From xforce@iss.net Wed Jun 16 16:02:00 1999 From: X-Force To: alert@iss.net Cc: X-Force Date: Tue, 15 Jun 1999 22:12:31 -0400 (EDT) Subject: ISSalert: ISS Security Alert Summary v4 n2 TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS Security Alert Summary June 15, 1999 Volume 4 Number 2 X-Force Vulnerability and Threat Database: http://www.iss.net/xforce To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert'. _____ Contents 5 Reported Vulnerabilities - sun-rpc-statd - ntmail-relay - management-agent-file-read - management-agent-dos - http-cgi-cdomain ExploreZip Trojan Horse Summary Risk Factor Key _____ Date Reported: 1999-06-07 Vulnerability: sun-rpc-statd Platforms Affected: Solaris (2.3, 2.4, 2.4_x86, 2.5, 2.5_x86, 2.5.1, 2.5.1_x86, 2.6, 2.6_x86) Risk Factor: High Attack Type: Network Based The rpc service statd works with lockd to provide crash and recovery functions for file locking over NFS. A remote attacker can bypass the access controls of statd and control other RPC services, resulting in root level access. Reference: Sun Microsystems, Inc. Security Bulletin: "rpc.statd" at: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba _____ Date Reported: 1999-06-07 Vulnerability: ntmail-relay Platforms Affected: NTMail Risk Factor: Medium Attack type: Network Based NTMail is a commercial mail server for Windows NT systems. A vulnerability in version 3 (and maybe other versions) allows a remote user to specify a MAIL FROM address of <>, which will bypass NTMail's anti-spam features and allow third party mail relaying. Reference: NTHELP.COM: "NTMail version 3 relay problem" at: http://www.nthelp.com/40/ntmailspam.htm _____ Date Reported: 1999-06-07 Vulnerability: management-agent-file-read Platforms Affected: Compaq Management Agent Compaq Survey Utility Risk Factor: Medium Attack type: Host/Network Based The Compaq Management Agent and Compaq Survey Utility provide HTTP services, which allow information to be accessed through a web browser. A vulnerability with these services that would allow a user who has information about the machine to read a known file on the system. Reference: BUGTRAQ Mailing List: "Update on compaq webadmin" at: http://www.netspace.org/cgi-bin/wa?A2=ind9906a&L=bugtraq&F=&S=&P=6337 _____ Date Reported: 1999-06-07 Vulnerability: management-agent-dos Platforms Affected: Compaq Management Agent Compaq Survey Utility Risk Factor: Low Attack type: Host/Network Based The Compaq Management Agent and Compaq Survey Utility provide HTTP services, which allow information to be accessed through a web browser. A vulnerability with these services that would allow a user to force the web service to stop responding, thus denying service. Reference: BUGTRAQ Mailing List: "Update on compaq webadmin" at: http://www.netspace.org/cgi-bin/wa?A2=ind9906a&L=bugtraq&F=&S=&P=6337 _____ Date Reported: 1999-06-01 Vulnerability: http-cgi-cdomain Platforms Affected: Common Gateway Interface (CGI) Risk Factor: High Attack type: Network Based CDomain is a commercial CGI package that provides a Web-based gateway to the Whois service. Versions previous to 2.5, namely the Unix versions formerly distributed for free, contain a vulnerability in the whois_raw.cgi component that could allow a remote attacker to execute commands with the privileges of the server process. Reference: BUGTRAQ Mailing List: "whois_raw.cgi problem" at: http://www.netspace.org/cgi-bin/wa?A2=ind9906a&L=bugtraq&F=&S=&P=409 _____ Date Reported: 1999-06-10 Vulnerability: ExploreZip Trojan Horse Platforms Affected: Windows 95/98 Windows NT Risk Factor: High ExploreZip is a trojan horse or worm type program that infects Windows systems through e-mail attachments. It appears as a WinZip icon in the e-mail attachment and once run, will target Microsoft Office type files and source code files for deletion. Reference: CERT/CC: "CERTŪ Advisory CA-99-06-explorezip" at: http://www.cert.org/advisories/CA-99-06-explorezip.html _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ISS is the pioneer and leading provider of adaptive network security software delivering enterprise-wide information protection solutions. ISS' award-winning SAFEsuite family of products enables information risk management within intranet, extranet and electronic commerce environments. By combining proactive vulnerability detection with real-time intrusion detection and response, ISS' adaptive security approach creates a flexible cycle of continuous security improvement, including security policy implementation and enforcement. ISS SAFEsuite solutions strengthen the security of existing systems and have dramatically improved the security posture for organizations worldwide, making ISS a trusted security advisor for firms in the Global 2000, 21 of the 25 largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at www.iss.net. ________ Copyright (c) 1999 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBN2cHPzRfJiV99eG9AQEXtwP/cBvvKY8eoXLRUMxDerIAsnF3Ctf/SYzz ANLglEcbpWoCBLvcGD126dgxpSeq0VHJFk0UGkWNUYqGGXgSiz/83FL+Gkv8auQC nK5x7PeMD5R5UGrHLhxJkT3MWyD+P9TZgxtGsTvRuxukwA5Hf0am6mKca+F2y2rs BOTDmeBUveo= =n4WZ -----END PGP SIGNATURE-----