Deutsche Version

When IIS is run on a machine on which a double-byte character set code page is used (i.e., the default language on the server is set to Chinese, Japanese, or Korean), and a specific URL construction is used to request a file in a virtual directory, normal server-side processing is bypassed. As a result, the file is simply delivered as text to the browser, thereby allowing the source code to be viewed.
Patches are available for the English, simplified Chinese, traditional Chinese, Japanese, and Korean version.

If all worker threads in CSRSS.EXE are occupied awaiting user input, no other requests can be serviced, effectively causing the server to hang. When user input is provided, processing returns to normal. The patch eliminates the vulnerability by ensuring that the last CSRSS worker thread services only requests that do not require user input.
Further information as well as a hotfix can be found in the advisory.

Windows NT provides the ability to manage user privileges programmatically via the Local Security Authority (LSA) API. The API allows a program to query user names, modify privileges, and change other elements of the security policy, subject to the program's authorizations. Certain API methods do not correctly handle certain types of invalid arguments. The vulnerability is a denial of service threat only, and service can be restored by restarting the machine.
It's recommended to install a hotfix published by Microsoft.

ISS reports 6 new vulnerabilities found:
- sun-rpc-statd
- ntmail-relay
- management-agent-file-read
- management-agent-dos
- http-cgi-cdomain
- ExploreZip Trojan Horse
Further information can be found at the site of ISS.

IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. A vulnerability exists involving an unchecked buffer in ISM.DLL, the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.
The result of the buffer overflow is either a crash of IIS or the possiblity for remote users to run arbitrary code on the server.
It's highly recommended to disable the script mapping for .HTR files. How to do this is described in the advisory or to install a hotfix: US-version, german version.

A Trojan horse program that is propagating in E-Mail attachments very often now. This program is called ExploreZip (alias: W32/ExploreZip.worm, Worm.ExploreZip). It's indicated that this has the potential to be a widespread attack. The program is not known to exploit any new vulnerabilities. While the primary transport mechanism of this program is via E-Mail, any way of transferring files can also propagate the program. The user is animated to open the attachment by the text in the E-Mail (e.g.)
  I received your email and I shall send you a reply ASAP.
  Till then, take a look at the attached zipped docs.
Once opened, the program searches local and networked drives (drive letters C through Z) for specific file types and attempts to erase the contents of the files, leaving a zero byte file. The targets may include Microsoft Office files (.doc, .xls, and .ppt), and various source code files (.c, .cpp, .h, and .asm). The program propagates by replying to any new E-Mail that is received by an infected computer, a copy of zipped_files.exe is attached to the reply message. In order to spread using e-mail, the worm needs Microsoft Outlook or Microsoft Exchange.
The program modifies the win.ini and creates a file called explore.exe.
Vendors of AntiVirus-Software are working on a solution. At the moment an update is available for the scanners by NAI (McAfee), Symantec (NAV), DataFellows (FProt), and Trend Micro.

Under certain conditions, Netscape Enterprise Server (NES) fails to properly process web requests. This activity has been observed in the NES bundled with Praesidium VirtualVault releases A.02.00, A.03.00, A.03.01 and A.03.50.
It's recommended to install the available patches:

Cisco 12000 series Gigabit Switch Routers(currently the 12008 and 12012 GSRs) running Cisco IOS software release 11.2(14)GS2 through 11.2(15)GS3 forward unauthorized traffic due to an error encountered while processing the established keyword in an access-list statement. The resulting vulnerability could be exploited to circumvent a site's security policy: When an affected Router executes the following command on an interface:
access-list 101 permit tcp any any established
the established keyword is ignored. It's recommended to install a patch mentioned in the advisory.

Systems running older versions of rpc.statd and automountd are affected by this vulnerability. A vulnerability in rpc.statd may allow a remote intruder to call arbitrary rpc services with the privileges of the rpc.statd process, typically root. The vulnerablility in automountd may allow a local intruder to execute arbitrary commands with the privileges of the automountd service. By combining attacks exploiting these two vulnerabilities, a remote intruder is able to execute arbitrary commands with the privileges of the automountd service.
Further information about affected vendors and how to get a patch is described in the advisory.

KDE is a very popular window manager available for most Unix platforms, and provides an easy-to-use interface and a number of graphical front ends to common command-line Unix applications. K-Mail contains a vulnerability that may allow local attackers to compromise the UID of whoever is running K-Mail. The mail client creates insecure temporary directories that are used to store MIME encoded files.
It recommended to install a patch.

Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack. The Debian GNU/Linux 2.1 release (slink) for the Sun sparc architecture uses such a kernel. If you are using such a system and haven't upgraded the kernel yourself, it's recommended to upgrade your kernel-image package immediately. If you have a sun4u system please use kernel-image-2.2.9-sun4u, otherwise use the normal kernel-image-2.2.9 package.
Kernel-Headers-2.2.9, kernel-image-2.2.9 sun4u, kernel-image-2.2.9.

Sendmail is a mail transfer agent which is freely available. Their base version is commonly known as "Berkeley sendmail", as opposed to various vendors' versions of sendmail (including Sun's). SunOS 5.6 and 5.5.1 originally included version 8.6.9 of Berkeley sendmail, with Sun enhancements added. Various security related improvements were made in version 8.8.8 of
Berkeley sendmail, including improvements relating to email spam and bombs, and email relaying. It's recommended to install the new version.

Rpc.statd is the NFS file-locking status monitor. It interacts with rpc.lockd to provide the crash and recovery functions for file locking across NFS. rpc.statd allows indirect RPC calls to other RPC services. Because rpc.statd runs as root, this allows remote attackers to bypass
access controls of other RPC services.
It's recommended to install a patch, published by Sun Microsystems.

The version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server.
It's recommended to install the concerning patches for alpha, i386, m68k or sparc.

ISS reports 13 new vulnerabilities found within the last month:
- nt-ras-pwcache
- cmail-command-bo
- cmail-fileread
- ftgate-fileread
- coldfusion-admin-dos
- coldfusion-encryption
- netscape-space-view
- netscape-title
- netbsd-arp
- nt-ras-bo
- irix-midikeys
- cde-dtlogin
- nt-helpfile-bo
Further information can be found at the site of ISS.

Here you can find the News from May 1999, April 1999, and March 1999