NIPC CyberNotes #2000-11 Page 10 of 19 06/05/2000
Hardware/
Operating
System/
Vendor
Equipment/
Software
Name
Vulnerability/
Impact
Patches/Workarounds/Alerts
Common
Name
Risk* Attacks/Scripts
SGI
43
Unix
IRIX 6.5-
6.5.7
Infosearch
A vulnerability exists in
the infosrch.cgi program
that gives a remote
malicious user the ability
to view files on the system
with the privileges of the
user “nobody.”
Patch available at:
http://www.sgi.com/Support/security/
IRIX
Infosearch
Vulnerability
Low Bug discussed in
newsgroups and
websites.
Exploit script
has been
published.
SuSE
44
Unix
SuSE 6.1-6.4
Kernel 2.2.15
A vulnerability exists in
the masquerading feature
of the Linux kernel that
allows arbitrary backward
connections to be opened
and could cause a denial
of service.
Patch available at:
ftp://ftp.suse.com/pub/suse/i386/updat
e/6.4/
SuSE Kernel
Denial of
Service
Low Bug discussed in
newsgroups and
websites.
SuSE
45
Unix
SuSE 6.1-6.4
Kmulti 1.1.2
A vulnerability exists that
permits local users the
ability to execute
commands as root.
Patch available at:
ftp://ftp.suse.com/pub/suse/i386/updat
e/6.1/kde1/kmulti-1.1.2-141.i386.rpm
SuSE Kmulti
Root
Compromise
High
Bug discussed in
newsgroups and
websites.
Symantec
46
PcAnywhere
versions 7.5
to 9.2
PcAnywhere
configuration files are
vulnerable to weak
password encryption.
Vendor suggests turning on public
key encryption.
PcAnywhere
Weak
Password
Encryption
Medium Bug discussed in
newsgroups and
websites.
Exploit script
has been
published.
Xfree
47
Unix
Xfree96 3.3.5,
3.3.6, 4.0
A vulnerability exists that
will cause the victim X
server to freeze and lock
the keyboard and
potentially the mouse.
The upgrade packages can be
found at:
Ftp://ftp.calderasystems.com/pub/upd
ates/OpenLinux/2.3/current/RPMS/
The corresponding source code
package can be found at:
Ftp://ftp.calderaystems.com/pub/updat
es/OpenLinux/2.3/current/SRPMS
Multiple
Vendor
Xfree86
Malformed
Packet Freeze
Low Bug discussed in
newsgroups and
websites.
*Risk is defined in the following manner:
High - A vulnerability that will allow an intruder to immediately gain privileged access (e.g., sysadmin,
and root) to the system. An example of this would be a vulnerability in which a sequence of instructions is
sent to a machine by an unauthorized user and the machine responds with a command prompt.
Medium - A vulnerability that will allow an intruder immediate access to the system that is not privileged
access. This allows the intruder the opportunity to continue the attempt to gain root access. An example
would be a configuration error that allows an intruder to capture the password file.
Low - A vulnerability that provides information to an intruder that could lead to further compromise
attempts or a Denial-of-Service (DoS) attack. The reader should note that while the DoS attack is deemed
low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-
critical nodes are not included in this rating and any attack of this nature should instead be considered as a
“High” threat.
43
SGI Security Advisory, May 22, 2000.
44
SuSE Security, May 18, 2000.
45
SuSE Security, May 29, 2000.
46
SecuriTeam, May 19, 2000.
47
Caldera Systems, Inc. Security Advisory, CSSA-2000-012.0, May 18, 2000.
(57 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais