News November 1997

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Most of the files are transferred by ftp.
By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

System:	Short description and further information:

SCO	Vulnerability in /usr/bin/X11/scoterm: SB.97:02a, VB-97.14, ESB-97.155, S-97-84, I-016, ERS-134.1 Unauthorised users may gain root-access on the local machine. Affected are only the systems - SCO Open Desktop/Open Server 3.0 - SCO OpenServer 5.0 A Patch has been published by SCO.
HP-UX 9.x, 10.x	Vulnerability in ppl: Hewlett-Packard Security Bulletin #00057, dated April 1997: ESB-97.154 There are new patches for this vulnerability available: PHNE_13179 for all platforms with HP-UX releases 9.X, PHNE_13180 for all platforms with HP-UX releases 10.00 & 10.01, PHNE_13181 for all platforms with HP-UX release 10.10, PHNE_13182 for all platforms with HP-UX release 10.20, PHNE_12499 for all platforms with HP-UX release 10.30.
Microsoft IE 4.0, 3.02 under Windows 95 and NT 4.0	Vulnerability through "Page Redirect": CNet, Microsoft When a user enters his name and password at a Web site and is redirected to another server afterwards, that second site will also be able to read the private information. Even if the authentification information is encrypted there is no security because the encryption used for basic authentication is not difficult to crack. Microsoft has released patches for IE 3.02 and IE 4.0 which can be downloaded from different sites.
Netscape, Mac and others	System crashes after loading a GIF: c't-Ticker (in german) As the Unix-AG (located at the University of Hannover) found out, a specially manipulated animated GIF can cause Netscape and other programs to crash. On Mac's not only the program but also the whole system may crash. MS IE is not affected. The problem occurs if the first picture of the animated GIF is much smaller than the others. It's suggested that the reason is a buffer overflow, because only the size of the first picture is controlled. Here is a link for a test - ATTENTION - this GIF is manipulated and may crash your system
IRIX	Vulnerabilites in /usr/sbin/syserr und /usr/lib/desktop/permissions: SGI 19971103-01-PX, ESB-97.153, S-97-83, I-015 The first vulnerability involves the syserr program. The System Error Notification Broker (syserr) program is part of the Desktop System Monitor which monitors the system for user defined events and then provides notification and/or action when those events occur. As part of normal operation, the syserr program manipulates certain history and configuration files. A security issue was found in these file operations. The second issue involves the permissions tool found in the Indigo Magic Desktop environment. The permissions tool allows users to modify the Owner, Group and Others permission bits for files and directories. A security issue was found in the operation of the permissions tool. It's recommended to install Workarounds mentioned in the Advisory or to install the Patches.
IRIX	SGI has released new patches for - the vulnerability in eject: SGI 19970507-02-PX, ESB-97.150, S-97-83 - the risk in at: SGI 19971102-01-PX, ESB-97.149, S-97-83 - the vulnerability in libXt: SGI 19971101-01-PX, ESB-97.152, S-97-83 - the vulnerability in df: SGI 19970505-02-PX, ESB-97.151, S-97-83 All these new patches can be downloaded from SGI.
Cisco	Cisco has published an advisory about security: Cisco, ESB-97.148 This advisory is discussing the strength of some of the different password encoding schemes used in their router. Some of these encryption schemes may allow the decryption of passwords in Cisco configuration files under certain circumstances.
HP-UX 10.x	Vulnerability in CDE libraries: Hewlett-Packard Security Bulletin #00072, ESB-97.146 A revised HP Bulletin concerning this vulnerability is published now.
cgi-bin	Vulnerability in GlimpseHTTP and WebGlimpse cgi-bin Packages: AA-97.28, VB-97.13, S-97-82, I-014 Due to a security hole in these cgi's remote users may be able to execute arbitrary commands with the privileges of the httpd process which answers HTTP requests. This may be used to compromise the http server and under certain configurations gain privileged access. Further information about this effect can be found at the site of the authors of GlimpeHTTP and WebGlimpse. It is strongly recommended to install the latest version of WebGlimpse.
Microsoft IE 4.0 under Windows 95	Vulnerability caused by a Buffer overflow: L0pht, CNet, c't-Ticker (in german) Clients running Internet Explorer under Windows 95 can handle 256 characters only if a URL of the kind res://... is called. If there are more characters in the URL the Browser crashes and the rest of the characters is written into the memory of the client. These may form a malicious executable that could then run on the client. This effect may be used on a link of a Web Server and can be tested here. Microsoft has published a patch to avoid this problem.
cgi-bin	Hints for cgi-bin programs and scripts: CA-97.25, ESB-97.147, S-97-81 Quite often security holes in Web Servers are reasoned by the use of cgi's. This Advisory gives some hints how to avoid these problems. For further information look at the CERT Tech-Tip.
HP-UX 10.24 (VVOS)	Vulnerabilities in xlock on VirtualVault 2.0/3.0: Hewlett-Packard Security Bulletin #00073, ESB-97.145 If patch PHSS_9905 is installed a xlock vulnerability could result in allowing a local user to gain unauthorized access to the system. These problems only apply to systems running the VirtualVault Operating System 10.24 that is part of the VirtualVault product A.02.00 and A.03.00. A patch is available from Hewlett-Packard.