I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary February 18, 1999 Volume 3 Number 5 X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an email to [11]majordomo@iss.net, and within the body of the message type: 'subscribe alert'. [12]Top of Page || [13]Back to Alert List ___ Contents 33 Reported Vulnerabilities - [14]linux-super-bo - [15]nt-backoffice-setup - [16]allaire-forums-file-read - [17]fakebo-execute - [18]sun-sdtcm-convert-bo - [19]sun-man - [20]netbsd-netstat-read - [21]palmetto-ftpd-bo - [22]clearcase-temp-race - [23]fakebo-crash - [24]nt-sp4-auth-error - [25]pcnfsd-world-write - [26]pine-remote-exe - [27]linux-milo-halt - [28]router-config-dos - [29]coldfusion-expression-evaluator - [30]coldfusion-file-existance - [31]coldfusion-source-display - [32]coldfusion-sourcewindow - [33]coldfusion-syntax-checker - [34]slmail-helo-overflow - [35]slmail-vrfyexpn-overflow - [36]sql-multiple-queries - [37]navionc-config-script - [38]plp-lpc-bo - [39]imail-registry - [40]java-socket-open - [41]wsftp-registry - [42]wsftp-remote-dos - [43]controlit-bookfile-access - [44]controlit-passwd-encrypt - [45]controlit-reboot - [46]iis-remote-ftp Risk Factor Key [47]Top of Page || [48]Back to Alert List ___ Date Reported: 1999-02-15 Vulnerability: linux-super-bo Platforms Affected: Linux (Debian) Risk Factor: High Super is a utility that allows authorized users to execute commands with root privileges. It is intended to be an alternate to setuid scripts, which are inherently dangerous. A buffer overflow exists in Super that may allow attackers to take advantage of its setuid configuration to gain root access. Reference: ISS Security Advisory: "Buffer Overflow in 'Super' package in Debian Linux" at [49]http://www.iss.net/xforce/alerts/advise19.html [50]Top of Page || [51]Back to Alert List ___ Date Reported: 1999-02-12 Vulnerability: nt-backoffice-setup Platforms: Windows NT Risk Factor: High A vulnerability exists in the Setup program for Window NT BackOffice 4.0. When installing certain packages from the BackOffice distribution (like SQL Server, Exchange, and MTS) the Setup program prompts users for username/password information for these services to speed up and simplify the install. However, the Setup program fails to delete the files containing these stored passwords allowing anyone with local access to read them. References: Microsoft Security Bulletin MS99-005: "BackOffice Server 4.0 Does Not Delete Installation Setup File" at [52]http://www.microsoft.com/security/bulletins/ms99-005.asp Microsoft Knowledgebase Article ID: Q217004: "BackOffice Installer Tool Does Not Delete Password Cache File" at [53]http://support.microsoft.com/support/kb/articles/q217/0/04.asp [54]Top of Page || [55]Back to Alert List ___ Date Reported: 1999-02-11 Tagname: allaire-forums-file-read Platforms Affected: Allaire Forums Risk Factor: Medium The "GetFile.cfm" program distributed with Allaire Forums 2.0.x contains a vulnerability which could allow a remote attacker to view any file on the system. Reference: NTBUGTRAQ Mailing List: "ACFUG List: Alert: Allaire Forums GetFile bug" [56]http://www.ntbugtraq.com/page_archives_wa.asp?A2=ind9902&L=ntbugtraq&F=P&S= &P=2788 [57]Top of Page || [58]Back to Alert List ___ Date Reported: 1999-02-11 Vulnerability: fakebo-execute Platforms Affected: FakeBO Risk Factor: High FakeBO is a program for many platforms which emulates an installed copy of BackOrifice and Netbus and logs all connection attempts. A buffer overflow exists in FakeBO which could allow a remote attacker to execute arbitrary commands on the system. References: BUGTRAQ Mailing List: "remote fakebo shell exploit" at [59]http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=11546 Vlatko Kosturjak's Homepage: "FakeBO" at [60]http://yi.com/home/KosturjakVlatko/fakebo.htm [61]Top of Page || [62]Back to Alert List ___ Date Reported: 1999-02-11 Vulnerability: sun-sdtcm-convert-bo Platforms Affected: Solaris (2.4, 2.4 x86, 2.5, 2.5 x86, 2.5.1, 2.5.1 x86, 2.6, 2.6 x86, 7, 7 x86) Risk Factor: High sdtcm_convert is a setuid-root calender data conversion utility that converts OpenWindows calender data format to extensible calender data format. A buffer overflow has been discovered in sdtcm_convert that if exploited would allow the attacker to gain root level access. Reference: Sun Microsystems, Inc. Security Bulletin: "sdtcm_convert" at [63]http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/183 [64]Top of Page || [65]Back to Alert List ___ Date Reported: 1999-02-10 Vulnerability: sun-man Platforms Affected: Solaris (2.4, 2.4 x86, 2.5, 2.5 x86, 2.5.1, 2.5.1 x86, 2.6, 2.6 x86, 7, 7 x86) Risk Factor: High Man and catman utilities are used to display online reference manuals. Vulnerabilities with these programs allow an attacker to overwrite arbitrary files when catman is executed by root. Reference: Sun Microsystems, Inc. Security Bulletin: "man/catman" at [66]http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/184 [67]Top of Page || [68]Back to Alert List ___ Date Reported: 1999-02-09 Vulnerability: netbsd-netstat-read Platforms Affected: NetBSD Risk Factor: High The netstat(1) command was designed to allow normal users to view network configurations and allow privileged users to change these settings. This vulnerability exists in the NetBSD netstat program that allows any non-privileged user to read arbitrary locations in kernel memory. This could allow a local attacker to gain information, which could lead to the compromise of elevated privileges, including root. Reference: NetBSD Security Advisory 1999-002: "Security problem with netstat" [69]ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-002. txt.asc [70]Top of Page || [71]Back to Alert List ___ Date Reported: 1999-02-09 Vulnerability: palmetto-ftpd-bo Platforms Affected: wu-ftpd ProFTPD Risk Factor: High A vulnerability exists in ProFTPD through version 1.2.0pre1 and wu-ftpd through 2.4.2 BETA 18 and 2.4.2 BETA 18 VR9 which could allow a remote attacker to cause these services to execute arbitrary commands as root. These servers are installed by default on many operating systems including Slackware and Red Hat Linux distributions. Reference: Netect, Inc. Security Advisory: "palmetto.ftpd" at [72]http://www.netect.com/advisory_0209_2.html [73]Top of Page || [74]Back to Alert List ___ Date Reported: 1999-02-08 Vulnerability: clearcase-temp-race Platforms Affected: ClearCase Risk Factor: High ClearCase is a configuration management program manufactured by Rational Software. A temporary file race condition exists in the db_loader program installed with ClearCase that could allow a local attacker to make any program on the system suid root. References: L0pht Security Advisory: "Rational Software's Clear Case v3.2" at [75]http://www.l0pht.com/advisories/ClearCase.txt Rational Software Corporation Homepage at [76]http://www.rational.com/index.jtmpl [77]Top of Page || [78]Back to Alert List ___ Date Reported: 1999-02-08 Vulnerability: fakebo-crash Platforms Affected: FakeBO Risk Factor: Low FakeBO is a program for many platforms which emulates an installed copy of BackOrifice and Netbus and logs all connection attempts. A vulnerability exists in FakeBO which allows a remote attacker to send a TCP packet with the SYN flag set (stealth scan packet) which will crash the FakeBO server. References: Vlatko Kosturjak's Homepage: "FakeBO" at [79]http://yi.com/home/KosturjakVlatko/fakebo.htm BUGTRAQ Mailing List: "FakeBo 0.3.1 & nmap" at [80]http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=6208 [81]Top of Page || [82]Back to Alert List ___ Date Reported: 1999-02-08 Vulnerability: nt-sp4-auth-error Platforms Affected: Windows NT (4.0 SP4) Risk Factor: High A vulnerability was introduced in Windows NT 4.0 SP4 (Service Pack 4) which could allow some users to access resources by supplying a null password. The problem exists when clients other than Windows NT/95/98 change their passwords, causing certain fields in the SAM (Service Account Manager) to be left null. The next time this account is accessed from an NT machine, no password will be required for authentication. This vulnerability only affects sites who have deployed machines with DOS, Windows 3.1, Windows for Workgroups, OS/2, or Macintosh clients. References: Microsoft Security Bulletin MS99-004: "Authentication Processing Error in Windows NT 4.0 SP4" at [83]http://www.microsoft.com/security/bulletins/ms99-004.asp Microsoft Knowledgebase Article ID: Q214840: "MSV1_0 Allows Network Connections for Specific Accounts" at [84]http://support.microsoft.com/support/kb/articles/q214/8/40.asp [85]Top of Page || [86]Back to Alert List ___ Date Reported: 1999-02-08 Vulnerability: pcnfsd-world-write Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: High The remote procedural call rpc.pcnfsd is used by NFS clients to provide usernames and passwords, has a vulnerability that if exploited, allows the main printer spool directory to be made world writable. This vulnerability would allow both local and remote attackers to compromise root access. Reference: HP Advisory HPSBUX9902-091: "Security Vulnerability with rpc.pcnfsd" at [87]http://us-support.external.hp.com/ [88]Top of Page || [89]Back to Alert List ___ Date Reported: 1999-02-08 Vulnerability: pine-remote-exe Platforms Affected: Pine (4.10 and below) Risk Factor: High A vulnerability exists in the Pine e-mail client up to and including version 4.10 that could allow a remote attacker to execute arbitrary commands as the user viewing e-mail. The attack relies on the ability to make the MIME functions of Pine execute commands embedded inside e-mail. References: BUGTRAQ Mailing List: "remote exploit on pine 4.10 - neverending story?" at [90]http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=1418 University of Washington Pine Information Center at [91]http://www.washington.edu/pine/ [92]Top of Page || [93]Back to Alert List ___ Date Reported: 1999-02-06 Vulnerability: linux-milo-halt Platforms Affected: Linux Risk Factor: Medium The Miniloader (MILO) included with Alpha versions of Linux (such as Red Hat) were shipped with instructions intended to be used exclusively for debugging. These instructions could allow any local, non-privileged user to cause the Alpha Linux system to halt, reboot, or behave in unpredictable ways. Reference: KSR[T] Security Advisory #009: "Non-Privileged Halt" at [94]http://www.ksrt.org/adv9.html [95]Top of Page || [96]Back to Alert List ___ Date Reported: 1999-02-05 Vulnerability: router-config-dos Platforms Affected: Cisco Livingston Portmaster Risk Factor: Medium A flaw in the way some router operating systems handle improperly closed sessions and malformed packets could allow a remote attacker to cause the device to crash or lock up, refusing any administrative sessions. This problem has been observed in Cisco and Livingston Portmaster products to date. Reference: BUGTRAQ Mailing List: "Widespread Router Access Port DoS" at [97]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=6094 [98]Top of Page || [99]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: coldfusion-expression-evaluator Platforms Affected: Cold Fusion (4.0 and earlier) Risk Factor: Medium The Expression Evaluator is a sample script included with ColdFusion (through version 4.0) to demonstrate to users how to use the expression evaluation features of ColdFusion. A vulnerability exists in this script which could allow remote attackers to view or delete arbitrary files on the server. Normally this program is only accessable from the localhost machine (127.0.0.1), but when accessed directly, the Expression Evaluator allows connections from any host. Reference: Allaire Security Bulletin (ASB99-01): "Expression Evaluator Security Issues" at [100]http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full [101]Top of Page || [102]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: coldfusion-file-existance Platforms Affected: Cold Fusion (4.0 and earlier) Risk Factor: Low The ColdFusion package distributes a number of sample applications. The fileexists.cfm program can be used to remotely confirm the existence of arbitrary files. This information could be used by an attacker to pinpoint further attacks. Reference: Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications and Sample Code Exposes Servers" at [103]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full [104]Top of Page || [105]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: coldfusion-source-display Platforms Affected: Cold Fusion (4.0 and earlier) Risk Factor: Medium ColdFusion 4.0 ships with many sample applications and scripts which are installed by default. A vulnerability exists in the viewexample.cfm program which allows a remote user to view the source of any CFM file on the server. This data could allow an attacker to gain proprietary information contained in the source code, such as usernames and passwords. Reference: Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications and Sample Code Exposes Servers" at [106]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full [107]Top of Page || [108]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: coldfusion-sourcewindow Platforms Affected: Cold Fusion (4.0 and earlier) Risk Factor: Medium The ColdFusion sample program "sourcewindow.cfm" contains a vulnerability which could allow remote attackers to read any file on the system. Reference: Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications and Sample Code Exposes Servers" at [109]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full [110]Top of Page || [111]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: coldfusion-syntax-checker Platforms Affected: Cold Fusion (4.0 and earlier) Risk Factor: Medium The Syntax Checker is a program shipped with ColdFusion with the purpose of testing older CFML code for compatibility with version 4. A vulnerability in this program allows remote attackers to cause the system to consume all available processor resources. Reference: Allaire Security Bulletin (ASB99-02): "ColdFusion 4.0 Example Applications and Sample Code Exposes Servers" at [112]http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full [113]Top of Page || [114]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: slmail-helo-overflow Platforms Affected: Seattle Labs Mail (SLmail prior to 3.2) Risk Factor: Medium SLmail is a commercial SMTP server for Windows 95 and Windows NT systems. SLmail version 3.1 contains a vulnerability in how it handles HELO commands of certain lengths, and could allow a remote attacker to cause the service to consume all the processor resources on the server or simply crash. This hole has been confirmed in 3.1, but it is believed to affect previous versions. Reference: eEye Advisory AD02041999: "Multiple SLMail Vulnerabilities" at [115]http://www.eeye.com/database/advisories/ad02041999/ad02041999.html [116]Top of Page || [117]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: slmail-vrfyexpn-overflow Platforms Affected: Seattle Labs Mail (SLmail prior to 3.2) Risk Factor: Medium SLmail is a commercial SMTP server for Windows 95 and Windows NT systems. SLmail version 3.1 contains a vulnerability in how it handles EXPN and VRFY commands of certain lengths, and could allow a remote attacker to cause the SLmail service to crash and exit. This hole has been confirmed in 3.1, but it is believed to affect previous versions. Reference: eEye Advisory AD02041999: "Multiple SLMail Vulnerabilities" at [118]http://www.eeye.com/database/advisories/ad02041999/ad02041999.html [119]Top of Page || [120]Back to Alert List ___ Date Reported: 1999-02-04 Vulnerability: sql-multiple-queries Platforms Affected: Sybase SQL Server Risk Factor: Low A feature exists in many DBMS, like Sybase and Microsoft SQL Server, which allow multiple SQL commands to be executed in one query. While not directly a vulnerability in any product, this little documented feature is often overlooked in systems that dynamically build queries (such as CGI scripts). If proper forethought isn't placed in validating input to such systems, it could be possible to execute arbitrary commands within the DBMS. Reference: Allaire Security Bulletin (ASB99-04): "Multiple SQL Statements in Dynamic Queries" at [121]http://www.allaire.com/handlers/index.cfm?ID=8728&Method=Full [122]Top of Page || [123]Back to Alert List ___ Date Reported: 1999-02-03 Vulnerability: navionc-config-script Platforms Affected: AIX Risk Factor: Medium The configuration script included with some versions of AIX for the Navio NC Browser makes the "/tmp" directory world writable and readable over NFS. This configuration could allow an attacker an easy way to launch remote attacks. Reference: BUGTRAQ Mailing List: "TROJAN: netstation.navio-comm.rte 1.1.0.1" at [124]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1563 [125]Top of Page || [126]Back to Alert List ___ Date Reported: 1999-02-03 Vulnerability: plp-lpc-bo Platforms Affected: PLP Line Printer Control Linux: SuSE 5.2 Risk Factor: High The PLP LPC (Line Printer Control) program has been discovered to contain a vulnerability which could allow local attackers to gain root privileges. This program is shipped by default with many operating systems, including S.u.S.E. Linux. Reference: BUGTRAQ Mailing List: "Linux /usr/bin/lpc overflow" at [127]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=2402 [128]Top of Page || [129]Back to Alert List ___ Date Reported: 1999-02-02 Vulnerability: imail-registry Platforms Affected: IMail Risk Factor: Medium IMail is a commercial multi-protocol mail server for Windows NT. IMail insecurely stores sensitive information in modifiable portions of the registry. Any local user can modify the contents of the IMail registry settings and gain full administrative access to the IMail server. Reference: eEye Advisory AD02021999: "WS_FTP Server Remote DoS Attack" at [130]http://www.eeye.com/database/advisories/ad02021999/ad02021999.html [131]Top of Page || [132]Back to Alert List ___ Date Reported: 1999-02-02 Vulnerability: java-socket-open Platforms Affected: Netscape Communicator (4.5) Netscape Navigator Internet Explorer (3.02) Risk Factor: Low A vulnerability exists in some implementations of the Java VM which could allow an applet to open a socket on the local machine and listen to that socket. However, applets are restricted in the operations they can do over these connections, so the risk is limited to a denial of service attack. Reference: BUGTRAQ Mailing List: "Unsecured server in applets under Netscape" at [133]http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1353 [134]Top of Page || [135]Back to Alert List ___ Date Reported: 1999-02-02 Vulnerability: wsftp-registry Platforms Affected: WS_FTP Server Risk Factor: Medium WS_FTP is a popular FTP server for Windows NT machines. WS_FTP insecurely stores sensitive information in modifiable portions of the registry. Any local user can modify the contents of the WS_FTP registry settings and gain full administrative control over the server. Reference: eEye Advisory AD02021999: "WS_FTP Server Remote DoS Attack" at [136]http://www.eeye.com/database/advisories/ad02021999/ad02021999.html [137]Top of Page || [138]Back to Alert List ___ Date Reported: 1999-02-02 Vulnerability: wsftp-remote-dos Platforms Affected: WS_FTP Server Risk Factor: Medium WS_FTP is a popular FTP server for Windows NT machines. Some versions of WS_FTP contain a buffer overflow vulnerability that could allow a remote attacker to crash the server process, denying access to legitimate users. A valid login (such as "anonymous") is required to exploit this hole. This vulnerability has been confirmed in versions 1.0.1E and 1.0.2E of the WS_FTP Server package. Reference: eEye Digital Security Team: "WS_FTP Server Remote DoS Attack" at [139]http://www.eEye.com/database/advisories/ad02021999/ad02021999.html [140]Top of Page || [141]Back to Alert List ___ Date Reported: 1999-01-25 Vulnerability: controlit-bookfile-access Platforms Affected: ControlIT Remotely Possible/32 Risk Factor: Low The ControlIT address book function allows ControlIT users to store frequently used usernames and passwords in a file. The passwords in this file are encrypted using the same weak mechanism employed during remote connections. Under Windows NT, this file has permissions of Everyone:Read, meaning any local user can read the file and decrypt passwords. Reference: ISS Security Advisory: "Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software" at [142]http://www.iss.net/xforce/alerts/advise18.html [143]Top of Page || [144]Back to Alert List ___ Date Reported: 1999-01-25 Vulnerability: controlit-passwd-encrypt Platforms Affected: ControlIT Remotely Possible/32 Risk Factor: High ControlIT does not effectively encrypt the username or password transmission between a client and a server on a network. Analysis of an encrypted password captured from a local network shows that ControlIT uses a weak cryptographic process to obscure the password transmitted over the network. Though the exact mathematical transform is not known, a substitution table suffices to decrypt any ControlIT password. Since ControlIT supports Windows NT native security, an attacker could obtain user or administrator passwords to Windows NT machines via this vulnerability. Reference: ISS Security Advisory: "Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software" at [145]http://www.iss.net/xforce/alerts/advise18.html [146]Top of Page || [147]Back to Alert List ___ Date Reported: 1999-01-25 Vulnerability: controlit-reboot Platforms Affected: ControlIT Remotely Possible/32 Risk Factor: Medium ControlIT allows remote users to either reboot the remote machine or force the current user of the remote machine to logout. A user must be authenticated to operate this mechanism. Another option, configurable by the local user, allows the remote user to initiate a reboot or logout of current user once the remote user disconnects the session. This option triggers regardless of authentication; anybody can connect and disconnect without authenticating to trigger the timer of this option if it is enabled by the local user. Reference: ISS Security Advisory: "Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software" at [148]http://www.iss.net/xforce/alerts/advise18.html [149]Top of Page || [150]Back to Alert List ___ Date Reported: 1999-01-24 Vulnerability: iis-remote-ftp Platforms Affected: IIS (3.0, 4.0) Personal Web Server (1.0) Risk Factor: Medium The Microsoft Internet Information Server (IIS) FTP service contains a buffer overflow vulnerability in the "NLST" command. This vulnerability could allow a remote attacker to crash the FTP server. The attacker is required to have a valid login (such as "anonymous") to the server before exploiting this hole. It is not known whether it is possible to execute arbitrary code on the system with this hole. References: eEye Security Advisory: "IIS Remote FTP Exploit/DoS Attack" at [151]http://www.eEye.com/database/advisories/ad01241999/ad01241999.html [152]Top of Page || [153]Back to Alert List ___ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. Internet Security Systems, Inc. (ISS) is the leading provider of adaptive network security monitoring, detection and response software that protects the security and integrity of enterprise information systems. By dynamically detecting and responding to security vulnerabilities and threats inherent in open systems, ISS's SAFEsuite family of products provide protection across the enterprise, including the Internet, extranets, and internal networks, from attacks, misuse, and security policy violations. ISS has delivered its adaptive network security solutions to organizations worldwide, including firms in the Global 2000, nine of the ten largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at [154]http://www.iss.net. [155]Top of Page || [156]Back to Alert List ___ Copyright (c) 1999 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [157]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [158]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net > of Internet Security Systems, Inc. [159]News | [160]Serious Fun | [161]Mail Lists | [162]Security Library [163]Protoworx | [164]Alerts | [165]Submissions | [166]Feedback [167]Advanced Search [168]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [169]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [170]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 13. http://xforce.iss.net/alerts/alerts.php3 14. http://xforce.iss.net/alerts/vol-3_num-5.php3#linux-super-bo 15. http://xforce.iss.net/alerts/vol-3_num-5.php3#nt-backoffice-setup 16. http://xforce.iss.net/alerts/vol-3_num-5.php3#allaire-forums-file-read 17. http://xforce.iss.net/alerts/vol-3_num-5.php3#fakebo-execute 18. http://xforce.iss.net/alerts/vol-3_num-5.php3#sun-sdtcm-convert-bo 19. http://xforce.iss.net/alerts/vol-3_num-5.php3#sun-man 20. http://xforce.iss.net/alerts/vol-3_num-5.php3#netbsd-netstat-read 21. http://xforce.iss.net/alerts/vol-3_num-5.php3#palmetto-ftpd-bo 22. http://xforce.iss.net/alerts/vol-3_num-5.php3#clearcase-temp-race 23. http://xforce.iss.net/alerts/vol-3_num-5.php3#fakebo-crash 24. http://xforce.iss.net/alerts/vol-3_num-5.php3#nt-sp4-auth-error 25. http://xforce.iss.net/alerts/vol-3_num-5.php3#pcnfsd-world-write 26. http://xforce.iss.net/alerts/vol-3_num-5.php3#pine-remote-exe 27. http://xforce.iss.net/alerts/vol-3_num-5.php3#linux-milo-halt 28. http://xforce.iss.net/alerts/vol-3_num-5.php3#router-config-dos 29. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-expression-evaluator 30. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-file-existance 31. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-source-display 32. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-sourcewindow 33. http://xforce.iss.net/alerts/vol-3_num-5.php3#coldfusion-syntax-checker 34. http://xforce.iss.net/alerts/vol-3_num-5.php3#slmail-helo-overflow 35. http://xforce.iss.net/alerts/vol-3_num-5.php3#slmail-vrfyexpn-overflow 36. http://xforce.iss.net/alerts/vol-3_num-5.php3#sql-multiple-queries 37. http://xforce.iss.net/alerts/vol-3_num-5.php3#navionc-config-script 38. http://xforce.iss.net/alerts/vol-3_num-5.php3#plp-lpc-bo 39. http://xforce.iss.net/alerts/vol-3_num-5.php3#imail-registry 40. http://xforce.iss.net/alerts/vol-3_num-5.php3#java-socket-open 41. http://xforce.iss.net/alerts/vol-3_num-5.php3#wsftp-registry 42. http://xforce.iss.net/alerts/vol-3_num-5.php3#wsftp-remote-dos 43. http://xforce.iss.net/alerts/vol-3_num-5.php3#controlit-bookfile-access 44. http://xforce.iss.net/alerts/vol-3_num-5.php3#controlit-passwd-encrypt 45. http://xforce.iss.net/alerts/vol-3_num-5.php3#controlit-reboot 46. http://xforce.iss.net/alerts/vol-3_num-5.php3#iis-remote-ftp 47. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 48. http://xforce.iss.net/alerts/alerts.php3 49. http://www.iss.net/xforce/alerts/advise19.html 50. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 51. http://xforce.iss.net/alerts/alerts.php3 52. http://www.microsoft.com/security/bulletins/ms99-005.asp 53. http://support.microsoft.com/support/kb/articles/q217 54. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 55. http://xforce.iss.net/alerts/alerts.php3 56. http://www.ntbugtraq.com/page_archives_wa.asp?A2=ind9902&L=ntbugtraq&F=P&S=&P=2788 57. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 58. http://xforce.iss.net/alerts/alerts.php3 59. http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=11546 60. http://yi.com/home/KosturjakVlatko/fakebo.htm 61. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 62. http://xforce.iss.net/alerts/alerts.php3 63. http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/183 64. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 65. http://xforce.iss.net/alerts/alerts.php3 66. http://sunsolve.Sun.COM/pub-cgi/us/sec2html?secbull/184 67. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 68. http://xforce.iss.net/alerts/alerts.php3 69. ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-002.txt.asc 70. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 71. http://xforce.iss.net/alerts/alerts.php3 72. http://www.netect.com/advisory_0209_2.html 73. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 74. http://xforce.iss.net/alerts/alerts.php3 75. http://www.l0pht.com/advisories/ClearCase.txt 76. http://www.rational.com/index.jtmpl 77. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 78. http://xforce.iss.net/alerts/alerts.php3 79. http://yi.com/home/KosturjakVlatko/fakebo.htm 80. http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=6208 81. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 82. http://xforce.iss.net/alerts/alerts.php3 83. http://www.microsoft.com/security/bulletins/ms99-004.asp 84. http://support.microsoft.com/support/kb/articles/q214 85. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 86. http://xforce.iss.net/alerts/alerts.php3 87. http://us-support.external.hp.com/ 88. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 89. http://xforce.iss.net/alerts/alerts.php3 90. http://www.netspace.org/cgi-bin/wa?A2=ind9902b&L=bugtraq&F=&S=&P=1418 91. http://www.washington.edu/pine 92. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 93. http://xforce.iss.net/alerts/alerts.php3 94. http://www.ksrt.org/adv9.html 95. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 96. http://xforce.iss.net/alerts/alerts.php3 97. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=6094 98. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 99. http://xforce.iss.net/alerts/alerts.php3 100. http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full 101. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 102. http://xforce.iss.net/alerts/alerts.php3 103. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full 104. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 105. http://xforce.iss.net/alerts/alerts.php3 106. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full 107. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 108. http://xforce.iss.net/alerts/alerts.php3 109. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full 110. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 111. http://xforce.iss.net/alerts/alerts.php3 112. http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full 113. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 114. http://xforce.iss.net/alerts/alerts.php3 115. http://www.eeye.com/database/advisories/ad02041999/ad02041999.html 116. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 117. http://xforce.iss.net/alerts/alerts.php3 118. http://www.eeye.com/database/advisories/ad02041999/ad02041999.html 119. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 120. http://xforce.iss.net/alerts/alerts.php3 121. http://www.allaire.com/handlers/index.cfm?ID=8728&Method=Full 122. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 123. http://xforce.iss.net/alerts/alerts.php3 124. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1563 125. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 126. http://xforce.iss.net/alerts/alerts.php3 127. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=2402 128. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 129. http://xforce.iss.net/alerts/alerts.php3 130. http://www.eeye.com/database/advisories/ad02021999/ad02021999.html 131. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 132. http://xforce.iss.net/alerts/alerts.php3 133. http://www.netspace.org/cgi-bin/wa?A2=ind9902a&L=bugtraq&F=&S=&P=1353 134. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 135. http://xforce.iss.net/alerts/alerts.php3 136. http://www.eeye.com/database/advisories/ad02021999/ad02021999.html 137. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 138. http://xforce.iss.net/alerts/alerts.php3 139. http://www.eEye.com/database/advisories/ad02021999/ad02021999.html 140. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 141. http://xforce.iss.net/alerts/alerts.php3 142. http://www.iss.net/xforce/alerts/advise18.html 143. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 144. http://xforce.iss.net/alerts/alerts.php3 145. http://www.iss.net/xforce/alerts/advise18.html 146. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 147. http://xforce.iss.net/alerts/alerts.php3 148. http://www.iss.net/xforce/alerts/advise18.html 149. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 150. http://xforce.iss.net/alerts/alerts.php3 151. http://www.eEye.com/database/advisories/ad01241999/ad01241999.html 152. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 153. http://xforce.iss.net/alerts/alerts.php3 154. http://www.iss.net/ 155. http://xforce.iss.net/alerts/vol-3_num-5.php3#list 156. http://xforce.iss.net/alerts/alerts.php3 157. mailto:xforce@iss.net 158. http://www.iss.net/xforce/sensitive.html 159. http://xforce.iss.net/news.php3 160. http://xforce.iss.net/seriousfun/ 161. http://xforce.iss.net/maillists/ 162. http://xforce.iss.net/library/ 163. http://xforce.iss.net/protoworx/ 164. http://xforce.iss.net/alerts/ 165. http://xforce.iss.net/submission.php3 166. http://xforce.iss.net/feedback.php3 167. http://xforce.iss.net/search.php3 168. http://xforce.iss.net/about.php3 169. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 170. http://xforce.iss.net/privacy.php3