I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary June 19, 1998 Volume 2 Number 7 X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an e-mail to [11]majordomo@iss.net, and within the body of the message type: 'subscribe alert'. [12]Top of Page || [13]Back to Alert List ___ Contents 6 Reported Vulnerabilities - [14]SGI-mediad - [15]SGI-OSF/DCE-dos - [16]BSDI-rlogind - [17]SSH-insert - [18]Sun-nisd - [19]Sun-ftpd Risk Factor Key [20]Top of Page || [21]Back to Alert List ___ Date Reported: 6/17/98 Vulnerability: SGI-mediad Platforms Affected: IRIX (5.1, 6.4) Risk Level: High The mediad daemon is a program used to monitor removable media devices on IRIX systems and is installed by default on IRIX 5.1 and 6.4 systems. It contains a vulnerablity that would allow a user with local access to the system and physical access to the removable media devices to obtain root level access. References: [22]http://www.sgi.com/Support/security/advisories.html [23]http://www.ciac.org/ciac/bulletins/i-061.shtml [24]Top of Page || [25]Back to Alert List ___ Date Reported: 6/17/98 Vulnerability: SGI-OSF/DCE-dos Platforms Affected: IRIX (5.3, 6.2, 6.3 or 6.4) Risk Level: Medium The Open Group has released an advisory about a denial of service attack on the OSF/DCE (Distributed Computing Environment). A local or remote user can cause the security demon (secd) core dump and no longer accept any incoming connections, thus denying service. This vulnerability can be exploited by a user without a local account on the system. References: [26]http://www.sgi.com/Support/security/advisories.html [27]http://www.ciac.org/ciac/bulletins/i-060.shtml [28]ftp://ftp.cert.org/pub/cert_bulletins/VB-97.12.opengroup [29]Top of Page || [30]Back to Alert List ___ Date Reported: 6/17/98 Vulnerability: BSDI-rlogind Platforms Affected: BSDI (2.0, 2.1) Risk Level: High A vulnerability in BSDI's rlogin program will allow an attacker to overflow a buffer. A buffer overflow can let an attacker execute unauthorized commands, and in some cases gain root level access. Reference: [31]http://www.repsec.com/advisory/0004.html [32]Top of Page || [33]Back to Alert List ___ Date Reported: 6/11/98 Vulnerability: SSH-insert Platforms Affected: All systems running implementations of SSH using protoc ol version 1.x Risk Level: High The SSH program is used to provide secure communications over insecure channels. It is widely used to log in to remote machines. It contains a vulnerability that would allow an attacker to execute arbitrary commands on thet SSH server or on an encrypted SSH channel. Reference: [34]http://www.core-sdi.com/ssh/ssh-advisory.txt [35]Top of Page || [36]Back to Alert List ___ Date Reported: 6/10/98 Vulnerability: Sun-nisd Platforms Affected: Solaris (2.3 - 2.6) Risk Level: High A stack-based buffer overflow exists in some versions of the Solaris 2.x rpc.nisd, which allows attackers to gain root access on the vulnerable machine. The rpc.nisd program is an ONC RPC agent that implements the NIS+ service. Generally, the data sent to an RPC daemon has explicit maximum length, ensuring that it will not overflow buffers of any reasonable size. However, one NIS+ argument: nis_name, has no specific maximum length. In this case the max length defaults to an unsafe value. Because NIS+ copies this argument onto fixed length buffers in the stack, an attacker can corrupt the stack and cause the daemon to execute arbitrary machine code. References: [37]http://www.netspace.org/cgi-bin/wa?A2=ind9806b&L=bugtraq&O=T&P=640 [38]http://www.ciac.org/ciac/bulletins/i-058.shtml [39]http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/170 [40]http://www.iss.net/xforce/ [41]Top of Page || [42]Back to Alert List ___ Date Reported: 6/10/98 Vulnerability: Sun-ftpd Platforms Affected: Solaris (2.3, 2.5, 2.5.1, 2.6) Risk Level: Medium The ftpd daemon is the Internet File Transfre Protocol or the (FTP) server process that allows users to transfer files to and from a system. Each time a connection is made to the FTP service, the Internet daemon (inetd) invokes the FTP process. A denial of service attack has been found that can kill the ftp service. References: [43]http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/171 [44]http://www.ciac.org/ciac/bulletins/i-059.shtml [45]Top of Page || [46]Back to Alert List ___ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce methods. Internet Security Systems, Inc. (NASDAQ-NMS:ISSX) is the leading provider of adaptive network security monitoring, detection and response software that protects the security and integrity of enterprise information systems. By dynamically detecting and responding to security vulnerabilities and threats inherent in open systems, ISS's SAFEsuite® family of products provides protection across the enterprise, including the Internet, extranets and internal networks, from attacks, misuse and security policy violations. The Company has delivered its network security, monitoring, detection and response solutions to organizations worldwide, including firms in the Global 2000, 9 of the ten largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 770-395-0150 or 800-776-2376 or visit the ISS Web site at HYPERLINK [47]http://www.iss.net. [48]Top of Page || [49]Back to Alert List ___ Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [50]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [51]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net > of Internet Security Systems, Inc. [52]News | [53]Serious Fun | [54]Mail Lists | [55]Security Library [56]Protoworx | [57]Alerts | [58]Submissions | [59]Feedback [60]Advanced Search [61]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [62]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [63]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 13. http://xforce.iss.net/alerts/alerts.php3 14. http://xforce.iss.net/alerts/vol-2_num-7.php3#SGI-mediad 15. http://xforce.iss.net/alerts/vol-2_num-7.php3#SGI-OSF/DCE-dos 16. http://xforce.iss.net/alerts/vol-2_num-7.php3#BSDI-rlogind 17. http://xforce.iss.net/alerts/vol-2_num-7.php3#SSH-insert 18. http://xforce.iss.net/alerts/vol-2_num-7.php3#Sun-nisd 19. http://xforce.iss.net/alerts/vol-2_num-7.php3#Sun-ftpd 20. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 21. http://xforce.iss.net/alerts/alerts.php3 22. http://www.sgi.com/Support/security/advisories.html 23. http://www.ciac.org/ciac/bulletins/i-061.shtml 24. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 25. http://xforce.iss.net/alerts/alerts.php3 26. http://www.sgi.com/Support/security/advisories.html 27. http://www.ciac.org/ciac/bulletins/i-060.shtml 28. ftp://ftp.cert.org/pub/cert_bulletins/VB-97.12.opengroup 29. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 30. http://xforce.iss.net/alerts/alerts.php3 31. http://www.repsec.com/advisory/0004.html 32. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 33. http://xforce.iss.net/alerts/alerts.php3 34. http://www.core-sdi.com/ssh/ssh-advisory.txt 35. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 36. http://xforce.iss.net/alerts/alerts.php3 37. http://www.netspace.org/cgi-bin/wa?A2=ind9806b&L=bugtraq&O=T&P=640 38. http://www.ciac.org/ciac/bulletins/i-058.shtml 39. http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/170 40. http://www.iss.net/xforce 41. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 42. http://xforce.iss.net/alerts/alerts.php3 43. http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/171 44. http://www.ciac.org/ciac/bulletins/i-059.shtml 45. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 46. http://xforce.iss.net/alerts/alerts.php3 47. http://www.iss.net/ 48. http://xforce.iss.net/alerts/vol-2_num-7.php3#list 49. http://xforce.iss.net/alerts/alerts.php3 50. mailto:xforce@iss.net 51. http://www.iss.net/xforce/sensitive.html 52. http://xforce.iss.net/news.php3 53. http://xforce.iss.net/seriousfun/ 54. http://xforce.iss.net/maillists/ 55. http://xforce.iss.net/library/ 56. http://xforce.iss.net/protoworx/ 57. http://xforce.iss.net/alerts/ 58. http://xforce.iss.net/submission.php3 59. http://xforce.iss.net/feedback.php3 60. http://xforce.iss.net/search.php3 61. http://xforce.iss.net/about.php3 62. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 63. http://xforce.iss.net/privacy.php3