From xforce@iss.net Mon Jul 27 11:16:14 1998 From: X-Force To: alert@iss.net Cc: X-Force Date: Sat, 25 Jul 1998 14:38:04 -0400 (EDT) Subject: ISSalert: ISS Security Alert Summary v2 n8 ISS Security Alert Summary July 24, 1998 Volume 2 Number 8 X-Force Vulnerability and Threat Database: http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert'. ___ Contents 5 Reported Vulnerabilities - SGI-mailcap - SGI-ioconfig/disk_bandwidth - Sun-SUNWadmap - Sun-libnsl - Sun-NIS/NIS+ Risk Factor Key ___ Date Reported: 7/20/98 Vulnerability: SGI-mailcap Platforms Affected: IRIX (6.3, 6.4) Risk Level: High The SGI sysmgr, which is a graphical interface used to administer Silicon Graphics workstations, is used by administrators to execute various tasks. Two of the tools used to manage its graphical interface, runtask and runexec, can be used by a malicious web page to execute local system manager tasks. This can lead to an attacker gaining privileges of the user browsing the web, which can lead to root access. Reference: Silicon Graphics Inc. Security Advisory: "IRIX 6.3 & 6.4 mailcap vulnerability" at ftp://sgigate.sgi.com/security/19980403-02-PX ___ Date Reported: 7/20/98 Vulnerability: SGI-ioconfig/disk_bandwidth Platforms Affected: IRIX (6.4) Risk Level: High >From the Silicon Graphics, Inc. (SGI) Security Advisory, "The IRIX ioconfig(1M) program assigns logical controller numbers to all I/O devices on a Silicon Graphics Origin(tm) or Onyx2(tm) system. The IRIX disk_bandwidth(1M) program is used to determine the number of I/O operations that can be performed on a given disk device on an Origin or Onyx2 system." A vulnerability has been found in both of these programs that could allow an attacker to obtain root privileges. Reference: Silicon Graphics Inc. Security Advisory: "IRIX 6.4 ioconfig(1M) and disk_bandwidth(1M) Vulnerability" at ftp://sgigate.sgi.com/security/19980701-01-P ___ Date Reported: 7/15/98 Vulnerability: Sun-SUNWadmap Platforms Affected: Solaris (2..6 with SUNWadmap package from the Solaris 2.6 Hardware:3/98 or 5/98 update releases) Risk Level: High >From Sun Microsystems, Inc. Security Bulletin #00173, "The System administration applications package, SUNWadmap, provides software used to perform system administration tasks. A vulnerability has been discovered in the SUNWadmap package of the Solaris 2.6 Hardware:3/98 and 5/98 update releases which could be exploited to get root access." References: Sun Microsystems, Inc. Security Bulletin: "Security Bulletin #00173" at http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/173 CIAC Information Bulletin I-072: "SunOS Vulnerabilities (libnsl, SUNWadmap)" at http://www.ciac.org/ciac/bulletins/i-072.shtml ___ Date Reported: 7/15/98 Vulnerability: Sun-libnsl Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Level: High Several buffer overflows have been found in the libnsl library, which provides functions used by application programs to interface to network services. If exploited, these buffer overflow conditions could be used to gain root level access. References: Sun Microsystems, Inc. Security Bulletin: "Security Bulletin #00172" at http://sunsolve1.Sun.COM/pub-cgi/us/sec2html?secbull/172 CIAC Information Bulletin I-072: "SunOS Vulnerabilities (libnsl, SUNWadmap)" at http://www.ciac.org/ciac/bulletins/i-072.shtml ___ Date Reported: 6/29/98 Vulnerability: Sun-NIS/NIS+ Platforms Affected: Sun NIS/NIS+ based networks Risk Level: High It is possible, through a well orchestrated attack using the finger service against multiple NIS clients, to disrupt an entire NIS-based network and/or starve the NIS servers for resources. The issue originates in the finger service but the attack causes long duration, network-wide congestion and resource exhaustion on NIS servers. References: ISS Security Alert Advisory: "Distributed DoS attack against NIS/NIS+ based networks" at http://www.iss.net/xforce/alerts/nis-attack.html CIAC Information Bulletin I-070: "Distributed DoS Attack Against NIS/NIS+ Networks" at http://www.ciac.org/ciac/bulletins/i-070.shtml ___ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce methods. Internet Security Systems, Inc. is the leading provider of adaptive network security monitoring, detection and response software that protects the security and integrity of enterprise information systems. By dynamically detecting and responding to security vulnerabilities and threats inherent in open systems, ISS's SAFEsuite family of products provide protection across the enterprise, including the Internet, extranets, and internal networks, from attacks, misuse and security policy violations. The Company has delivered its adaptive network security solutions to organizations worldwide, including firms in the Global 2000, 9 of the ten largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at http://www.iss.net. ________ Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please email xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force of Internet Security Systems, Inc.