News November 1999
Last Update: 1999-12-12
Most of the links lead to the corresponding files at CERT or other organisations. So
changes take place immediately, especially which patches should be installed or which
changes in the configuration should be made to avoid this vulnerability. Most of the files
are transferred by ftp.
By the way: If we're not publishing well-known risks inheritant in any widely used
platform or program that doesn't mean this particular platform or program is safe to use!
Here you find our search
engine! |
| System: | Short description and further information: |
| Microsoft Windows 9x | Vulnerability by Legacy Credential Caching: MS99-052, ERS-1999.180,
ERS-1999.180-1 Windows for Workgroups provided a RAM-based caching mechanism that cached the user's plaintext network credentials for use by real-mode command-line networking utilities. Part of this mechanism was carried forward into the Windows 95 and 98 designs, even though it is not used by either. Any "interested" user could query this mechanism to obtain the network credentials of the last person to use the machine for network access, as long as they had physical access to the machine and it had not been rebooted since the last networking session. Microsoft has published patches for Windows 95 and Windows 98. |
| Microsoft IE 5 under NT 4.0 | Vulnerability in IE Task Scheduler: MS99-051, ERS-1999.179 IE 5 includes an Offline Browsing Pack that is not installed by default. The Pack provides a Task Scheduler (AT Service) that replaces the native Windows NT Schedule Service (the schedule service is also known as the "AT Service"). A vulnerability in the Task Scheduler poses a privilege elevation risk and could allow normal users to execute code on the local machine in System context. (The Windows NT Schedule Service does not have this vulnerability). The IE 5 Task Scheduler controls who can create and submit "AT jobs." The utility that is used to create AT jobs can only be run by an administrator, and the Task Scheduler will only execute AT jobs that are owned by administrators. An existing file owned by an administrator can be modified by an attacker, so it will be a valid AT job which can be executed in the appropriate folder. So the control mechanism is bypassed and the job is executed. The vulnerability is eliminated by IE 5.01, which should be installed when using the IE Task Scheduler. |
| HP-UX | Security Vulnerability on V Class Teststation (S/X/V Class
console): HP Security
Bulletin #00105, ERS-1999.178 Hewlett-Packard Company has found that the console server (HP9000 Series 800 S/X/V Class servers), on the SSP might grant remote users access to the S/X/V console. This can occur on all platforms running less than Version 5.1.2 Teststation software for V22x0, and any version for S/X Class, and Version 1.1.1 and below for V2500 class. It's recommended to install a patch, which is for all systems the same. |
| all | New CERT-Summary: CS-99-04, ERS-1999.177 CERT points out that, among other activity, they continue to see widespread scans for known vulnerabilities. - Distributed Intruder Tools, e.g. for Denial of Service, Sniffer - Multiple vulnerabilities have been identified in some distributions of the Common Desktop Environment (CDE) which can lead to intruders gaining root access on vulnerable systems. - Several vulnerabilities have been found in BIND, the popular domain name server from the Internet Software Consortium (ISC). One of these vulnerabilities may allow remote intruders to gain privileged access to name servers. The others can severely disrupt the operation of the name server. - Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. Remote and local intruders may be able to exploit these vulnerabilities to execute arbitrary code as the user running the ftp daemon (usually root). - There is a buffer overflow vulnerability in the logging facility of the amd daemon. Remote intruders can exploit this vulnerability to execute arbitrary code as the user running the amd daemon (usually root). - CERT continues to receive reports of exploitations involving three RPC vulnerabilities: rpc.cmsd, ttdbserverd, and statd/automountd. These exploitations can lead to root compromise on systems that implement vulnerable RPC services. - CERT continues to see reports of virus activity. Current versions of anti-virus software can help to protect your systems from these viruses. - CERT continues to receive reports of scanning and probing activity. The most frequent reports tend to involve services that have well-known vulnerabilities. Hosts continue to be affected by exploitation of well-known vulnerabilities in these services. |
| all | Distributed Denial of Service Tools: IN-99-07 CERT has received reports of intruders installing distributed denial of service tools. Tools we have encountered utilize distributed technology to create large networks of hosts capable of launching large coordinated packet flooding denial of service attacks. Two of the tools we have seen are known as trinoo and tribe flood network (or TFN). A further description can be found in the advisory. |
| Red Hat Linux | Denial of service attack in syslogd: RH1999-055, ERS-1999.174 The syslog daemon by default used unix domain stream sockets for receiving local log connections. By opening a large number of connections to the log daemon, the user could make the system unresponsive. It's recommended to install the concerning patch: Red Hat Linux 4.2: Intel: rpm -Uvh ftp://updates.redhat.com/4.2/i386/sysklogd-1.3.31-0.5.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/libc-5.3.12-18.5.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/libc-debug-5.3.12-18.5.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/libc-devel-5.3.12-18.5.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/libc-profile-5.3.12-18.5.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/libc-static-5.3.12-18.5.i386.rpm Alpha: rpm -Uvh ftp://updates.redhat.com/4.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm Sparc: rpm -Uvh ftp://updates.redhat.com/4.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/libc-5.3.12-18.5.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/libc-debug-5.3.12-18.5.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/libc-devel-5.3.12-18.5.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/libc-profile-5.3.12-18.5.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/libc-static-5.3.12-18.5.sparc.rpm Source: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/libc-5.3.12-18.5.src.rpm Red Hat Linux 5.x: Intel: rpm -Uvh ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-1.5.i386.rpm Alpha: rpm -Uvh ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-1.5.alpha.rpm Sparc: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-1.5.sparc.rpm Source packages: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-1.5.src.rpm Red Hat Linux 6.0: Intel: rpm -Uvh ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm Alpha: rpm -Uvh ftp://updates.redhat.com/6.0/alpha/sysklogd-1.3.31-14.alpha.rpm Sparc: rpm -Uvh ftp://updates.redhat.com/6.0/sparc/sysklogd-1.3.31-14.sparc.rpm Source packages: rpm -Uvh ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm Red Hat Linux 6.1: Intel: rpm -Uvh ftp://updates.redhat.com/6.1/i386/sysklogd-1.3.31-14.i386.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/sysklogd-1.3.31-14.src.rpm |
| OpenLinux | Vulnerabilities in pine, syslogd, glibc,
bind, and NFS daemon: CSSA033,
CSSA034,
CSSA035,
CSSA036,
ERS-1999.175,
ERS-1999.176 Versions of pine prior to 4.21 had a security problem when viewing URLs. By sending an email with a specially formatted URL embedded in it, an attacker could cause arbitrary shell code to be executed under the account of the victim user. On Linux, most services do not log informational or error messages to their own files, but use the system log daemon, syslogd, for this. Unfortunately, the current syslogd has a problem by which any user on the local host can mount a denial of service attack that effectively stops all logging. Since all programs that want to send logging information to syslogd block until they're able to establish a connection to syslogd, this will make programs such as login, su, sendmail, telnetd, etc hang indefinitely. Several vulnerabilities have been discovered in BIND, the DNS name server implementation maintained by the Internet Consortium, and shipped with OpenLinux. A buffer overflow was discovered in the Linux user space NFS daemon that allows an attacker to obtain root privilege on the NFS server host. In order to exploit the bug, the attacker must have access to a file systems exported read/write by the server machine. It's recommended to install the patches, addresses are given in the advisories. |
| SuSE Linux | Vulnerabilities in thttpd and syslogd: SUSE030, SUSE031 The thttpd web server doesn't do proper bounds checking in the date parsing function tdate_parse(). By overflowing a static buffer in tdate_parse() an attacker could remotely execute commands on the thttpd host with the permissions of thttpd. The syslogd server uses a Unix Domain stream socket (/dev/log) for receiving local log messages via syslog(3). Unix Domain stream sockets are non connection-less, that means, that one process is needed to serve one client. By opening alot of local syslog connections a user could stop the system from responding. Patches can be archieved from SuSE's Webpage for Patches. |
| Debian Linux | Vulnerabilities caused by BIND: Debian1116 The version of bind in Debian GNU/Linux 2.1 is vulnerable to several denial of service attacks, as outlined in CERT advisory CA-99.14. It's strongly recommended to install the patches pointed out in the advisory. |
| OpenBSD | New funktionality in SSH and g2c.h: OpenBSD Various OpenSSH improvements have been made since the 2.6 release shipped. To resolve the various (non-security related) features which users may want, we are making a jumbo patch available. NOTE: /etc/sshd_config and /etc/ssh_config may need changes. Fortran doesn't work right. The file /usr/include/g2c.h is missing in the release. A source code patch exists which remedies this problem. The patch fixes the source tree and describes how to properly add the include file to your system. |
| all | New ISS-Summary: ISS, ERS-1999.173 ISS reports 16 new vulnerabilities: - ssh-rsaref-bo - win-fileurl-overflow - ie-active-setup-control - oracle-appserver-apchlctl - oracle-appserver-owslctl - bind-nxt-bo - freebsd-seyon-dir-add - viruswall-helo-bo - realserver-g2-pw-bo - nt-printer-spooler-bo - nt-services-exe-dos - netscape-huge-key-dos - gauntlet-bsdi-bypass - netscape-malformed-pfr-dos - raptor-ipoptions-dos - ie-iframe-exec Further information can be found at the server of ISS. |
| SCO Unix | Security risks in BIND: SB-99.18 As reported before, BIND shows some vulnerabilities. SCO has published fixes for UnixWare 2.1.3 and UnixWare 7.0.0 through 7.1.1. It's recommended to install these patches (letter). |
| SuSE Linux | Security risks in BIND and NFS-Server with nkita: SUSE028, SUSE029 As reported before, all bind4 and bind8 versions can be crashed in certain circumstances. Bind 8 8.2 until 8.2.1 can be compromised remotely through a buffer overflow. The rpc.nfsd which is part of the nfs-server package was found to have two remote vulnerabilities. Via a buffer overflow, remote root access can be achieved. Write access to the local filesystem which is exported is necessary. Another security problem are improper root_sqash export handlings. It's recommended to install patches from SuSE's Webpage for Patches. |
| Microsoft Windows 9x | Vulnerability by File Access URL: MS99-049, ERS-1999.172 There is a buffer overflow in the Windows 95 and Windows 98 networking software (MSNET32.DLL) that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack. The vulnerability could be exploited remotely in cases where a file:// URL or an Universal Naming Convention" (UNC)-String (e.g. \\system\directory\file.dat on a remote web site included a long file name or where a long file name was included in an E-Mail message. It's recommended to install the (US-) patches published by Microsoft: Windows 95 and Windows 98. |
| Microsoft IE 4.x and 5 | Vulnerability by Active Setup Control: MS99-048, ERS-1999.170 A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML mail to contain a malicious cabinet file, disguised as a file of an innocuous type. If a user attempted to open this file, the operation would fail but could, depending on the mail package, leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code. The vulnerability could only be exploited in cases where a mail reader were used that allowed scripts in HTML mail and stored temporary copies of launched programs in known locations. The patch restricts the ability of the control to launch unsigned cabinet files that have been downloaded from the local machine. If you are using Internet Explorer 4.01 SP1 an upgrade should be done before installing the patch. Patches can be found at the WindowsUpdate, in the IE-Downloadarea, and here. |
| Debian Linux | Vulnerabilities in proftpd and nfs-server: Debian1111, Debian1111a The proftpd version that was distributed in Debian GNU/Linux 2.1 had several buffer overruns that could be exploited by remote attackers and the version of nfs-server that was distributed in Debian GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). Please refer to the advisories to install the concerning patch. |
| very many | Six vulnerabilities in BIND: ISC1108, CA-99-14, ERS-1999.168,
S-99-46,
K-007 Six vulnerabilities have been found in BIND, the popular domain name server from the Internet Software Consortium (ISC). One of these vulnerabilities may allow remote intruders to gain privileged access to name servers. The vulnerabilities are: "nxt bug": Some versions of BIND fail to properly validate NXT records. This improper validation could allow an intruder to overflow a buffer and execute arbitrary code with the privileges of the name server, typically root. NXT record support was introduced in BIND version 8.2. Prior versions of BIND, including 4.x, are not vulnerable to this problem. The ISC-supplied version of BIND corrected this problem in version 8.2.2. "sig bug": This vulnerability involves a failure to properly validate SIG records, allowing a remote intruder to crash named. SIG record support is found in multiple versions of BIND, including 4.9.5 through 8.x. "so_linger bug": By intentionally violating the expected protocols for closing a TCP session, remote intruders can cause named to pause for periods up to 120 seconds. By periodically exercising this vulnerability, remote intruders can disrupt the ability of your name server to respond to legitimate queries. By intermittently exercising this vulnerability, intruders can seriously degrade the performance of your name server. "fdmax bug": Remote intruders can consume more file descriptors than BIND can properly manage, causing named to crash. "maxdname bug": Improper handling of certain data copied from the network could allow a remote intruder to disrupt the normal operation of your name server, possibly including a crash. "naptr bug": Some versions of BIND fail to validate zone information loaded from disk files. In environments with unusual combinations of permissions and protections, this could allow an intruder to crash named. Local intruders who gain write access to your zone files can cause named to crash. A summary can be found in the advisory of ISC, vendor specific aspects are mentioned in the advisory of CERT. |
| OpenBSD | Vulnerabilities in ifmedia, newsyslog, and new
functionality in OpenSSH, and m4: OpenBSD OpenSSH in 2.6 did not support user-owned ~/.ssh/known_hosts files (source), m4 is quite broken in the 2.6 release (source), any user can change interface media configurations (patch (!)), and a race condition in newsyslog(8) can cause errors in log file rotation (patch). |
| Oracle Application Server | Multiple Root Compromise Vulnerabilities in OAS: ISS-038, ERS-1999.167 There are multiple vulnerabilities in the Oracle Application Server (OAS), revisions prior to version 4.0.8, that may lead to local super-user access. Attackers may use these vulnerabilities to destroy root owned files as well as gain root access. An account on the target system is required to exploit these vulnerabilities. Oracle customers can find important information on this OAS security issue on Oracle's web-based Metalink system at http://metalink.oracle.com. They should reference document number 76484.1 under the advanced search engine available on Metalink. |
| Red Hat Linux | Vulnerabilities found in ypserv, initscripts, NFS,
and bind: RH1999-046, RH1999-052, RH1999-054, ERS-1999.163,
ERS-1999.166,
ERS-1999.169,
ERS-1999.171 The ypserv package, which contains the ypserv NIS server and the yppasswd password-change server, has been discovered to have security holes. One security bug and several functionality bugs have been fixed in a new release of initscripts and NFS. Several security vulnerabilities exist in the DNS server, 'bind' (see also CA-99-14). It's recommended to install the concerning patches: Red Hat Linux 4.2: Intel: rpm -Uvh ftp://updates.redhat.com/4.2/i386/nfs-server-2.2beta47-0.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/nfs-server-clients-2.2beta47-0.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/bind-8.2.2_P3-0.4.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/4.2/i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm Alpha: rpm -Uvh ftp://updates.redhat.com/4.2/alpha/nfs-server-2.2beta47-0.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/nfs-server-clients-2.2beta47-0.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/bind-8.2.2_P3-0.4.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/4.2/alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm Sparc: rpm -Uvh ftp://updates.redhat.com/4.2/sparc/nfs-server-2.2beta47-0.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/nfs-server-clients-2.2beta47-0.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/bind-8.2.2_P3-0.4.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/4.2/sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm Source: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/bind-8.2.2_P3-0.4.2.src.rpm rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/nfs-server-2.2beta47-0.src.rpm Red Hat Linux 5.x: Intel: rpm -Uvh ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/nfs-server-2.2beta47-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/nfs-server-clients-2.2beta47-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/bind-8.2.2_P3-0.5.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm rpm -Uvh ftp://updates.redhat.com/5.2/i386/bind-utils-8.2.2_P3-0.5.2.i386.rpm Alpha: rpm -Uvh ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/nfs-server-2.2beta47-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/nfs-server-clients-2.2beta47-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/bind-8.2.2_P3-0.5.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/bind-devel-8.2.2_P3-0.5.2.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/bind-utils-8.2.2_P3-0.5.2.alpha.rpm Sparc: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/nfs-server-2.2beta47-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/nfs-server-clients-2.2beta47-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/bind-8.2.2_P3-0.5.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/bind-devel-8.2.2_P3-0.5.2.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/bind-utils-8.2.2_P3-0.5.2.sparc.rpm Source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/nfs-server-2.2beta47-1.src.rpm rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/bind-8.2.2_P3-0.5.2.src.rpm Red Hat Linux 6.x: Intel: rpm -Uvh ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/6.1/i386/initscripts-4.63-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/6.1/i386/bind-8.2.2_P3-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/6.1/i386/bind-devel-8.2.2_P3-1.i386.rpm rpm -Uvh ftp://updates.redhat.com/6.1/i386/bind-utils-8.2.2_P3-1.i386.rpm Alpha: rpm -Uvh ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/6.0/alpha/bind-8.2.2_P3-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/6.0/alpha/bind-devel-8.2.2_P3-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/6.0/alpha/bind-utils-8.2.2_P3-1.alpha.rpm Sparc: rpm -Uvh ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/6.0/sparc/bind-8.2.2_P3-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/6.0/sparc/bind-devel-8.2.2_P3-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/6.0/sparc/bind-utils-8.2.2_P3-1.sparc.rpm Source: rpm -Uvh ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm rpm -Uvh ftp://updates.redhat.com/6.1/SRPMS/initscripts-4.63-1.src.rpm rpm -Uvh ftp://updates.redhat.com/6.1/SRPMS/bind-8.2.2_P3-1.src.rpm |
| SCO OpenServer | Multiple vulnerabilities found in OpenServer: SB-99.17, ERS-1999.165 Several security holes have been found in SCO OpenServer, so unprivileged users can gain administrative privileges on unpatched servers. SCO products that require patching include OpenServer versions 5.0.0 through 5.0.5. An interim patch has been published (text). |
| Cobalt Web Server | Vulnerability in Majordomo: Cobalt The Majordomo running on Cobalt Servers generates a default password for any mailing-list. Persons who know this password are able to take over any mailing-list. Installing the patches (Ra2Q, Qube2) will resolve this problem: From then on two random-passwords are selected, one for the list-owner and one for the list-moderator. |
| Zeus 3.3.2 | Vulnerability in Web Server 3.3.2: Zeus A potential exploit using the built-in search module has been found on versions of Zeus 3.3.2. This potential problem affects versions of Zeus Server 3.3.x built prior to the 26th October 1999 which have enabled the built-in search module (it is disabled by default). The problem is only serious if you have configured your webserver to run CGIs as the root user. This problem has been fixed immediately, and new binaries are now available for all 12 platforms currently supported. How to install them is pointed out in the advisory. |
| Microsoft IE 5 | Vulnerabilty in IFRAME ExecCommand still present: MS99-042, ERS-1999.151a The patch released by Microsoft had some vulnerabilities. For the Internet Explorer 5 it has been updated now. Further information can be found in Microsoft's advisory. |
| Microsoft Windows NT 4.0 | Vulnerability by Malformed Spooler Request: MS99-047, ERS-1999.164 Certain APIs in the Windows NT 4.0 print spooler subsystem have unchecked buffers. If an affected API were provided with random data as input, it could crash the print spooler service. If it were provided with a specially-malformed argument, it could be used to run arbitrary code on the server via a classic buffer overrun attack. A second vulnerability exists because incorrect permissions would allow a normal user to specify his or her own code as a print provider. Because print providers run in a local System context, this would allow the user to gain additional privileges on the local machine. It's recommended to install the (US-) patches for systems running X86 and Alpha. |
Back to the News
© 1999 Dr. Matthias Leu, EDV Beratung fuer Internet/Intranet, last Update: 1999-12-12, 15:41 -0000