NIPC CyberNotes #2000-11 Page 3 of 19 06/05/2000
Hardware/
Operating
System/
Vendor
Equipment/
Software
Name
Vulnerability/
Impact
Patches/Workarounds/Alerts
Common
Name
Risk* Attacks/Scripts
FreeBSD
9
Unix
FreeBSD 3.x
and below
Libmytinfo
A buffer overflow exists
against libmytinfo that
will allow a malicious user
the ability to execute
arbitrary code on the
system.
Upgrade to FreeBSD 4.0 or
follow unofficial workaround at:
http://www.securiteam.com/unixfocus
/Buffer_overflow_in_libmytinfo_elev
ates_local_user_s_privileges.html
FreeBSD
Libmytinfo
Buffer
Overflow
High
Bug discussed in
newsgroups and
websites.
Exploit has been
published.
Hewlett-
Packard
10
Hewlett-
Packard Web
JetAdmin
Version 5.6
A vulnerability exists with
the HP Web JetAdmin 5.6
Web interface Server on
port 8000 that allows a
malicious user read access
to any file on the web-
published filesystem.
Upgrading to Version 6.0 will
eliminate this vulnerability.
http://www.hp.com/cposupport/swind
exes/hpwebjetad1880_swen.html
HP Web
JetAdmin
Directory
Traversal
Vulnerability
Medium Bug discussed in
newsgroups and
websites.
Exploit has been
published.
Vulnerability
has appeared in
the Press.
Hewlett-
Packard
11
Hewlett-
Packard Web
JetAdmin
Version 6.0
A denial of service
condition results if a
malicious user sends
malformed URL requests
to port 8000, which will
cause the process to stop
responding.
No patch or workaround available
at time of publishing.
HP Web
JetAdmin
Remote Denial
of Service
Low Bug discussed in
newsgroups and
websites.
Exploit has been
published.
Vulnerability
has appeared in
the Press.
IBM
12
Lotus
Domino
Web pages can be edited
remotely if permissions
are not set properly and
design conditions are not
taken into account.
Workaround published at:
http://www.securiteam.com/exploits/L
otus_Domino_Server_allows_docume
nts_to_be_modified_remotely.html
Domino
Remote
Document
Modification
Low Bug discussed in
newsgroups and
websites.
Exploit has been
published.
IBM
13
Lotus
Domino 5.0.1
A denial of service exists
if a remote malicious user
sends a buffer overflow to
the SMTP service. The
service will crash and
potentially make it
possible to execute
arbitrary commands on the
system.
No patch or workaround available
at time of publishing.
Domino
Remote SMTP
Buffer
Overflow
High
Bug discussed in
newsgroups and
websites.
Exploit has been
published.
ITHouse
14
Windows
3.51/95/NT 4.0
ITHouse Mail
Server 1.0.4
A buffer overflow
vulnerability exists which
could allow a remote
malicious user to execute
arbitrary code.
No workaround or patch available
at time of publishing.
ITHouse Mail
Server 1.04
Buffer
Overflow
High
Bug discussed in
newsgroups and
websites.
Exploit has been
published.
9
SecuriTeam, May 19, 2000.
10
USSR Labs, May 24, 2000.
11
USSR Labs, May 24, 2000.
12
SecuriTeam, May 27, 2000.
13
SecuriTeam, May 27, 2000.
14
Delphis Consulting Plc Security Team Advisories, DST2K0007, May 30, 2000.
(57 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais