I S S X - F o r c e The Most Wanted Alert List [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback [9]Advanced Search _ Alert Summaries_ ISS Security Alert Summary May 22, 1998 Volume 2 Number 6 X-Force Vulnerability and Threat Database: [10]http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an e-mail to [11]majordomo@iss.net, and within the body of the message type: 'subscribe alert'. [12]Top of Page || [13]Back to Alert List ___ Contents 5 Reported Vulnerabilities - [14]XFree86-xterm/Xaw - [15]Quake-server-vuln - [16]HP-openmail - [17]Sun-ufsrestore - [18]Sun-mountd Risk Factor Key [19]Top of Page || [20]Back to Alert List ___ Date Reported: 5/3/98 Vulnerability: XFree86-xterm/Xaw Platforms Affected: All XFree86 versions up to and including 3.3.2 Risk Level: High xterm is a terminal emulator for X Windows and is included with XFree86 releases. Xaw is the Athena Widgets Xaw library and is also included with XFree86 releases. Vulnerabilities exist in both xterm and the Xaw library that would allow an attacker to overflow buffers in xterm and any program that uses the Xaw library. If these programs are setuid root, then an attacker with an account on the local system can gain root level access. Reference: [21]ftp://ftp.xfree86.org/pub/XFree86/Security/XFree86-SA-1998:01.asc [22]Top of Page || [23]Back to Alert List ___ Date Reported: 5/1/98 Vulnerability: Quake-server-vuln Platforms Affected: Quake 1/2, QuakeWorld, Linux/Solaris Quake2 Risk Level: High The Quake server contains a feature that allows remote administrators to send commands to the Quake console with a password. It is possible for an attacker to bypass the authentication and execute commands or even remotely compromise administrator access on the Quake server. Reference: [24]http://www.repsec.com/advisory/0001.html [25]Top of Page || [26]Back to Alert List ___ Date Reported: 4/29/98 Vulnerability: HP-openmail Platforms Affected: Any HP 9000 series 700/800 systems running OpenMail. Risk Level: High - From HP Security Bulletin: "Hewlett-Packard has learned of an OpenMail server misconfiguration that can give users the ability to run arbitrary shell commands. This applies to all currently supported OpenMail versions (B.05.01 (GR4) and B.05.10 (GR5), as well as the earlier B.04.01 (GR3) revision." References: HP Security Bulletin #00078 - [27]http://us-support.external.hp.com/ [28]http://www.ciac.org/ciac/bulletins/i-047.shtml [29]Top of Page || [30]Back to Alert List ___ Date Reported: 4/29/98 Vulnerability: Sun-ufsrestore Platforms Affected: Solaris (2.5, 2.5.1) Risk Level: High The usfrestore program is used to restore files from backup media that were backed up using the usfdump command. usfrestore has a vulnerability that can be exploited and would allow an attacker to gain root level access on the vulnerable system. References: [31]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-169.txt [32]http://www.ciac.org/ciac/bulletins/i-049.shtml [33]Top of Page || [34]Back to Alert List ___ Date Reported: 4/29/98 Vulnerability: Sun-mountd Platforms Affected: Solaris (2.3, 2.4, 2.5, 2.5.1, 2.6) Risk Level: High mountd is the RPC server that handles file system mount requests on NFS file systems. A vulnerability has been discovered in mountd that would allow an attacker to obtain information about any file that exists on the NFS server. References: [35]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-168.txt [36]http://www.ciac.org/ciac/bulletins/i-048.shtml [37]Top of Page || [38]Back to Alert List ___ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via bruteforce methods. Internet Security Systems, Inc. (NASDAQ-NMS:ISSX) is the leading provider of adaptive network security monitoring, detection and response software that protects the security and integrity of enterprise information systems. By dynamically detecting and responding to security vulnerabilities and threats inherent in open systems, ISS's SAFEsuite® family of products provides protection across the enterprise, including the Internet, extranets and internal networks, from attacks, misuse and security policy violations. The Company has delivered its network security, monitoring, detection and response solutions to organizations worldwide, including firms in the Global 2000, 9 of the ten largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 770-395-0150 or 800-776-2376 or visit the ISS Web site at HYPERLINK [39]http://www.iss.net. [40]Top of Page || [41]Back to Alert List ___ Copyright (c) 1998 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail [42]xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: [43]http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net > of Internet Security Systems, Inc. [44]News | [45]Serious Fun | [46]Mail Lists | [47]Security Library [48]Protoworx | [49]Alerts | [50]Submissions | [51]Feedback [52]Advanced Search [53]About the Knowledge Base Copyright ©1994-1998 Internet Security Systems, Inc. All Rights Reserved. Sales Inquiries: [54]sales@iss.net 6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328 Phone (678) 443-6000 · Fax (678) 443-6477 Read our [55]privacy guidelines. References 1. http://xforce.iss.net/news.php3 2. http://xforce.iss.net/seriousfun/ 3. http://xforce.iss.net/maillists/ 4. http://xforce.iss.net/library/ 5. http://xforce.iss.net/protoworx/ 6. http://xforce.iss.net/alerts/ 7. http://xforce.iss.net/submission.php3 8. http://xforce.iss.net/feedback.php3 9. http://xforce.iss.net/search.php3 10. http://www.iss.net/xforce 11. mailto:majordomo@iss.net 12. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 13. http://xforce.iss.net/alerts/alerts.php3 14. http://xforce.iss.net/alerts/vol-2_num-6.php3#XFree86-xterm/Xaw 15. http://xforce.iss.net/alerts/vol-2_num-6.php3#Quake-server-vuln 16. http://xforce.iss.net/alerts/vol-2_num-6.php3#HP-openmail 17. http://xforce.iss.net/alerts/vol-2_num-6.php3#Sun-ufsrestore 18. http://xforce.iss.net/alerts/vol-2_num-6.php3#Sun-mountd 19. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 20. http://xforce.iss.net/alerts/alerts.php3 21. ftp://ftp.xfree86.org/pub/XFree86/Security/XFree86-SA-1998:01.asc 22. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 23. http://xforce.iss.net/alerts/alerts.php3 24. http://www.repsec.com/advisory/0001.html 25. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 26. http://xforce.iss.net/alerts/alerts.php3 27. http://us-support.external.hp.com/ 28. http://www.ciac.org/ciac/bulletins/i-047.shtml 29. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 30. http://xforce.iss.net/alerts/alerts.php3 31. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-169.txt 32. http://www.ciac.org/ciac/bulletins/i-049.shtml 33. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 34. http://xforce.iss.net/alerts/alerts.php3 35. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-168.txt 36. http://www.ciac.org/ciac/bulletins/i-048.shtml 37. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 38. http://xforce.iss.net/alerts/alerts.php3 39. http://www.iss.net/ 40. http://xforce.iss.net/alerts/vol-2_num-6.php3#list 41. http://xforce.iss.net/alerts/alerts.php3 42. mailto:xforce@iss.net 43. http://www.iss.net/xforce/sensitive.html 44. http://xforce.iss.net/news.php3 45. http://xforce.iss.net/seriousfun/ 46. http://xforce.iss.net/maillists/ 47. http://xforce.iss.net/library/ 48. http://xforce.iss.net/protoworx/ 49. http://xforce.iss.net/alerts/ 50. http://xforce.iss.net/submission.php3 51. http://xforce.iss.net/feedback.php3 52. http://xforce.iss.net/search.php3 53. http://xforce.iss.net/about.php3 54. http://xforce.iss.net/cgi-bin/getSGIInfo.pl 55. http://xforce.iss.net/privacy.php3