-I [48]http://www.ciac.org/ciac/bulletins/h-15a.shtml [49]Top of Page || [50]Back to Alert List ___ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce methods. Internet Security Systems, Inc. (NASDAQ-NMS:ISSX) is the leading provider of adaptive network security monitoring, detection and response software that protects the security and integrity of enterprise information systems. By dynamically detecting and responding to security vulnerabilities and threats inherent in open systems, ISS's SAFEsuite® family of products provides protection across the enterprise, including the Internet, extranets and internal networks, from attacks, misuse and security policy violations. The Company has delivered its network security, monitoring, detection and response solutions to organizations worldwide, including firms in the Global 2000, 9 of the ten largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 770-395-0150 or 800-776-2376 or visit the ISS Web site at HYPERLINK [51]http://www.iss.net. [52]Top of Page || [53]Back to Alert List ________ Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [54]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [55]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net > of Internet Security Systems, Inc. [56]News | [57]Serious Fun | [58]Mail Lists | [59]Security Library [60]Protoworx | [61]Alerts | [62]Submissions | [63]Feedback [64]Advanced Search [65]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [66]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [67]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 13. http://xforce.iss.net/alerts/alerts.php3 14. http://xforce.iss.net/alerts/vol-2_num-5.php3#SGI-LicenseManager 15. http://xforce.iss.net/alerts/vol-2_num-5.php3#Sun-rpcbind 16. http://xforce.iss.net/alerts/vol-2_num-5.php3#bind-bo 17. http://xforce.iss.net/alerts/vol-2_num-5.php3#bind-dos 18. http://xforce.iss.net/alerts/vol-2_num-5.php3#HP-inetd 19. http://xforce.iss.net/alerts/vol-2_num-5.php3#SGI-suidperl/sperl 20. http://xforce.iss.net/alerts/vol-2_num-5.php3#SGI-suid_exec 21. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 22. http://xforce.iss.net/alerts/alerts.php3 23. ftp://sgigate.sgi.com/security/19980406-01-PX 24. http://www.ciac.org/ciac/bulletins/i-045.shtml 25. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 26. http://xforce.iss.net/alerts/alerts.php3 27. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-167.txt 28. http://www.ciac.org/ciac/bulletins/h-70a.shtml 29. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 30. http://xforce.iss.net/alerts/alerts.php3 31. ftp://info.cert.org/pub/cert_advisories/CA-98.05.bind_problems 32. http://www.ciac.org/ciac/bulletins/i-044.shtml 33. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 34. http://xforce.iss.net/alerts/alerts.php3 35. ftp://info.cert.org/pub/cert_advisories/CA-98.05.bind_problems 36. http://www.ciac.org/ciac/bulletins/i-044.shtml 37. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 38. http://xforce.iss.net/alerts/alerts.php3 39. http://us-support.external.hp.com/ 40. http://ciac.llnl.gov/ciac/bulletins/i-039.shtml 41. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 42. http://xforce.iss.net/alerts/alerts.php3 43. ftp://sgigate.sgi.com/security/19980404-01-I 44. ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl 45. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 46. http://xforce.iss.net/alerts/alerts.php3 47. ftp://sgigate.sgi.com/security/19980405-01-I 48. http://www.ciac.org/ciac/bulletins/h-15a.shtml 49. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 50. http://xforce.iss.net/alerts/alerts.php3 51. http://www.iss.net/ 52. http://xforce.iss.net/alerts/vol-2_num-5.php3#list 53. http://xforce.iss.net/alerts/alerts.php3 54. mailto:xforce@iss.net 55. http://www.iss.net/xforce/sensitive.html 56. http://xforce.iss.net/news.php3 57. http://xforce.iss.net/seriousfun/ 58. http://xforce.iss.net/maillists/ 59. http://xforce.iss.net/library/ 60. http://xforce.iss.net/protoworx/ 61. http://xforce.iss.net/alerts/ 62. http://xforce.iss.net/submission.php3 63. http://xforce.iss.net/feedback.php3 64. http://xforce.iss.net/search.php3 65. http://xforce.iss.net/about.php3 66. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 67. http://xforce.iss.net/privacy.php3