News April 1999
Most of the links lead to the corresponding files at CERT or other organisations. So
changes take place immediately, especially which patches should be installed or which
changes in the configuration should be made to avoid this vulnerability. Most of the files
are transferred by ftp.
By the way: If we're not publishing well-known risks inheritant in any widely used
platform or program that doesn't mean this particular platform or program is safe to use!
NetBSD | SVR4 compatibility device creation vulnerability: NetBSD-09,
ERS-1999.057 In order to provide a system environment capable of executing System V Release 4 (`SVR4') binaries, it is necessary to create a set of device special files; to simplify this task, a shell script is shipped with the system. Due to a mismatch of device major numbers between NetBSD platforms, one device special file is erroneously created with a wrong major number, which may allow a regular user to arbitrarily read or write any data stored on the NetBSD portion of the first IDE disk configured by the system. This vulnerability is restricted to the i386 port of NetBSD with SVR4 emulation additionally configured only. It's recommended to install the concerning patch. |
||||||||||||||||||
Caldera Linux | Vulnerabilities in bash and shadow: CSSA-1999:008, CSSA-1999:009 In OpenLinux 1.0, 1.1, 1.2, 1.3, 2.2, using bash-1.14.7-10 and below commands in directory names may get executed via the prompt string. To avoid this problem, an upgrade package (source) is available. In OpenLinux 2.2 /etc/shadow may become world-readable under some circumstances. It's recommended to change the permissions to chmod 600 /etc/shadow and to install the upgrade package (source) |
||||||||||||||||||
Linux | Security Problems caused by procmail: CSSA-1999:007, Debian0422 In Debian and Caldera Linux some vulnerabilities were found, so if procmail is installed as setuid root, local users may gain more rights than wanted. It's recommended to install the latest version of procmail: Caldera: package, source Debian: alpha, i386, m68k, sparc, source |
||||||||||||||||||
Microsoft IE 5 and 4.x under Windows 9x and NT | Vulnerabilities caused by MSHTML: MS99-012, ERS-1999.060 MSHTML.DLL is the parsing engine for HTML in Internet Explorer. Some vulnerabilities were found: - The first vulnerability is the "IMG SRC" tag in HTML files. This tag identifies and loads image sources. The vulnerability results because the tag can be used to point to files of any type. A malicious web site operator could use this vulnerability to determine the size and other information about files on the computer of a visiting user. - The second vulnerability is a new variant of a previously identified cross-frame security vulnerability. A particular malformed URL could be used to execute a Java scriplet in the security context of a different domain. This could allow a malicious web site operator to execute a scriptlet on a visiting user's machine as though it were from a trusted site. - The third vulnerability affects only Internet Explorer 5.0, and is a new variant of a previously-identified untrusted scripted paste vulnerability. The vulnerability would allow a malicious web site operator to create a particular type of web page control and paste into it the contents of a visiting user's clipboard. It's recommended to install the patch published by Microsoft. |
||||||||||||||||||
Microsoft IE 5 on Windows NT | Security risk by DHTML Edit: MS99-011, ERS-1999.059 The DHTML Edit control is an ActiveX control that is distributed with Internet Explorer 5 and can be downloaded for use in Internet Explorer 4.0. The control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. A vulnerability could allow a malicious web site operator to read information that a user had loaded into the control, and it also could allow files with known names to be copied from the user's local hard drive. Further information can be found in the advisory and in the MS knowledge base. It's recommended to install the concerning patch for the US-version of the IE. |
||||||||||||||||||
Cold Fusion 3 and 4 | Vulnerability in Cold Fusion Server: L0pht, ERS-1999.058 There is a security problem with installations of Cold Fusion Application Server when (as the default is) the online documentation is installed. This vulnerability allows web users to view, delete, upload and potentialy execute files anywhere on the server. A demonstration of the problem can be found at L0pht's site. It's recommended not to install the online documentation and to install the patch from Allaire. |
||||||||||||||||||
all | New ISS Summary: ISS, ERS-1999.056
ISS reports 19 new vulnerabilities found within the last month: - default-flowpoint (also here) - ucd-snmpd-community - cisco-natacl-leakage - mpeix-debug - netbsd-vfslocking-panic - bmc-patrol-frames - bmc-patrol-replay - http-cgi-webcom-guestbook - ie-scriplet-fileread - ie-window-spoof - winroute-config - netcache-snmp - rsync-permissions - wingate-redirector-dos - wingate-registry-passwords - sco-termvision-password - webramp-device-crash - webramp-ipchange - xylan-omniswitch-ftp - xylan-omniswitch-login Further information can be found at the site of ISS. |
||||||||||||||||||
Red Hat Linux | Several Security Vulnerabilities fixed (pine, mutt, sysklogd, zgv, XFree86,
lpr, procmail, rsync): ESB-1999.044, ESB-1999.045, ESB-1999.051, ESB-1999.052, ESB-1999.053 Several vulnerabilities were found, patches are available now: Red Hat Linux 5.2 alpha: rpm -Uvh ftp://updates.redhat.com/5.2/alpha/mutt-0.95.4us-0.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/pine-4.10-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/XFree86-libs-3.3.3.1-1.1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/XFree86-3.3.3.1-1.1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/lpr-0.35-0.5.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/procmail-3.13.1-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/rsync-2.3.1-0.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/5.2/i386/mutt-0.95.4us-0.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/pine-4.10-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/XFree86-libs-3.3.3.1-1.1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/XFree86-3.3.3.1-1.1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/lpr-0.35-0.5.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/procmail-3.13.1-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/rsync-2.3.1-0.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/mutt-0.95.4us-0.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/pine-4.10-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/XFree86-libs-3.3.3.1-1.1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/XFree86-3.3.3.1-1.1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/lpr-0.35-0.5.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/procmail-3.13.1-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/rsync-2.3.1-0.sparc.rpm source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/mutt-0.95.4us-0.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/pine-4.10-1.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/lpr-0.35-0.5.2.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/procmail-3.13.1-1.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/rsync-2.3.1-0.src.rpm Red Hat Linux 5.1 alpha: rpm -Uvh ftp://updates.redhat.com/5.1/alpha/mutt-0.95.4us-0.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.1/alpha/pine-3.96-8.1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/lpr-0.35-0.5.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/procmail-3.13.1-1.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/5.1/i386/mutt-0.95.4us-0.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.1/i386/pine-3.96-8.1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/lpr-0.35-0.5.2.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/5.1/sparc/mutt-0.95.4us-0.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.1/sparc/pine-3.96-8.1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/lpr-0.35-0.5.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/procmail-3.13.1-1.sparc.rpm source: rpm -Uvh ftp://updates.redhat.com/5.1/SRPMS/mutt-0.95.4us-0.src.rpm rpm -Uvh ftp://updates.redhat.com/5.1/SRPMS/pine-3.96-8.1.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/lpr-0.35-0.5.2.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/procmail-3.13.1-1.src.rpm Red Hat Linux 5.0 alpha: rpm -Uvh ftp://updates.redhat.com/5.0/alpha/mutt-0.95.4us-0.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.0/alpha/pine-3.96-7.1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/lpr-0.35-0.5.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/procmail-3.13.1-1.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/5.0/i386/mutt-0.95.4us-0.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.0/i386/pine-3.96-7.1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/lpr-0.35-0.5.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/procmail-3.13.1-1.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/lpr-0.35-0.5.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/procmail-3.13.1-1.sparc.rpm source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/mutt-0.95.4us-0.src.rpm rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/pine-3.96-7.1.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/lpr-0.35-0.5.2.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/procmail-3.13.1-1.src.rpm Red Hat Linux 4.2 alpha: rpm -Uvh ftp://updates.redhat.com/4.2/alpha/pine-3.96-7.0.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/rpm-2.5.3-4.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/Xconfigurator-2.6.1-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/XFree86-libs-3.3.3.1-0.1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/XFree86-3.3.3.1-0.1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/lpr-0.35-0.4.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/procmail-3.13.1-0.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/4.2/i386/pine-3.96-7.0.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/rpm-2.5.3-4.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/XFree86-libs-3.3.3.1-0.1.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/XFree86-3.3.3.1-0.1.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/lpr-0.35-0.4.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/procmail-3.13.1-0.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/4.2/sparc/pine-3.96-7.0.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/rpm-2.5.3-4.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/XFree86-libs-3.3.3.1-0.1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/XFree86-3.3.3.1-0.1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/lpr-0.35-0.4.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/procmail-3.13.1-0.sparc.rpm source: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/pine-3.96-7.0.src.rpm rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/lpr-0.35-0.4.2.src.rpm rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/procmail-3.13.1-0.src.rpm Please read the advisories for further information! |
||||||||||||||||||
HP-UX | Security Vulnerability in sendmail: HP Security Bulletin #00097, ERS-1999.055,
ESB-1999.054, J-040 Hewlett-Packard systems that are running sendmail release 8.8.6 accept connections sub-optimally, which may allow users to initiate a Denial of Service. Public domain fixes now in sendmail 8.9.3 have been ported to HP-UX sendmail 8.8.6 release patch.
|
||||||||||||||||||
Cisco | IOS Software Input Access List Leakage with NAT: Cisco, ERS-1999.054,
ESB-1999.049, J-041, S-99-13 A group of related software bugs create an undesired interaction between network address translation (NAT) and input access list processing in certain Cisco routers running 12.0-based versions of Cisco IOS software. This may cause input access list filters to "leak" packets in certain NAT configurations, creating a security exposure. Configurations without NAT are not affected. It's recommended to install the fixes published by Cisco. Further information about these and affected versions can be found in the advisory. |
||||||||||||||||||
HP-UX | Security Vulnerability in MPEi/X debug: HP Security Bulletin MPE#006, ERS-1999.053,
ESB-1999.050 Because Debug improperly handles commands, users can increase their privileges. The problem does not exist with the release MPE/iX 6.0. It's recommended to install the concernig patch:
|
||||||||||||||||||
NetBSD | Denial-of-Service by Name Lookup: NetBSD-08,
ERS-1999.052,
ESB-1999.048 Unprivileged users can trigger a file-system locking error, causing the system to panic or hang. There are no workarounds for this problem. It's necessary to install a kernel patch published by the NetBSD Project. |
||||||||||||||||||
Netscape | Java Vulnerability in Netscape Communicator and Navigator: Netscape A security vulnerability has been found in the implementation of Java. It affects Windows, Mac and Unix versions of Netscape Communicator and Navigator 4.0x and higher. The vulnerability could be exploited by running a malicious Java applet from an untrusted Web site. It's recommended to install the latest version of the browser or to turn off Java. |
||||||||||||||||||
Ramp Networks WebRamp | WebRamp Denial of Service Attacks: ISS-025, ERS-1999.051 Ramp Networks WebRamp Internet access devices allow multiple computers to share a dialup connection. The WebRamp family of Internet access devices are designed for small businesses. WebRamp is vulnerable to two denial of service attacks that allow an attacker to either crash the WebRamp device or change its IP address. When the device crashes, it will have to be manually reset before it will dial up. Sending a specially-formatted UDP packet to port 5353 changes the WebRamp's local IP address, effectively 'hiding' the device from the rest of your machines. Here you can get the latest firmware for your model of WebRamp. |
||||||||||||||||||
HP-UX | Security Vulnerability in MC/ServiceGuard and MC/LockManager:
HP Security Bulletin #00096, ERS-1999.049,
J-039, ESB-1999.047 MC/ServiceGuard and MC/LockManager exhibit improper implementation of restricted SAM functionality so users can gain increased privileges. It's recommended to install the patches listed below:
|
||||||||||||||||||
HP-UX | Security Vulnerability with DESMS: HP Security Bulletin #00095, ERS-1999.050,
J-039, ESB-1999.046 The Domain Enterprise Server Management System (DESMS) processes allow increased privileges for ordinary users. It's recommended to install the patches listed below:
|
Back to the News
© 1999 Dr. Matthias Leu, EDV Beratung fuer Internet/Intranet, last Update: 1999-05-13, 14:17 +0200