News February 1998
Most of the links lead to the corresponding files at CERT or
other organisations. So changes take place immediately,
especially which patches should be installed or which changes in
the configuration should be made to avoid this vulnerability.
Most of the files are transferred by ftp.
By the way: If we're not publishing well-known risks
inheritant in any widely used platform or program that doesn't
mean this particular platform or program is safe to use!
| OpenBSD 2.2, FreeBSD 2.2.5, BSDI 3.0 | Vulnerability in mmap: OpenBSD,
B3208,
ERS-013,
ESB-98.027 Due to a 4.4BSD VM system problem, it is possible to memory-map a read-only descriptor to a character device in read-write mode. This allows group "kmem" programs to become root, and root to lower the system securelevel, both by writing to the kernel memory device. How to patch this problem is described by OpenBSD. |
| HP-UX | New patches against land.c: HP-9801-076,
ESB-98.025,
ESB-98.026 It's recommended to install the patches so the system is protected against these attacks: HP-UX release 11.00 HP9000 Series 700/800 PHNE_14017 HP-UX release 10.30 HP9000 Series 700/800 PHNE_13671 HP-UX release 10.20 HP9000 Series 800 PHNE_13468 HP-UX release 10.24 HP9000 Series 700 PHNE_13888 HP-UX release 10.24 HP9000 Series 800 PHNE_13889 HP-UX release 10.20 HP9000 Series 800 PHNE_13468 HP-UX release 10.20 HP9000 Series 700 PHNE_13469 HP-UX release 10.16 HP9000 Series 700 PHKL_14242 <---- HP-UX release 10.16 HP9000 Series 800 PHKL_14243 <---- HP-UX release 10.10 HP9000 Series 800 PHNE_13470 HP-UX release 10.10 HP9000 Series 700 PHNE_13471 HP-UX release 10.01 HP9000 Series 800 PHNE_13472 HP-UX release 10.01 HP9000 Series 700 PHNE_13473 HP-UX release 10.00 HP9000 Series 800 PHNE_13474 HP-UX release 10.00 HP9000 Series 700 PHNE_13475 HP-UX release 9.04 HP9000 Series 800 PHNE_13476 HP-UX release 9.0[3,5,7] HP9000 Series 700 PHNE_13477 HP-UX release 9.01 HP9000 Series 700 PHNE_13478 HP-UX release 9.00 HP9000 Series 800 PHNE_13479 |
| Netscape Communicator 4.x | Vulnerability caused by Java-Script:
B0218 Windows and Unix systems running Netscape Communicator may allow webmasters to get data saved in the browser (e.g. list of visited URL) by using Java Script. Even FTP and POP accounts and passwords may be found out if the program is installed in the default path: It's recommended to turn Java Script off until this vulnerability is fixed by Netscape! |
| many | New Cert-Summary: CS-98.01,
ERS-012,
ESB-98.024 This summary reports about increasing attacks involving a vulnerability in rpc.statd or statd (CA-97.26). The vulnerability allows a remote attacker to gain root access. In addition to this it's reported how to find out if a system is compromised and which countermeasures are useful. |
| Windows NT 4.0 | Denial-of-Service by logon: SNI-025,
MS-Q180963,
ESB-98.023 Windows NT utilizes the SMB/CIFS protocol for network file sharing and other communications. To access the SMB/CIFS service on a Windows NT system, a logon request is initiated. Due to incorrect processing of the SMB logon packet, memory corruption occurs within the Windows NT kernel. As a result of corruption, a "Blue Screen" occurs, and the system reboots, and in some instances hangs on this screen. This attack can be launched without a valid login and password, since corruption occurs during processing of the logon request. Systems with Service Pack 3 installed are affected also! A Fix has been posted by Microsoft for Intel and Alpha processors. |
| AIX 4.1.x, 4.2.x, 4.3 | Denial-of-Service by Telnet: ERS-003i,
I-029,
ESB-98.022
-updated- ERS-003i A denial of service attack has been posted that causes all tty activity to hang and prevents new telnet sessions from being established. Remote users can cause the system to run out of message blocks and hang. At this moment only a patch for AIX 4.1.x is available. For the other systems a temporary fix should be installed. |
| Solaris 2.6 (Sparc und x86) | Vulnerability in volrmmount: SUN
Security Bulletin #00162,
ESB-98.020,
I-030,
ERS-011.1 The volrmmount(1) program is a setuid program that allows users to simulate an insertion or ejection of removable media. A vulnerability has been discovered in volrmount that may allow attackers, if exploited, to view any file on the system and also to gain root access. Systems running versions of Solaris below 2.6 are not vulnerable. Patches are available by Sun Microsystems. |
| many, IDS | Vulnerabilities in IDS (Network
Intrusion Detection Software): B0191 Secure Networks Inc. has tested some Network Intrusion Detection Software (ISS RealSecure, AbirNet SessionWall-3, WheelGroup NetRanger, Network Flight Recorder). These tools help to find out an intrusion automatically. Due to fundamental flaws in the manner by which these systems collect information, it's possible for an attacker to evade detection. Systems that provide 'reactive capabilities can lead to Denial-of-Service attacks against the protected networks. An Executive Summary (DOC) is as well abailable as a press release. The full paper can be downloaded in different formats: HTML, PS, PDF. |
| AIX 3.2.5, 4.1.x, 4.2.x, 4.3 | Vulnerability caused by wrong rights for temporary
Files (e.g. /tmp/last_uuid, /tmp/rc.net.out,
/tmp/xlogfile, /tmp/.oslevel.mlcache.info,
/tmp/sysdumpdev-L, /var/adm/ras/dumpsymplog):
ERS-002i,
ESB-98.021
-updated- ERS-002i Several insecure temporary files have been identified in AIX that will follow symbolic links when they are created. In addition, these temporary files are created with world-writable permissions. This can lead to denial of service attacks. If the root user executes one of the vulnerable commands while a symbolic link from the corresponding temporary file exists, then the link will be followed and overwrite or create arbitrary system files. The vulnerable commands are not installed as set-user-id programs, thus, unpriviledged users cannot create files in system directories. However, the root user may be tricked into executing the programs while the symbolic link is in place. How to avoid this problem is pointed out in the Advisory. |
| Red Hat Linux | Vulnerabilities caused by X server: ESB-98.018 Various problems have been found in the X server which makes it a serious threat to system security. All versions of the X server, including Metro X and Accelerated X, are thought to be affected (only XFree86 and the MIT X reference implementation are *known* to be, however). There are no new X servers available. It's recommended to remove the setuid bit from the binary and install a wrapper program released by Red Hat. The location of the files is pointed out in the Advisory. |
Back to the News
© 1998 Dr. Matthias Leu, EDV Beratung fuer Internet/Intranet, last Update: März 15, 1998, 14:04 +0100