News March 1998
Most of the links lead to the corresponding files at CERT or
other organisations. So changes take place immediately,
especially which patches should be installed or which changes in
the configuration should be made to avoid this vulnerability.
Most of the files are transferred by ftp.
By the way: If we're not publishing well-known risks
inheritant in any widely used platform or program that doesn't
mean this particular platform or program is safe to use!
| HP-UX 9.x, 10.x | Denial-of-Service by inetd:
Hewlett-Packard Security Bulletin #000077,
ESB-98.049,
I-039,
ERS-027 Using HP9000 Series 7/800 and the mentioned systems improperly coded routines in the inetd may result in susceptability to denial of service attacks. This vulnerability may allow networking to be disabled. It's recommended to install the patches mentioned in the advisory. |
| MacOS | Possible loss of the whole system by De-Installation
of Microsoft Office 98: MacFixIt,
Microsoft If the new Microsoft Office for Macintosh is de-installed manually it may happen that the whole system-folder is moved to the wastebasket. If this is emptied by the user the whole system will be lost! A bugfix is not available yet. |
| IRIX 5.3 - 6.3 | Vulnerability by pset: SGI-19970506,
ERS-026,
ESB-98.048 This vulnerability had been published last year. SGI has published new patches and workarounds. How to install them is pointed out in the advisory. |
| IRIX 5.3 - 6.4 | Vulnerabilities by (old) Netscape Navigator:
SGI-19980303,
ERS-025,
ESB-98.047,
I-040 Some security holes have been found in some versions of the Navigator (e.g. "Tracker Bug" and "Bell Labs Privacy Bug"). SGI strongly recommends to use Netscape Navigator V. 3.04. It can be downloaded from SGI or Netscape. |
| Solaris 2.3 - 2.5.1 | Vulnerability in NIS+: SNI-027,
ERS-024,
ESB-98.044 The Network Information Server Plus (NIS+) is a network directory service that provides management and resource location support (including authentication and name resolution) to heterogenous distributed systems. Due to implementation problems, the programs supporting NIS+ can be exploited by an attacker to recover various pieces of system status information. These problems can be worked around using packet filters to block UDP traffic to the NIS+ server. Blocking UDP to the NIS+ server from valid NIS+ clients will cause the NIS+ system to fail, so between these no blocking should be done. Sun Microsystems is working on a fix. Additional information can be found at Sun's site in Canada. |
| Ascend OS 5.0Ap42 (MAX) and 5.0A (Pipeline) | Denial-of-Service by dicard and
problems with SNMP defaults: SNI-026,
I-038,
ERS-023,
ESB-98.043 In order to locate Ascend routers by "Ascend Java Configurator", the Configurator broadcasts a specially formatted UDP packet to the "discard" port (port 9). Ascend routers listen for these packets and respond with another UDP packet that contains the symbolic name of the router. In this manner, the Configurator can build a list of all Ascend routers on the local network. By sending a specially formatted (but malformed) probe packet to the discard port of an Ascend router, an attacker can cause an Ascend router to lock up. Attackers can easily discover Ascend routers to crash by sending probe packets to the discard port of arbitrary ranges of addresses; only Ascend routers will respond to them. It's recommended to block port 9/UDP. Another problem is caused by the default-installation of SNMP. It's possible to get the MIB-variables by SNMP-read, it's even possible to set them by SNMP-Write. This is reasoned by the weak protection through (well known) community-strings. They should be changed to non-default. |
| all | Advisory about cookies: I-034,
ESB-98.041 In this advisory, issued by CIAC, the problems about cookies are discussed. There is normally no danger for data or systems, but the user may be controlled by cookies. |
| perl for Red Hat Linux | Vulnerability in perl symlinks:
ESB-98.034 All versions of perl for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 4.2 and Red Hat 5.0 which fix these problems. All users of Red Hat Linux are encouraged to upgrade to the new perl releases immediately. |
| IRIX 5.3 - 6.4 | Vulnerabilities in startmidi/stopmidi,
datman/cdman, cdplayer:
SGI-19980301,
ERS-022,
I-035,
ESB-98.040,
S-98-15 Buffer Overflows may allow any user to gain root-access to the vulnerable machine. It's strongly recommended to install the referring patches pointed out in the advisory. |
| most FreeBSD | Patches against vulnerability in mmap:
SA-98:02,
ERS-021,
I-037,
ESB-98.039,
S-98-14,
NEW: ESB-98.042 As reported last month, there is a vulnerability in mmap. Now patches have been released. How to install them is described in the advisory. |
| most FreeBSD | Patches against land.c: SA-98:01,
ERS-020,
I-036,
ESB-98.038,
S-98-13,
NEW: ESB-98.042 For most versions of FreeBSD patches against this Denial-of-Service attack have been released and should be installed immediately. How to install them is described in the advisory. |
| Solaris 2.3 - 2.5.1 (Sparc and x86), SunOS 4.1.x | Vulnerability in rpc.cmsd: SUN
Security Bulletin #00166,
I-033,
ESB-98.037,
ERS-019 The rpc.cmsd is a small database manager for appointment and resource-scheduling data. Its primary client is Calendar Manager in Openwindows, and Calendar in CDE. This vulnerability, if exploited, allows attackers to overwrite arbitrary files and gain root access. It's strongly recommended to install the patches published by Sun Microsystems. |
| Solaris 2.6 (Sparc and x86) | Vulnerability in ndd: SUN Security
Bulletin #00165,
S-98-11,
I-033,
ESB-98.036,
ERS-018 TCP/IP kernel parameters can be set using the ndd command. A vulnerability has been discovered which, if exploited, would permit attackers to set parameters to cause a denial of service. It's strongly recommended to install the patches published by Sun Microsystems. |
| all | New CERT Summary: CS-98.03,
ERS-017,
ESB-98.035 Trends in incidents reported to CERT: 1. Root Compromises and Network Sniffers 2. Large-Scale Scanning and Attacks (IMAP, rpc.statd) 3. Denial-of-Service Attacks (More Denial-of-Service Attacks Targeting Windows 95/NT Machines) More important information about these and other topics can be found in the document linked above. |
| Microsoft Windows NT and 95 | Denial-of-Service by NewTear and other
programs: Microsoft,
CS-98.02,
I-031a,
ESB-98.031,
S-98-08,
ESB-98.032,
ERS-014,
ESB-98.033 The attacks involve sending a pair of malformed IP fragments which are reassembled into an invalid UDP datagram. The invalid UDP datagram causes the target machine to go into an unstable state. Once in an unstable state, the target machine either halts or crashes. We have received reports that some machines crashed with a blue screen while others rebooted. The solution to protect Windows 95 and NT machines from this attack is to apply the appropriate Microsoft patch: Intel: Windows NT 4.0, Windows NT 3.51, Windows 95 (Update to Winsock 2.0) Alpha: Windows NT 4.0, Windows NT 3.51 |
| Solaris 2.4 - 2.6 | Vulnerability by dtaction: SUN
Security Bulletin #00164,
ESB-98.030,
S-98-10,
I-032,
ERS-016 The dtaction utility allows applications or shell scripts, which are otherwise not connected into the CDE development environment, to invoke action requests. Due to insufficient bounds checking on arguments supplied to dtaction, it is possible to overwrite the internal stack space of dtaction. As dtaction is setuid root, this vulnerability may be exploited to gain root access. It's strongly recommended to install the patches published by Sun Microsystems. |
| Solaris 2.3 - 2.6, SunOS 4.1.x | Vulnerability by vacation: SUN
Security Bulletin #00163,
ESB-98.029,
S-98-09,
I-032,
ERS-015 The vacation program automatically replies to incoming email on behalf of the recipient and notifies senders that the recipient is not currently reading the email. A vulnerability has been discovered which, if exploited, may allow attackers access to the account of the user running the vacation program. It's strongly recommended to install the patches published by Sun Microsystems. |
| OpenBSD 2.2, FreeBSD 2.2.5 | Vulnerability by sysctl / IP Source Routing
Problem: OpenBSD,
ESB-98.028 Due to implementation problems, the system configuration control for "do source route" does not prevent source routed packets from being accepted by 4.4BSD kernels. Additionally, if source routing is enabled, the "forward IP packets" control does not prevent source routed packets from being forwarded. It's strongly recommended to install the patches from OpenBSD. |
Back to the News
© 1998 Dr. Matthias Leu, EDV Beratung fuer Internet/Intranet, last Update: Mai 04, 1998, 23:02 +0200