|
| |
|
Our Security Alert
Page 2001
Here you will find
recent security alerts indexed by date.
For specific alerts on operating systems choose a button from
above. For recent security alerts & risks scroll down...
|
| July
18, 2001 |
|
Denial
of Service Condition in IBM DB2 Universal Database Server |
|
July
18, 2001 |
| |
|
| July
18, 2001 |
|
|
Denial
of Service in Cisco IOS PPTP |
|
| July
18, 2001 |
|
|
Unsafe
functionality exposure in MS Outlook |
|
| July
14, 2001 |
|
|
Multiple
Vulnerabilites in Cisco 5420 Storage Router |
|
| July
14, 2001 |
|
|
McAfee
ASaP Directory Traversal |
|
| July
14, 2001 |
|
|
|
|
| July
6, 2001 |
|
| Backdoor
in R.I Soft Systems 4th of July Screensaver A
back door exists in the 4th
of July Fireworks demo screensaver from Rhode Island Soft Systems.
By pressing the space bar on the keyboard, it's possible to circumvent
the screensaver's lock workstation function. A malicious user can make
the default Web browser appear with the Rhode Island Soft System Web
site by using the security context of the currently logged-on user. From
there, the attacker can run explorer.exe in the browser’s address
window to get the desktop and to run any other program under this
context. A malicious user can also exploit this vulnerability remotely
through Windows 2000 Terminal Services Advanced Client (formerly known
as Terminal Services Web Client).
Affected Software:
- Rhode
Island Soft Systems’ 4th of July Fireworks demo screensaver for
Windows 2000, Windows NT, and Windows 9x
Rhode Island Soft
Systems, was notified about this vulnerability, but doesn't intend
to release a fix for this issue. To work around this problem, a user can
uninstall the demo screensaver software.
|
|
| July
6, 2001 |
|
| SMTP
Vulnerability in Windows 2000 A
vulnerability exists in the default SMTP server that is installed with
these four versions of Win2K. An attacker can use a vulnerability in the
SMTP authentication process to successfully authenticate to the SMTP
service using incorrect credentials. A potential attacker exploiting
this vulnerability can gain user-level privileges on the SMTP service
and use the service to perform SMTP mail relaying. This vulnerability
affects only standalone machines, not DCs or Microsoft Exchange mail
servers running Win2K.
Affected Software:
Microsoft, has released
security bulletin MS01-037
for this vulnerability, and recommends that Win2K users immediately
apply the patch
mentioned in the bulletin. Patches for Win2K Datacenter are hardware
specific, and are available only through the original equipment
manufacturer.
|
|
| July
5, 2001 |
|
| Backdoor
in Rhode Island Soft Systems Living Waterfalls Screensaver A
back door exists in the Living Waterfalls demo screensaver from Rhode
Island (RI) Soft Systems. By pressing the space bar on the keyboard,
it's possible to circumvent the screensaver's lock workstation function.
A malicious user can make the default Web browser appear with the RI
Soft System Web site by using the security context of the currently
logged-on user. From there, the attacker can run explorer.exe in the
browser’s address window to get the desktop and to run any other
program under this context. A malicious user can also exploit this
vulnerability remotely through Windows 2000 Terminal Services Advanced
Client (formerly known as Terminal Services Web Client).
Affected Software:
- Rhode
Island Soft Systems’ Living Waterfalls demo screensaver for
Windows 2000, Windows NT, and Windows 9x
Rhode
Island Soft Systems, was notified and doesn't intend to release a
fix for this issue. To work around this vulnerability, a user can
uninstall the screensaver software.
|
|
| June
27, 2001 |
|
| Windows
2000 LDAP over SSL Password Change Vulnerability A
vulnerability exists involving a Lightweight Directory Access Protocol (LDAP)
function that is available only if the LDAP server has been configured
to support LDAP over Secure Socket Layer (SSL) sessions. The purpose of
this function is to let users change the data attributes of directory
principals. By design, the function should check the user's
authorizations before completing the request. However, the function
contains an error that manifests itself only when the directory
principal is a domain user and the data attribute is the domain
password. In this case, the function fails to check the requester's
permissions, resulting in the possibility that a malicious user can
change any other user’s domain logon password. By design, any
user who can connect to the LDAP server can also call the function
affected, including users who connect through anonymous sessions. As a
result, any user who can establish a connection with an affected server
can exploit the vulnerability.
Affected Software:
Microsoft
has released security bulletin MS01-036
for this vulnerability, and the company recommends that Win2K Server
and Win2K AS users immediately apply the patch
mentioned in the bulletin. Patches for Win2K Datacenter are hardware
specific, and are available only through the original equipment
manufacturer.
|
|
| June
22, 2001 |
|
| Malformed
Word Document may Enable Macro to Run Automatically A
vulnerability exists in Microsoft Word that lets an attacker modify a
Word document in a way that prevents the security scanner from
recognizing an embedded macro while still letting the macro execute.
This vulnerability lets an attacker run a macro automatically when a
user opens the document. Such a macro can take any action that the user
can take, including disabling the user’s Word security settings so
that the user can no longer check subsequently opened Word documents for
macros.
Affected Software:
- Microsoft Word 2002
- Microsoft Word 2000
- Microsoft Word 97
- Microsoft Word 98 (J)
- Microsoft Word 2001 for Macintosh
- Microsoft Word 98 for Macintosh
Microsoft,
has acknowledged this vulnerability and recommends that users
immediately apply the applicable patch contained in Security Bulletin MS01-034.
|
|
| June
22, 2001 |
|
| Microsoft
Visual Studio RAD Support in FrontPage Server Extensions A
buffer
overflow condition exists in the in the optional sub-component of
the FrontPage server extension called Visual Studio RAD (Remote
Application Deployment) Support. This sub-component contains an
unchecked buffer in a section that processes input information. An
attacker can exploit this vulnerability to execute code on the server by
sending a specially malformed packet to this component and can execute
this cocd under the IUSR_ machinename security context. Under the right
circumstances, the attacker can also run the code under the system’s
security context, letting the attacker take any desired action on the
server, including assuming full control of server. This optional
component of the FrontPage server extensions is not part of the default
installation.
Microsoft, has released security
bulletin MS01-035
for this vulnerability and recommends that users of this optional
component immediately apply the patch mentioned in the bulletin.
|
|
| June
20, 2001 |
|
| NSA
RELEASES WIN2K SECURITY RECOMMENDATION GUIDELINES
The US National Security Agency (NSA) has released a set of guidelines
and templates to help you secure Windows 2000 systems. The materials
contain 5 templates to use with Microsoft's Security Configuration
Editor, 17 guides to secure various aspects of the OS, and 3 supporting
documents with in-depth defense coverage and details about various
popular software packages.
Regarding the security of other OSs, the NSA announced in January
2001 that it had begun developing a more secure version of Linux that it
calls Security-Enhanced Linux. NSA has made the prototype and source
code available to the public at the NSA/CSS
INFOSEC Web site. |
|
| June
20, 2001 |
|
| IIS
BUFFER OVERFLOW CONDITION IN INDEX SERVER COMPONENT
eEye Digital Security has discovered that a vulnerability in Microsoft
Index Server can let an attacker execute code under the system security
context and take any action on the server, including assuming full
control of the server. This vulnerability stems from an unchecked buffer
in the Index Server Internet Server API (ISAPI) extension, idq.dll,
which supports administration scripts. The buffer overrun condition
occurs before any indexing is requested; therefore, the server remains
vulnerable even if the Index Service isn't running. If you have the
script mappings for .ida and .idq extensions in place, and users can
establish Web sessions to the server, you have a vulnerable server. The
company recommends that you remove script mappings for .ida and .idq
extensions under IIS if you're not using them as mentioned in the
security checklists for IIS 4.0 and IIS 5.0.
Microsoft,
has released security bulletin MS01-033
for this vulnerability and recommends that users immediately apply the
patch specified in the bulletin. The company further recommends that you
remove script mappings for .ida and .idq extensions under IIS if you're
not using them as mentioned in the security checklists for IIS
4.0 and IIS
5.0.
|
|
| June
20, 2001 |
|
| SQL
SERVER CACHED CREDENTIALS VULNERABILITY A
vulnerability in Microsoft SQL Server 2000 and SQL Server 7.0 can let an
attacker execute SQL queries using the systems administrator
security context. When a user terminates a client connection to a SQL
Server, the connection remains cached for a period of time because of
performance reasons. One SQL query method contains this cache
vulnerability, and an attacker can use the query to reuse a cached
connection that once belonged to the systems administrator account. An
attacker can then take actions on the database (e.g., running code), and
under the right conditions, can assume full control of the server.
Microsoft,
has released security bulletin MS01-032
for this vulnerability, and recommends that users immediately apply the
patch mentioned in Microsoft article "Query
Method Used to Access Data May Allow Rights that the Login Might Not
Normally Have."
|
|
| June
13, 2001 |
|
| SCRIPT
EXECUTION VULNERABILITY IN MICROSOFT EXCHANGE OWA
Joao Gouveia discovered a flaw in the interaction between Microsoft
Exchange Server Outlook Web Access (OWA) and Microsoft Internet Explorer
(IE) for message attachments. If an attachment contains HTML code that
includes script, the script will execute when the user opens the
attachment, regardless of the attachment type.
Microsoft has acknowledged
this vulnerability and recommends that users immediately apply the patch
mentioned in Security Bulletin MS01-030.
|
|
| June
13, 2001 |
|
| MULTIPLE
VULNERABILITIES IN MICROSOFT WINDOWS 2000 TELNET
Seven different vulnerabilities exist in the version of Telnet that
Microsoft ships with Windows 2000. Two of these vulnerabilities relate
to the way that Telnet handles the sessions that a user creates, and
escalate the user's privilege. Four of these vulnerabilities let an
attacker create Denial of Service (DoS) attacks, and the seventh
vulnerability involves information disclosure that lets an attacker
enumerate Guest accounts exposed by using the Telnet server. Guardent,
Peter Grundl, Richard Reiner, and BindView's Razor team discovered the
problems. For Windows 2000 Datacenter Server users, the patches are
hardware specific, and users should contact the OEM.
Microsoft acknowledges these vulnerabilities and recommends that
users immediately apply the patch
mentioned in Security Bulletin MS01-031.
For Windows 2000 Datacenter Server users, the patches are hardware
specific, and users should contact the original equipment manufacturer.
|
|
| June
6, 2001 |
|
| CISCO
WEBNS MANAGEMENT SOFTWARE ALLOWS UNAUTHENTICATED ACCESS
If users bookmark the URL that the Web management interface directs
users to after first authentication, users can access that URL anytime
in the future without having to reauthenticate. Cisco has issued an
advisory regarding this vulnerability. Cisco recommends that users
running WebNS management software upgrade to versions 4.01B29s or
4.10B17s, available through regular support channels. As a workaround,
Cisco recommends either disabling the Web management interface on the
switch or applying access control as specified in the documents linked
in the Web article below.
Cisco
has issued an advisory
regarding this vulnerability. Cisco recommends that users running the
above-listed WebNS software versions upgrade to versions 4.01B29s or
4.10B17s, available through regular support channels. As a workaround,
Cisco recommends either disabling the Web management interface on the
switch or applying access control as specified in the following
documents:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/profiles.htm
and
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/advcfggd/sgacleql.htm |
|
| June
6, 2001 |
|
| SCANNING
SOFTWARE VULNERABILITY CAN TRIGGER RELOAD OF CISCO IOS CONFIGURATION
A vulnerability exists in Cisco's Internetwork Operating System (IOS)
that can cause a configuration reload. Security scanning software making
a TCP connection to ports 3100-3999, 5100-5999, 7100-7999, and
10100-10999 causes the router to unexpectedly reload at the next
issuance of the commands "show running-config" or "write
memory" or during the next access of the configuration file. An
attacker can't configure Cisco IOS software to support any services that
might listen at these port addresses or accept connections on those
ports. However, connection attempts to these ports in the affected
version can cause memory corruption, leading to an unexpected reload.
Cisco has issued a notice regarding this vulnerability.
Cisco
has issued a notice
regarding this vulnerability.
|
|
| June
6, 2001 |
|
| FTP
VULNERABILITY IN CISCO ARROWPOINT SWITCHES A user
account that doesn't have administrative privileges can open an FTP
connection to a Cisco CSS 11000 series switch and use the GET and PUT
FTP commands with no user-level restrictions enforced. Cisco recommends
that users running the WebNS software versions listed in the article at
the URL (below) upgrade to versions 4.01B29s or 4.10B17s, available
through regular support channels. As a workaround, Cisco recommends that
users don't configure nonprivileged users on the switch, as the software
doesn't create any by default. Cisco also recommends using the RESTRICT
command to disable FTP access to the switch and applying access control
to FTP users as specified in the documents linked in the Web article
below.
Cisco
has issued an advisory
regarding this vulnerability. Cisco recommends that users running the
above-listed WebNS software versions upgrade to versions 4.01B29s or
4.10B17s, available through regular support channels. As a workaround,
Cisco recommends that users do not configure non-privileged users on the
switch, as the software does not create any by default. Cisco also
recommends using the RESTRICT command to disable FTP access to the
switch and applying access control to FTP users as specified in the
following documents:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/profiles.htm
and
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/advcfggd/sgacleql.htm |
|
| June
6, 2001 |
|
| DENIAL
OF SERVICE IN PI-SOFT SPOONFTP SERVER A
Denial of Service (DoS) condition in Pi-Soft SpoonFTP 1.0.0.12 can let
an attacker execute arbitrary code on the server. By establishing an FTP
connection to a vulnerable server and issuing the LIST or CWD command,
followed by 531 bytes of data or more, an attacker can cause the server
process to crash. In most cases, the computer kills the process before
passing any data to the stack, but the possibility still exists for an
attacker to overwrite the code's execution instruction point (EIP) and
execute the code. The vendor, Pi-Soft Consulting, has released version
1.0.0.13 to fix this vulnerability.
The
vendor, Pi-Soft Consulting, has
released version 1.0.0.13
to fix this vulnerability.
|
|
| May 29, 2001 |
|
| By embedding a macro in a template
and providing another user with a Rich Text Format (RTF) document that
links to the template, an attacker can cause macros to run
automatically when the user opens the RTF document. Microsoft has
released an FAQ and a patch to remedy this vulnerability.
Microsoft
has acknowledged this vulnerability and recommends that users
immediately apply the patch contained in Security Bulletin MS01-028. |
|
| May 29, 2001 |
|
| An unchecked buffer vulnerability in the
method Windows Media Player (WMP) uses to process Active Stream
Redirector (.asx) files can result in a buffer overflow. An attacker can
use the vulnerability to run code on the vulnerable computer under the
user's security context. Microsoft has acknowledged this vulnerability
and recommends that users of WMP 6.4 immediately apply the patch
contained in Security Bulletin MS01-029. For users of WMP 7.0, Microsoft
recommends an upgrade to version 7.1.
Microsoft, has acknowledged
this vulnerability and recommends that users of Windows Media Player 6.4
immediately apply the patch contained in Security Bulletin MS01-029.
For users of version 7.0, Microsoft recommends an upgrade to version
7.1. |
|
| May 29, 2001 |
|
| Multiple vulnerabilities exist in eEye's
SecureIIS 1.0.2. The first vulnerability involves the
keyword-checking feature: SecureIIS fails to decode escaped characters
in a request's query, which can lead to information disclosure. The
second involves a directory traversal vulnerability that lets an
attacker break out of the Web root directory. The third vulnerability
involves a buffer overrun condition caused by the way SecureIIS
processes HTTP header and large-character requests. The vendor, eEye
Digital Security, recommends that users upgrade to version 1.0.5, which
addresses these vulnerabilities.
The
vendor, eEye Digital Security, recommends that users upgrade to version
1.0.5, which addresses these vulnerabilities.
|
|
| May 23, 2001 |
|
| IE ALLOWS SPOOFING OF TRUSTED WEB
SITES Two newly discovered vulnerabilities in
Microsoft Internet Explorer (IE) 5.01 and 5.5 let an attacker spoof
trusted Web sites. The first vulnerability involves how IE validates
digital certificates sent from Web servers. The second vulnerability can
let a Web page display the URL from a different Web site in the IE
address bar. Microsoft has released a patch and FAQ and will make
article Q295106 available online soon.
The
vendor, Microsoft, has
acknowledged these vulnerabilities and recommends that users immediately
apply the patch contained in Security Bulletin MS01-027. |
|
| May 23, 2001 |
|
| NETSCAPE ENTERPRISE SERVER ALLOWS
REMOTE COMMAND EXECUTION A vulnerability in the Netscape
Enterprise Server 4.1 for Windows NT Web Publisher can give an attacker
system-level shell access on the server. By sending a large buffer
containing executable code and a new instruction pointer, an attacker
can gain remote system-level shell access to the vulnerable server. The
vendor, iPlanet, acknowledges this vulnerability and has released a
patch. iPlanet further recommends that users apply Service Pack 8 (SP8)
when iPlanet makes it available.
The
vendor, iPlanet, acknowledges this
vulnerability and has released an NSAPI
patch to correct this vulnerability. It's further recommended that
users apply Service Pack 8 (SP8) when iPlanet makes SP8 available.
|
|
| May 23, 2001 |
|
| IIS MIGHT ALLOW REMOTE COMMAND
EXECUTION Nsfocus discovered three vulnerabilities
in Microsoft's IIS 4.0 and 5.0 that can lead to a Denial of Service (DoS)
attack, remote code execution, and information disclosure. The DoS
vulnerability is in the function that processes wild-card service
requests for the FTP service. The remote code execution vulnerability
lets a potential attacker run scripts on the server by using the
security context of IUSR_machinename, which by default appears in the
Everyone group. The information disclosure vulnerability lets an
attacker find guest accounts that FTP inadvertently exposed. You can
find more detailed information about these vulnerabilities on
Microsoft’s Web
site. Microsoft has released an FAQ, patch, and articles
Q293826, Q295534, Q294370, and Q288855 to address these
matters.
The
vendor, Microsoft, has
acknowledged these vulnerabilities and recommends that users immediately
apply the patch contained in Security
Bulletin MS01-026. |
|
| May 23, 2001 |
|
| CARELLO E-COMMERCE SERVER ALLOWS
REMOTE COMMAND EXECUTION Peter Grundl discovered
that a vulnerability in Carello E-Commerce Server 1.2.1 for Windows NT
lets an attacker use the System Security context to run programs located
on the server. The carello.dll uses full physical paths to execute its
scripts instead of paths relative to the Web root.
The
vendor, Carello, acknowledges
this vulnerability and has released version
1.3 to correct this vulnerability.
|
|
| May 16, 2001 |
|
| NEW WORM CAUSES SOLARIS TO ATTACK
WINDOWS The Computer Emergency Response Team (CERT)
issued an advisory today detailing a new worm that causes a Sun
Microsystems Solaris system to attack a Windows system. The worm
exploits a vulnerability under Solaris to install a worm that attempts
to seek out and attack IIS-based systems. According to the advisory, the
problem stems from a 2-year-old buffer overflow condition in the
Solstice sadmind program and a 7-month-old directory traversal
vulnerability common to unpatched IIS 4.0 and 5.0 systems.
Sun issued Security Bulletin #00191
in response to the sadmind buffer problem in December 2002, and
Microsoft issued Security Bulletin MS00-078
in response to the IIS directory traversal problem in October 2000. CERT
maintains its own bulletins regarding the two problems with Solaris
and IIS
and advises all Windows 2000 and NT and Solaris users to patch their
systems against these long-known issues. |
|
| May 16, 2001 |
|
| CRUSH FTP RELATIVE PATH VULNERABILITY
Joe Testa discovered that a vulnerability in CrushFTP lets an attacker
break out of FTP root. For example, by connecting to a vulnerable host
and issuing the change directory (CD) command, an attacker can access
the root directory where the FTP server is running. An attacker can also
download files outside of the FTP root by using relative paths. Version
2.17 is now available and isn't vulnerable to this problem.
The
program author, Ben Spink, has released version
2.1.7, which is not subject to this
vulnerability.
|
|
| May 16, 2001 |
|
| DOS IN WFTPD FTP SERVER
Joe Testa discovered a Denial of Service (DoS) condition in Texis
Imperial Software's WFTPD program. If a potential attacker connects to
the FTP server and issues a change directory (CD) command targeted at
the 3.5" drive of the FTP server, the server processes this
request. The vendor will correct the problem in version 3.1. A
workaround is to disable the drive in the FTP server's BIOS.
Texas Imperial Software, will
correct this vulnerability in a future release, version 3.1. Meanwhile,
to work around the vulnerability, use the FTP server’s BIOS settings
to disable the floppy drive.
|
|
| May 16, 2001 |
|
| DOS IN WINDOWS 2000 KERBEROS SERVICE
Defcom Labs discovered that a Denial of Service (DoS) condition in the
Windows 2000 Kerberos and Kerberos password services can let an intruder
disrupt those services on a network.
Microsoft,
acknowledges this vulnerability and recommends that users apply the
patch contained in Security
Bulletin MS01-024. Users can also disallow access to Kerberos-related
TCP ports 88 and 464 from untrusted networks.
|
|
| May 16, 2001 |
|
| IIS MIGHT ALLOW REMOTE COMMAND
EXECUTION Three vulnerabilities were recently
discovered in Microsoft's IIS 4.0 and 5.0 that can lead to a Denial of
Service (DoS), remote code execution, and information disclosure. The
DoS vulnerability is in the function that processes wild-card service
requests for the FTP service. The remote code execution vulnerability
lets a potential attacker run scripts on the server by using the
security context of IUSR_machinename, which by default appears in the
Everyone group. The information disclosure vulnerability lets an
attacker find guest accounts that FTP inadvertently exposed.
Microsoft,
has acknowledged these vulnerabilities and recommends that users
immediately apply the patch contained in Security
Bulletin MS01-026.
|
|
| May 16, 2001 |
|
| Another security product is an
intrusion-detection system (IDS) called Snort, which is provided
free to everyone under the GNU General Public License scheme (as
published by the Free Software Foundation.) Snort was originally
designed by Martin Roesch to run on UNIX systems; however, Michael Davis
has graciously ported Snort to the Win32 platform so now it runs on
Windows.
Like other IDS systems, Snort works by comparing network traffic to a
database of known attack types and traffic patterns. Snort is very
flexible; users can write their own rules using fairly simple syntax, or
they can download any of several predefined attack signature databases
(called rules) for use within the product. The ability to define your
own attack signatures means that you don't have to wait for your IDS
vendor to produce them for you; you can protect yourself as soon as you
discover a new risk by writing your own rules.
Snort is easy to use, good at detecting attacks, runs on a variety of
OSs, and comes with a plethora of snap-ins and add-ons that further
extend its abilities. If you thought you couldn't afford a good IDS
system for your network, Snort is just what you need--and it's free! You
can thank the open-source community for that fact. You can get Snort and
the required WinPcap packet driver at the following URLs: http://www.snort.org
http://netgroup-serv.polito.it/winpcap |
|
| May 16, 2001 |
|
| Are you interested in biometric
security? BioLogon is a fingerprint logon mechanism for
Windows 2000, Windows NT, and Windows 9x systems that eliminates the
need for passwords. The unit comes as a PC card finger scanner. The product integrates into
the Windows security subsystem, and you can configure it in a variety of
ways, including fingerprint-only logons, where passwords aren't
allowed--no matter how the system is booted, a person can't log on
without the correct fingerprint. When combined with disk encryption,
BioLogon offers strong security, especially for mobile users who are
more susceptible to stolen or lost computer equipment. You can use
BioLogon as standalone security for one system, or you can integrate the
tool across a network with Identix's BioServer software. If you're
looking for fingerprint-based security technology, give BioLogon a close
look http://www.identix.com/itsecurity/products/biologonclient.html |
|
| May 10, 2001 |
|
| Defcom Labs discovered that a Denial of
Service (DoS) condition exists in the Windows 2000 Kerberos and Kerberos
password services that could let an intruder disrupt those services on a
network. Microsoft has released an FAQ and a patch to remedy this
vulnerability.
Microsoft,
acknowledges this vulnerability and recommends that users apply the
patch contained in Security
Bulletin MS01-024. Users can also disallow access to Kerberos-related
TCP ports 88 and 464 from untrusted networks. |
|
| May 9, 2001 |
|
|
|
|
| May 9, 2001 |
|
|
Securing Exchange Server
|
|
| May 9, 2001 |
|
| IIS FLAW DOGS MICROSOFT
A security flaw in the Microsoft IIS Web server for Windows 2000 lets
hackers use the software to gain control of those systems, Microsoft
admitted this week. Microsoft's disclosure of what it refers to as an
"extremely serious flaw" stands in stark contrast to the
silence that greeted earlier security problems.
For more information and the free download, visit the Microsoft
Web site. |
|
| May 9, 2001 |
|
| UNCHECKED BUFFER IN IIS 5.0
eEye Digital Security discovered a buffer overflow condition in IIS 5.0
that can let an attacker choose code to run under the system's security
context. This vulnerability stems from an unchecked buffer in the
Internet Server API (ISAPI) .printer extension that handles the input
parameters to support the Internet Printing Protocol (IPP). The overflow
condition occurs when a user sends approximately 420 bytes within the
HTTP Host: header for a .printer ISAPI request.
Microsoft
has issued security bulletin MS01-023
to address this vulnerability, and has also issued a hotfix
that fixes the unchecked buffer in the ISAPI extension that handles the
input parameters. Users who are unable to apply this hotfix should
remove the mapping for the Internet printing ISAPI extension.
Microsoft’s Secure
Internet Information Services 5 Checklist provides more information
on this procedure.
|
|
| May 9, 2001 |
|
| WEBXQ WEB SERVER RELATIVE PATH
VULNERABILITY Joe Testa discovered that a
vulnerability in WebXQ lets an attacker break out of the Web root to
traverse other directories by using relative paths. The vendor,
DataWizard Technologies, has released Version 2.1.205 to correct this
vulnerability.
DataWizard Technologies, has released Version
2.1.205 to correct this vulnerability.
|
|
| May 9, 2001 |
|
| ALEX FTP SERVER RELATIVE PATH
VULNERABILITY Joe Testa discovered a vulnerability in
Alex FTP Server 0.7 that lets an attacker break out of an FTP root. For
example, an attacker can access the root directory where the FTP server
is running by connecting to a vulnerable host and issuing the command
"cd..". An attacker can also use relative paths to download
files outside of an FTP root. The vendor has been notified; however, no
workaround or fix is currently available.
Alex Linde,
has been notified. However, no workaround or fix is currently available.
|
|
| May 9, 2001 |
|
| BRS WEBWEAVER WEB SERVER RELATIVE PATH
VULNERABILITY Joe Testa discovered a vulnerability in
BRS WebWeaver 0.63 that lets an attacker use relative paths to break out
of an FTP root using particular commands. In addition, an attacker can
cause the Web server to disclose the physical path of FTP root. No
solution exists for the FTP root disclosure vulnerability. However, you
can use a workaround while the vendor works on a fix. Visit our Web page
for workaround details and a demonstration of the problem.
No
solution exists for the FTP root disclosure vulnerability. However, you
can prevent the Web server root traversal vulnerability by removing all
user-defined aliases (e.g., syshelp and sysimages) as well as the
Internet Server API (ISAPI)/Common Gateway Interface (CGI) alias (e.g.,
scripts). The vendor, Blaine
R. Southam, has
been notified, but has not yet provided a fix.
|
|
| May 2, 2001 |
|
A war between two
nations' hackers?
Ramifications from the fallout over the China-US spy plane incident have
made themselves known.
Last Monday, the Chinese hacking group Honkers Union of China
("honker" is Chinese slang for "hacker") hacked and
defaced more than 80 sites. Among the US sites hacked were the National
Institutes of Health, the U.S. Navy, the California Department of
Energy, and the U.S. Department of Labor. On the other side of the coin,
pro-American hackers have defaced at least 100 Chinese sites.
The Chinese are extremely upset over the
| |
