News September 1997
Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Most of the files are transferred by ftp.
| System: | Short description and further information: |
| Solaris with Transarc DCE and AFS | Solaris DCE Integrated login bug if AFS
klog not installed: VB-97.08,
ESB-97.123,
S-97-72,
H-109 On systems running Transarc's Solaris DCE integrated login program which have AFS installed but no AFS klog binary,unauthorized users may gain access to local system resources as any valid user. Patches are available by Transarc. |
| Windows | Vulnerability in WS-FTP: DSB-97:02
(in german) The passwords, saved by this FTP-client are not encrypted savely. Therefore everybody who can read the Config-File may compromise the saved ftp-accounts. The security-bulletin of DFN-CERT shows how to make it safe. |
| BSD Unix | Vulnerability in I/O Signal Handling:
ESB-97.120 A vulnerability discovered in the 4.4BSD kernel allows unprivileged users to send certain signals to arbitrary processes on the system. Depending on the operating system and targeted program, this may allow users to kill off processes or disrupt the operation of certain programs. The Patch is included at the end of the Advisory. |
| Solaris 2.3 - 2.5.1 (Sparc und x86) |
For the vulnerabilities in libXt
(August 1997, SUN Security Bulletin #00153)
Sun has announced Patches for the different Solaris: SUN
Security Bulletin #00154,
H-108,
ESB-97.122,
S-97-71 The patches can be found at the site of Sun Microsystems. In Solaris 2.6 the Buffer Overflows are fixed. |
| Unix | Vulnerability in rdist: CA-97.26,
H-107,
ESB-97.121,
S-97-70 The rdist program is a UNIX Operating System utility used to distribute files from one host to another. On some systems, rdist opens network connections using a privileged port as the source port. This requires root privileges, and to attain these privileges rdist on such systems is installed set-user-id root. A new vulnerability has been found in some set-user-id root implementations of rdist. Note that this vulnerability is distinct from that discussed in CERT advisory CA-96.14. On systems with a vulnerable copy of rdist, anyone with access to a local account can gain root access. Patches are available by some manufacturers, they are listed in the advisory. |
| IRIX | Vulnerability in LOCKOUT and login:
SGI
19970508-02-PX, H-106,
ESB-97.119,
S-97-69 This vulnerability was published in April (AA-97.12, CA-97-15, AA-97.22 and CA-97.21), now SGI has released some new Patches. They are downloadable from SGI now. |
| alle | CERT-NL
has published some interesting information about Mailspamming
and possible counter-measures against it:: S-97-68,
, ESB-97.118 Spamming Mail today is a problem. Some use not only the own but also other SMTP servers as a relay. In S-97-68 these problems are described and the counter-measures e.g. for sendmail 8.8.x and PP/MMTA explained. There are also some links for further references. |
| HP-UX | Possible vulnerability in vuefile, vuepad,
dtfile, dtpad: Hewlett-Packard
Security Bulletin #00069,
H-105,
ESB-97.117: Users can inadvertently allow access to their accounts by running vuefile, vuepad, dtfile, or dtpad to displays they do not control. Do not run vuefile, vuepad, dtfile, or dtpad while su'd to another account. Also do not run them with the display set to another Xserver, unless the same account is logged in at each Xserver. |
| HP-UX | For the Buffer overflow condition in X11/Motif libraries (from May 1997) additional Patches for HP-UX 10.24 are released: Hewlett-Packard Security Bulletin #00067, H-103, ESB-97.116 |
| HP-UX | For the Buffer overflow condition in libXt/Error.c (from April 1997) additional Patches for HP-UX 10.24 are released: Hewlett-Packard Security Bulletin #00058, H-104, ESB-97.115 |
| Microsoft IE 4.0 beta 2 | Vulnerability in Internet Explorer 4.0, beta 2 in
combination with Java: CNet By using Microsoft's Beta JDK 2.0 it may happen that files on the local disk are deleted or corrupted by Java Applets, this feature will be fixed in the final version. |
| HP-UX | Vulnerability in cue: AA-97.26 The HP-UX cue(1) program is used to start the Character-Terminal User Environment (CUE) for users. cue is often started from cuegetty(1M) but may also be started from the command line or via a user's initialisation script (for example, .login). It has been discovered that cue creates files in an insecure manner. As this program is setuid root, it may be possible for local users to create or overwrite arbitrary files on the system. This can be leveraged to gain root privileges. At the moment only a workaround is available, publishes by AUSCERT. |
| several UNIX | Vulnerability in vacation: SNI-18,
ESB-97.114 Vacation is used by the recipient of email messages to notify the sender that they are not currently reading their mail. This is installed by placing a .forward file into your directory with \user, "|/usr/bin/vacation user". When vacation responds to an incoming message, it invokes the sendmail command, specifying the address of the sender on the command line. By specifying a sendmail command line option rather than a valid email address, it is possible to cause sendmail to be invoked with an alternate configuration file. This alternate configuration file can be previously sent to the system via a seperate email message, or via anonymous FTP. When parsed, this new sendmail configuration file can cause sendmail to execute arbitrary commands on the remote system. Systems: AIX 4.2, AIX 4.1 (if pd-version of sendmail 8 is installed), FreeBSD (< 28.08.1997), NetBSD (< 28.08.1997), OpenBSD (< 29.07.1997), Solaris (only if pd-version is installed). Patches and Workarounds can be found in the advisory of SNI. |
Back to the News
© 1997 Dr. Matthias Leu, EDV Beratung für Internet/Intranet, last Update: 17.10.1997