From xforce@iss.net Sun Sep 24 15:31:08 2000 From: X-Force Resent-From: mea culpa To: alert@iss.net Resent-To: jericho@attrition.org Date: Fri, 15 Sep 2000 15:57:42 -0400 Subject: ISSalert: ISS Security Alert Summary: v5 n8 TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary September 15, 2000 Volume 5 Number 8 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php In an effort to make the Alert Summary more concise, and easier to use, we've changed the format. Full vulnerability details can now be found using the URL at the end of each vulnerability listing. _____ Contents 87 Reported Vulnerabilities Risk Factor Key _____ 5166 Date Reported: 8/30/00 Vulnerability: ftp-goodtech-rnto-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: GoodTech FTP RNTO denial of service X-Force URL: http://xforce.iss.net/static/5166.php _____ 5167 Date Reported: 8/30/00 Vulnerability: imail-file-attachment Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: IMail unauthorized file attachments X-Force URL: http://xforce.iss.net/static/5167.php _____ 5161 Date Reported: 8/29/00 Vulnerability: go-gnome-preinstaller-symlink Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: go-gnome pre-installer symlink attack X-Force URL: http://xforce.iss.net/static/5161.php _____ 5165 Date Reported: 8/29/00 Vulnerability: mailers-cgimail-spoof Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Stalkerlab's Mailers CGImail.exe spoofing X-Force URL: http://xforce.iss.net/static/5165.php _____ 5168 Date Reported: 8/29/00 Vulnerability: win-netbios-corrupt-cache Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Windows NetBIOS cache corruption X-Force URL: http://xforce.iss.net/static/5168.php _____ 5169 Date Reported: 8/29/00 Vulnerability: news-publisher-add-author Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: News Publisher allows remote user to add author X-Force URL: http://xforce.iss.net/static/5169.php _____ 5170 Date Reported: 8/29/00 Vulnerability: xpdf-embedded-url Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Xpdf embedded URL X-Force URL: http://xforce.iss.net/static/5170.php _____ 5154 Date Reported: 8/28/00 Vulnerability: intel-express-switch-dos Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: Intel Express Switch 550F malformed ip header denial of service X-Force URL: http://xforce.iss.net/static/5154.php _____ 5158 Date Reported: 8/28/00 Vulnerability: viking-server-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: Viking Server buffer overflow X-Force URL: http://xforce.iss.net/static/5158.php _____ 5171 Date Reported: 8/28/00 Vulnerability: win2k-corrupt-lsp Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Windows 2000 Local Security Policy Corruption X-Force URL: http://xforce.iss.net/static/5171.php _____ 5152 Date Reported: 8/27/00 Vulnerability: vqserver-get-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: vqServer long GET denial of service X-Force URL: http://xforce.iss.net/static/5152.php _____ 5159 Date Reported: 8/26/00 Vulnerability: mgetty-faxrunq-symlink Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: mgetty faxrunq symlink X-Force URL: http://xforce.iss.net/static/5159.php _____ 5147 Date Reported: 8/25/00 Vulnerability: money-plaintext-password Platforms Affected: Risk Factor: Low Attack Type: Host Based Brief Decription: Microsoft Money plain-text password X-Force URL: http://xforce.iss.net/static/5147.php _____ 5148 Date Reported: 8/25/00 Vulnerability: wormhttp-dir-traverse Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Worm HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/5148.php _____ 5149 Date Reported: 8/25/00 Vulnerability: wormhttp-filename-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Worm HTTP Server long filename denial of service X-Force URL: http://xforce.iss.net/static/5149.php _____ 5150 Date Reported: 8/25/00 Vulnerability: cgi-auction-weaver-read-files Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Auction Weaver allows directory traversal X-Force URL: http://xforce.iss.net/static/5150.php _____ 5156 Date Reported: 8/25/00 Vulnerability: iis-cross-site-scripting Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: IIS Cross-Site Scripting X-Force URL: http://xforce.iss.net/static/5156.php _____ 5132 Date Reported: 8/24/00 Vulnerability: telnetserver-rpc-bo Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Pragma TelnetServer 2000 rpc module buffer overflow X-Force URL: http://xforce.iss.net/static/5132.php _____ 5136 Date Reported: 8/24/00 Vulnerability: nai-pgp-unsigned-adk Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: NAI PGP certificates allow unsigned ADKs that could reveal plain text X-Force URL: http://xforce.iss.net/static/5136.php _____ 5157 Date Reported: 8/24/00 Vulnerability: website-pro-upload-files Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: WebSite Pro allows any user to upload files X-Force URL: http://xforce.iss.net/static/5157.php _____ 5125 Date Reported: 8/23/00 Vulnerability: account-manager-overwrite-password Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Account Manager could allow a remote attacker to overwrite admin password X-Force URL: http://xforce.iss.net/static/5125.php _____ 5126 Date Reported: 8/23/00 Vulnerability: subscribe-me-overwrite-password Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Subscribe Me could allow a remote attacker to overwrite admin password X-Force URL: http://xforce.iss.net/static/5126.php _____ 5131 Date Reported: 8/22/00 Vulnerability: hp-netinit-symlink Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: HP-UX net.init symlink attack X-Force URL: http://xforce.iss.net/static/5131.php _____ 5133 Date Reported: 8/22/00 Vulnerability: realsecure-frag-syn-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: RealSecure fragmented SYN packet denial of service X-Force URL: http://xforce.iss.net/static/5133.php _____ 5135 Date Reported: 8/22/00 Vulnerability: sunjava-webadmin-bbs Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Sun Java Web Server Webadmin and Bulletin Board X-Force URL: http://xforce.iss.net/static/5135.php _____ 5109 Date Reported: 8/21/00 Vulnerability: zkey-java-compromise-accounts Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Zkey JavaScript bug allows user to compromise other users accounts X-Force URL: http://xforce.iss.net/static/5109.php _____ 5127 Date Reported: 8/21/00 Vulnerability: java-vm-applet Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Microsoft Virtual Machine java applet allows malicious web site to masquerade as visitor X-Force URL: http://xforce.iss.net/static/5127.php _____ 5134 Date Reported: 8/21/00 Vulnerability: darxite-login-bo Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Darxite login buffer overflow allows user to execute arbitrary code X-Force URL: http://xforce.iss.net/static/5134.php _____ 5102 Date Reported: 8/20/00 Vulnerability: gopherd-halidate-bo Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: University of Minnesota gopherd halidate buffer overflow X-Force URL: http://xforce.iss.net/static/5102.php _____ 5108 Date Reported: 8/20/00 Vulnerability: phpnuke-pwd-admin-access Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: PHP-Nuke URL configuration allows users to access admin writes to the program X-Force URL: http://xforce.iss.net/static/5108.php _____ 5110 Date Reported: 8/19/00 Vulnerability: becky-imail-header-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Becky Internet Mail header denial of service X-Force URL: http://xforce.iss.net/static/5110.php _____ 5129 Date Reported: 8/19/00 Vulnerability: gnome-installer-overwrite-configuration Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: GNOME installer could allow user to overwrite configuration files X-Force URL: http://xforce.iss.net/static/5129.php _____ 5130 Date Reported: 8/19/00 Vulnerability: gnome-lokkit-open-ports Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Some ports remain open in Gnome-Lokkit Firewall X-Force URL: http://xforce.iss.net/static/5130.php _____ 5151 Date Reported: 8/19/00 Vulnerability: minicom-capture-groupown Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Minicom user can create capture file with gid uucp X-Force URL: http://xforce.iss.net/static/5151.php _____ 5100 Date Reported: 8/18/00 Vulnerability: webshield-smtp-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: WebShield SMTP domain name period denial of service X-Force URL: http://xforce.iss.net/static/5100.php _____ 5090 Date Reported: 8/17/00 Vulnerability: netwin-netauth-dir-traverse Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Netwin Netauth Directory Traversal could allow a remote attacker to read files X-Force URL: http://xforce.iss.net/static/5090.php _____ 5101 Date Reported: 8/17/00 Vulnerability: xlock-format-d-option Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Xlockmore and xlock -d option string format could be used to execute code X-Force URL: http://xforce.iss.net/static/5101.php _____ 5124 Date Reported: 8/17/00 Vulnerability: frontpage-ext-device-name-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: FrontPage Server Extensions device name denial of service X-Force URL: http://xforce.iss.net/static/5124.php _____ 5128 Date Reported: 8/17/00 Vulnerability: xchat-url-execute-commands Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: X-Chat allows attacker to execute commands using URLs X-Force URL: http://xforce.iss.net/static/5128.php _____ 5163 Date Reported: 8/17/00 Vulnerability: irix-worldview-wnn-bo Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: IRIX WorldView wnn buffer overflow X-Force URL: http://xforce.iss.net/static/5163.php _____ 5091 Date Reported: 8/16/00 Vulnerability: os2-ftpserver-login-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: OS/2 FTP Server login remote Denial of Service could crash FTP server X-Force URL: http://xforce.iss.net/static/5091.php _____ 5096 Date Reported: 8/15/00 Vulnerability: weblogic-plugin-bo Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Weblogic redirect request plugin has buffer overflows that can be used to gain root X-Force URL: http://xforce.iss.net/static/5096.php _____ 5097 Date Reported: 8/15/00 Vulnerability: ie-folder-remote-exe Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Windows folder.htt allows execution of active scripting without approval X-Force URL: http://xforce.iss.net/static/5097.php _____ 5098 Date Reported: 8/15/00 Vulnerability: firebox-url-dos Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Firebox II malformed URL to port 4100 denial of service X-Force URL: http://xforce.iss.net/static/5098.php _____ 5099 Date Reported: 8/15/00 Vulnerability: trustix-secure-apache-misconfig Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Trustix Secure Linux installs Apache with world writable access X-Force URL: http://xforce.iss.net/static/5099.php _____ 5092 Date Reported: 8/14/00 Vulnerability: irix-telnetd-syslog-format Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Decription: Irix telnetd syslog format string could allow remote code execution as root X-Force URL: http://xforce.iss.net/static/5092.php _____ 5093 Date Reported: 8/14/00 Vulnerability: rapidstream-remote-execution Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Decription: Rapidstream remote root X-Force URL: http://xforce.iss.net/static/5093.php _____ 5094 Date Reported: 8/14/00 Vulnerability: ntop-bo Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: ntop buffer overflow X-Force URL: http://xforce.iss.net/static/5094.php _____ 5095 Date Reported: 8/14/00 Vulnerability: iis-specialized-header Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Internet Information Server source disclosure X-Force URL: http://xforce.iss.net/static/5095.php _____ 5085 Date Reported: 8/12/00 Vulnerability: linux-update-race-condition Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: GNOME updater in Linux is vulnerable to race condition X-Force URL: http://xforce.iss.net/static/5085.php _____ 5076 Date Reported: 8/11/00 Vulnerability: etrust-access-control-default Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: eTrust Access Control default installation opens door for root compromise X-Force URL: http://xforce.iss.net/static/5076.php _____ 5084 Date Reported: 8/11/00 Vulnerability: zope-additional-role Platforms Affected: Risk Factor: Low Attack Type: Host Based Brief Decription: zope package in Linux allows user to take on additional roles X-Force URL: http://xforce.iss.net/static/5084.php _____ 5115 Date Reported: 8/11/00 Vulnerability: list-manager-elevate-privileges Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Lyris List Manager allows subscribers to elevate their privileges X-Force URL: http://xforce.iss.net/static/5115.php _____ 5071 Date Reported: 8/10/00 Vulnerability: iis-incorrect-permissions Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: IIS canonicalization error applies incorrect permissions to certain types of files X-Force URL: http://xforce.iss.net/static/5071.php _____ 5077 Date Reported: 8/10/00 Vulnerability: varicad-world-write-permissions Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Varicad for Linux (shipped with Red Hat) leaves directories and files world writable X-Force URL: http://xforce.iss.net/static/5077.php _____ 5081 Date Reported: 8/10/00 Vulnerability: gopherd-gdeskey-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: gopherd 2.x GDESkey buffer overflow X-Force URL: http://xforce.iss.net/static/5081.php _____ 5081 Date Reported: 8/10/00 Vulnerability: gopherd-gdeskey-bo Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: gopherd 2.x GDESkey buffer overflow X-Force URL: http://xforce.iss.net/static/5081.php _____ 5113 Date Reported: 8/10/00 Vulnerability: mediahouse-stats-livestats-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: Mediahouse Statistics Server LiveStats buffer overflow X-Force URL: http://xforce.iss.net/static/5113.php _____ 5048 Date Reported: 8/9/00 Vulnerability: linux-umb-scheme Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: umb-scheme package in Linux includes world writable files X-Force URL: http://xforce.iss.net/static/5048.php _____ 5070 Date Reported: 8/9/00 Vulnerability: mdaemon-session-id-hijack Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: MDaemon WorldClient could allow session ID hijacking X-Force URL: http://xforce.iss.net/static/5070.php _____ 5072 Date Reported: 8/9/00 Vulnerability: tumbleweed-mms-blank-password Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Tumbleweed MMS uses a blank password X-Force URL: http://xforce.iss.net/static/5072.php _____ 5075 Date Reported: 8/9/00 Vulnerability: ie-scriptlet-rendering-file-access Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Microsoft Internet Explorer 'scriptlet rendering' gives web site operators access to files X-Force URL: http://xforce.iss.net/static/5075.php _____ 5080 Date Reported: 8/9/00 Vulnerability: office-html-object-tag Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Office 2000 HTML object tag buffer overflow X-Force URL: http://xforce.iss.net/static/5080.php _____ 5111 Date Reported: 8/9/00 Vulnerability: hp-openview-nnm-password Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: HP OpenView Network Node Manager Web password X-Force URL: http://xforce.iss.net/static/5111.php _____ 5112 Date Reported: 8/9/00 Vulnerability: hp-newgrp Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: HP-UX newgrp allows user to gain additional privileges X-Force URL: http://xforce.iss.net/static/5112.php _____ 5068 Date Reported: 8/8/00 Vulnerability: totalbill-remote-execution Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: Sysgen component allows unauthorized access to port 9998 X-Force URL: http://xforce.iss.net/static/5068.php _____ 5069 Date Reported: 8/8/00 Vulnerability: solaris-answerbook2-admin-interface Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: Answerbook2 administration interface X-Force URL: http://xforce.iss.net/static/5069.php _____ 5047 Date Reported: 8/7/00 Vulnerability: perl-shell-escape Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: setuidperl and mailx root compromise X-Force URL: http://xforce.iss.net/static/5047.php _____ 5058 Date Reported: 8/7/00 Vulnerability: solaris-answerbook2-remote-execution Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: Solaris AnswerBook2 web interface could allow remote execution X-Force URL: http://xforce.iss.net/static/5058.php _____ 5067 Date Reported: 8/7/00 Vulnerability: mopd-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Decription: mopd daemon buffer overflow X-Force URL: http://xforce.iss.net/static/5067.php _____ 5032 Date Reported: 8/6/00 Vulnerability: java-brownorifice Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Decription: Brown Orifice HTTPD X-Force URL: http://xforce.iss.net/static/5032.php _____ 5061 Date Reported: 8/5/00 Vulnerability: diskcheck-tmp-race-condition Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Diskcheck race condition could be used to run files as root X-Force URL: http://xforce.iss.net/static/5061.php _____ 5029 Date Reported: 8/4/00 Vulnerability: servu-null-character-dos Platforms Affected: Risk Factor: Low Attack Type: Network/Host Based Brief Decription: Serv U FTP denial of service flaw X-Force URL: http://xforce.iss.net/static/5029.php _____ 5057 Date Reported: 8/4/00 Vulnerability: pccs-mysql-admin-tool Platforms Affected: Risk Factor: Low Attack Type: Network Based Brief Decription: PCCS MySQL Database Admin Tool could reveal username and password X-Force URL: http://xforce.iss.net/static/5057.php _____ 5011 Date Reported: 8/3/00 Vulnerability: irix-xfs-truncate Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Decription: truncate() system call does not properly check permissions X-Force URL: http://xforce.iss.net/static/5011.php _____ 5079 Date Reported: 8/3/00 Vulnerability: win-ipx-ping-packet Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: Windows 95/98 malformed IPX ping packet denial of service X-Force URL: http://xforce.iss.net/static/5079.php _____ 5026 Date Reported: 8/2/00 Vulnerability: nai-nettools-strong-bo Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: NAI Net Tools PKI Server strong.exe buffer overflow X-Force URL: http://xforce.iss.net/static/5026.php _____ 5028 Date Reported: 8/2/00 Vulnerability: fw1-unauth-rsh-connection Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Decription: Check Point FireWall-1 unauthorized rsh/rexec connection X-Force URL: http://xforce.iss.net/static/5028.php _____ 5031 Date Reported: 8/2/00 Vulnerability: win2k-named-pipes Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges X-Force URL: http://xforce.iss.net/static/5031.php _____ 5055 Date Reported: 8/2/00 Vulnerability: sol-libprint-bo Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: Solaris libprint.so.2 buffer overflow X-Force URL: http://xforce.iss.net/static/5055.php _____ 5056 Date Reported: 8/2/00 Vulnerability: ntop-remote-file-access Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: ntop package in Linux allows remote file access X-Force URL: http://xforce.iss.net/static/5056.php _____ 5062 Date Reported: 8/2/00 Vulnerability: irix-grosview-bo Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: IRIX gr_osview buffer overflow X-Force URL: http://xforce.iss.net/static/5062.php _____ 5063 Date Reported: 8/2/00 Vulnerability: irix-libgl-bo Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: IRIX libgl.so buffer overflow X-Force URL: http://xforce.iss.net/static/5063.php _____ 5064 Date Reported: 8/2/00 Vulnerability: irix-dmplay-bo Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: IRIX dmplay buffer overflow X-Force URL: http://xforce.iss.net/static/5064.php _____ 5065 Date Reported: 8/2/00 Vulnerability: irix-inpview-symlink Platforms Affected: Risk Factor: High Attack Type: Host Based Brief Decription: IRIX inpview symbolic link X-Force URL: http://xforce.iss.net/static/5065.php _____ 5066 Date Reported: 8/2/00 Vulnerability: nettools-pki-dir-traverse Platforms Affected: Risk Factor: Medium Attack Type: Network/Host Based Brief Decription: NAI's Net Tools PKI server directory traversal X-Force URL: http://xforce.iss.net/static/5066.php _____ 5137 Date Reported: 8/2/00 Vulnerability: fw1-localhost-auth Platforms Affected: Risk Factor: High Attack Type: Network/Host Based Brief Decription: FireWall-1 misconfiguration could allow unauthenticated attackers to manipulate filter modules X-Force URL: http://xforce.iss.net/static/5137.php -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOcJ4YzRfJiV99eG9AQGoMwP+NpgSxSbSgwBjDUxRsIMaWM/eczKR8+4j 0HVIFulBNoze8xXUFZhFiFB5OHVs3wVUHWLNXjmLXONEs05OZaERLUgCr1Qtar6F AGYWMIPeo5nnlLuIgSR4K4SZMP9M4+0rjMwbRaF8Xl9v8ya9oTCgxSwz5qEGqx6p R8n+H7hm0Gs= =0nYG -----END PGP SIGNATURE-----