 |
||||||||||||||||||||||||||||||||||||||||||||||||
   August 1999, last change : 01/04/00 |
||||||||||||||||||||||||||||||||||||||||||||||||
| Here you find (a beta-version of) our network security search engine! | ||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Due to insufficient bounds checking on directory name lengths which
can be supplied by users, it is possible to overwrite the static memory space of the
wu-ftpd daemon while it is executing under certain configurations. By having the ability
to create directories and supplying carefully designed directory names to the wu-ftpd,
users may gain privileged access. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Buffer overflows exist in crond, the cron daemon, and the wu-ftpd.
This could allow local users to gain privilege. Patches should be installed: |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
The rpc.cmsd is a small database manager for appointment and
resource-scheduling data. Its primary client is Calendar Manager in OpenWindows, and
Calendar in CDE. A buffer overflow vulnerability has been discovered which may be
exploited to execute arbitrary instructions and gain root access.
|
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
The Microsoft VM is a virtual machine for the Win32 operating
environment. It runs atop Microsoft Windows 9x or NT. It ships as part of each operating
system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM
that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a
security vulnerability that could allow a Java applet to operate outside the bounds set by
the sandbox and take any desired action on the user's computer. If such an applet were
hosted on a web site, it could act against the computer of any user who visited the site. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
There is a vulnerability in the versions Enterprise 3.6sp2 and FastTrack 3.01. An attacker can send the web server an overly long HTTP GET request, overflowing a buffer in the Netscape httpd service and overwriting the process's stack. This allows a sophisticated attacker to force the machine to execute any program code that is sent. It's possible to use this vulnerability to execute arbitrary code as SYSTEM on the server, giving an attacker full control of the machine. Netscape provides a patch for this vulnerability. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
The Intelligent Agent binary, 'dbsnmp' is a setuid root executable.
The Intelligent Agent is a host-based agent that can be used to monitor, configure, and
maintain remote database instances with the Oracle Enterprise manager. The Intelligent
Agent is part of the Oracle distribution.Local attackers may use these vulnerabilities to
execute arbitrary commands as root, as well as create root-owned world-writable files
anywhere on the file system. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
There are vulnerabilities in superuser owned executables that may allow local root compromise. Attackers may uses these vulnerabilities to create, destroy, or modify any file on the system, including files owned by the superuser. This attack may be particularly useful to gain complete control of the database system, to manipulate Oracle database files, or to deny service. Oracle provides a patch for this vulnerability. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Lotus Domino Server is an integrated messaging and web application server. An attacker can crash the Lotus Notes Domino server and stop e-mail and other services that Domino provides for an organization. There is an overflow problem in the Notes LDAP Service (NLDAP); the service that handles the LDAP protocol. This overflow is related to the way that NLDAP handles the ldap_search request. By sending a large amount of data to the parameter in the ldap_search request, an attacker can cause a PANIC in the Domino Server. This will allow an attacker to stop all Domino services running on the affected machine. It's recommended to upgrade to Maintenance release 4.6.6 or 5.0. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
In CiscoSecure Access Control Server (CiscoSecure ACS) for UNIX,
versions 1.0 through 2.3.2, there is a database access protocol that could permit
unauthorized remote users to read and write the server database without authentication.
Depending on the network environment, this might permit unauthorized users to modify the
access policies enforced by the CiscoSecure ACS. A utility that is capable of using this
protocol to read or modify a database is shipped with the CiscoSecure ACS product. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Microsoft has released a patch that eliminates security vulnerabilities in the Microsoft(r) Jet database engine. The vulnerabilities could affect any application that runs atop Jet, and could allow a database query to take virtually any action on a user's computer. Microsoft recommends that all customers who are running applications that use Jet, especially users of Microsoft Office97 and Office2000, install the patch. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
A buffer overflow has been fixed in the tgetent() function of
libtermcap tgetagent and a possible Denial-of-Service attack against in.telnetd should
also be fixed by upgrading the system. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
A buffer overflow vulnerability has been discovered in the Source Code Browser's Program Database Name Server Daemon (pdnsd) of versions 2 and 3 of IBM's C Set ++ for AIX. This vulnerability allows local and remote users to gain root access. IBM C Set ++ for AIX versions 2 and 3 are no longer supported and no Patch will be issued. Instead, an upgrade should be done. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
ISS reports 8 new vulnerabilies within the last 2 weeks: |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Network Associates Gauntlet Firewall contains a vulnerability that would allow a remote attacker to crash the firewall by sending a specifically constructed ICMP packet through the machine to a known IP inside the firewall. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
A vulnerability exists in stdcm_convert, which is a program shipped with CDE and packaged with Solaris 2.6. A local user could create a symbolic link of the tmp file created by stdcm_convert and point it to any file on the system. This would overwrite the file and make it writable by the user. This could lead to a local root compromise. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Systems configured for DHCP obtain their default gateway
information, along with other configuration parameters, when they first contact the
network's DHCP server. When dynamically configured through DHCP, it has been shown to be
possible to remotely change the default gateway of certain systems, including Sun Solaris
and SunOS as well as Windows 9x, by manipulating the systems with ICMP Router
Advertisement messages. An attacker could therefore cause a system to direct its network
traffic through a system of their choice, opening up man-in-the-middle, monitoring |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Web server using Microsoft's Internet Information Server 4.0 as
their web engine are vulnerable against a DoS-Attack. If multiple HTTP requests containing
specially-malformed headers are sent to an affected server, IIS may consume all memory on
the server. As a consequence, in most cases the IIS has to be stopped and restarted. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
A wrapper program can be constructed by a local user that can modify
the internal data space of a program it execve(2)'s in a partially predictable way,
including setuid root binaries, exploiting a hole in profil. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
The version of samba as distributed in Debian GNU/Linux 2.1 has a
couple of security problems, so it's recommended to install version 2.0.5a-1 of samba. The
link for getting the upgrade is pointed out in the advisory. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Exploiting a hole in /etc/rc allows it users to rewrite the motd. Packets that should have been handled by IPsec may be transmitted as cleartext and a hole in profil(2) was found. It's recommended to install the patches for rc, IPSec, and profil. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
When a request to open a new terminal connection is received by a
Terminal Server, the server undertakes a resource-intensive series of operations to
prepare for the connection. It does this before authenticating the request. This would
allow an attacker to mount a denial of service attack by levying a large number of bogus
connection requests and consuming all memory on the Terminal Server. This vulnerability
could be exploited remotely if connection requests are not filtered. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Exchange Server implements features designed to defeat "mail
relaying", a practice in which an attacker causes an e-mail server to forward mail
from the attacker, as though the server were the sender of the mail. However, a
vulnerability exists in this feature, and could allow an attacker to circumvent the
anti-relaying features in an Internet-connected Exchange Server. |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
ISS reports 8 new vulnerabilies within the last 2 weeks: |
||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||
Here you can find the News from July 1999, June 1999, May 1999, April 1999, and March 1999 |
||||||||||||||||||||||||||||||||||||||||||||||||
