Article on Slashdot two days ago talked about RedHat releasing an advisory ahead of time. As opposed to waiting for the vendors to come up with a fix then release the advisory and fix. Personally I would prefer that vendors like Redhat release an advisory on something like this once they have verification that it is a real hole and not some hoak or accident. At least then those of us in the real world that are using Wuftpd could at least know that it is a security risk and turn it off till the fix is out, or switch to a different product. Nancy Sollars wrote: > > Being WU-ftpd its proly true and you must be a right muppet to have it > running anyway > > use Pro or Pure ftp people. > > Nige > > > -------------------------------------------------------------------------- > - > > > Security Alert > > > > > > Subject: Wu-Ftpd File Globbing Heap Corruption > > > Vulnerability > > > BUGTRAQ ID: 3581 CVE ID: > > > CAN-2001-0550 > > > Published: Nov 27, 2001 Updated: > > > Nov 30, 2001 00:19:10 > > > > > > Remote: Yes Local: > > > No > > > Availability: Always Authentication: > > > Not Required > > > Credibility: Vendor Confirmed Ease: > > > No Exploit Available > > > Class: Failure to Handle Exceptional > > > Conditions > > > > > > Impact: 10.0 Severity: 10.0 > > > Urgency: 8.2 > > > > > > Last Change: Wirex Immunix advisory released, > > > updated packages available. > > > > > -------------------------------------------------------------------------- > - > > > > > > Vulnerable Systems: > > > > > > David Madore ftpd-BSD 0.3.3 > > > David Madore ftpd-BSD 0.3.2 > > > Washington University wu-ftpd 2.6.1 > > > + Caldera eDesktop 2.4 > > > + Caldera eServer 2.3.1 > > > + Caldera OpenLinux 2.3 > > > + Caldera OpenLinux Server 3.1 > > > + Cobalt Qube 1.0 > > > + Conectiva Linux 7.0 > > > + Conectiva Linux 6.0 > > > + MandrakeSoft Corporate Server 1.0.1 > > > + MandrakeSoft Linux Mandrake 8.1 > > > + MandrakeSoft Linux Mandrake 8.0 ppc > > > + MandrakeSoft Linux Mandrake 8.0 > > > + MandrakeSoft Linux Mandrake 7.2 > > > + MandrakeSoft Linux Mandrake 7.1 > > > + MandrakeSoft Linux Mandrake 7.0 > > > + MandrakeSoft Linux Mandrake 6.1 > > > + MandrakeSoft Linux Mandrake 6.0 > > > + RedHat Linux 7.2 noarch > > > + RedHat Linux 7.2 ia64 > > > + RedHat Linux 7.2 i686 > > > + RedHat Linux 7.2 i586 > > > + RedHat Linux 7.2 i386 > > > + RedHat Linux 7.2 athlon > > > + RedHat Linux 7.2 alpha > > > + RedHat Linux 7.1 noarch > > > + RedHat Linux 7.1 ia64 > > > + RedHat Linux 7.1 i686 > > > + RedHat Linux 7.1 i586 > > > + RedHat Linux 7.1 i386 > > > + RedHat Linux 7.1 alpha > > > + RedHat Linux 7.0 sparc > > > + RedHat Linux 7.0 i386 > > > + RedHat Linux 7.0 alpha > > > + TurboLinux TL Workstation 6.1 > > > + TurboLinux Turbo Linux 6.0.5 > > > + TurboLinux Turbo Linux 6.0.4 > > > + TurboLinux Turbo Linux 6.0.3 > > > + TurboLinux Turbo Linux 6.0.2 > > > + TurboLinux Turbo Linux 6.0.1 > > > + TurboLinux Turbo Linux 6.0 > > > + Wirex Immunix OS 7.0-Beta > > > + Wirex Immunix OS 7.0 > > > Washington University wu-ftpd 2.6.0 > > > + Cobalt Qube 1.0 > > > + Conectiva Linux 5.1 > > > + Conectiva Linux 5.0 > > > + Conectiva Linux 4.2 > > > + Conectiva Linux 4.1 > > > + Conectiva Linux 4.0es > > > + Conectiva Linux 4.0 > > > + Debian Linux 2.2 sparc > > > + Debian Linux 2.2 powerpc > > > + Debian Linux 2.2 arm > > > + Debian Linux 2.2 alpha > > > + Debian Linux 2.2 68k > > > + Debian Linux 2.2 > > > + RedHat Linux 6.2 sparc > > > + RedHat Linux 6.2 i386 > > > + RedHat Linux 6.2 alpha > > > + RedHat Linux 6.1 sparc > > > + RedHat Linux 6.1 i386 > > > + RedHat Linux 6.1 alpha > > > + RedHat Linux 6.0 sparc > > > + RedHat Linux 6.0 i386 > > > + RedHat Linux 6.0 alpha > > > + RedHat Linux 5.2 sparc > > > + RedHat Linux 5.2 i386 > > > + RedHat Linux 5.2 alpha > > > + S.u.S.E. Linux 7.3sparc > > > + S.u.S.E. Linux 7.3ppc > > > + S.u.S.E. Linux 7.3i386 > > > + S.u.S.E. Linux 7.2i386 > > > + S.u.S.E. Linux 7.1x86 > > > + S.u.S.E. Linux 7.1sparc > > > + S.u.S.E. Linux 7.1ppc > > > + S.u.S.E. Linux 7.1alpha > > > + S.u.S.E. Linux 7.0sparc > > > + S.u.S.E. Linux 7.0ppc > > > + S.u.S.E. Linux 7.0i386 > > > + S.u.S.E. Linux 7.0alpha > > > + S.u.S.E. Linux 6.4ppc > > > + S.u.S.E. Linux 6.4alpha > > > + S.u.S.E. Linux 6.4 > > > + S.u.S.E. Linux 6.3 ppc > > > + S.u.S.E. Linux 6.3 alpha > > > + S.u.S.E. Linux 6.3 > > > + S.u.S.E. Linux 6.2 > > > + S.u.S.E. Linux 6.1 alpha > > > + S.u.S.E. Linux 6.1 > > > + TurboLinux Turbo Linux 4.0 > > > + Wirex Immunix OS 6.2 > > > Washington University wu-ftpd 2.5.0 > > > + Caldera eDesktop 2.4 > > > + Caldera eServer 2.3.1 > > > + Caldera eServer 2.3 > > > + Caldera OpenLinux 2.4 > > > + Caldera OpenLinux Desktop 2.3 > > > + RedHat Linux 6.0 sparc > > > + RedHat Linux 6.0 i386 > > > + RedHat Linux 6.0 alpha > > > > > > > > > Summary: > > > > > > Wu-Ftpd contains a remotely exploitable heap > > > corruption bug. > > > > > > Impact: > > > > > > A remote attacker may execute arbitrary code on > > > the vulnerable server. > > > > > > Technical Description: > > > > > > Wu-Ftpd is an ftp server based on the BSD ftpd > > > that is maintained by > > > Washington University. > > > > > > Wu-Ftpd allows for clients to organize files for > > > ftp actions based on > > > "file globbing" patterns. File globbing is > > > also used by various > > > shells. The implementation of file globbing > > > included in Wu-Ftpd > > > contains a heap corruption vulnerability that may > > > allow for an attacker > > > to execute arbitrary code on a server remotely. > > > > > > During the processing of a globbing pattern, the > > > Wu-Ftpd implementation > > > creates a list of the files that match. The > > > memory where this data is > > > stored is on the heap, allocated using malloc(). > > > The globbing function > > > simply returns a pointer to the list. It is > > > up to the calling > > > functions to free the allocated memory. > > > > > > If an error occurs processing the pattern, memory > > > will not be allocated > > > and a variable indicating this should be set. > > > The calling functions > > > must check the value of this variable before > > > attempting to use the > > > globbed filenames (and later freeing the memory). > > > > > > Under certain circumstances, the globbing function > > > does not set this > > > variable when an error occurs. As a result of > > > this, Wu-Ftpd will > > > eventually attempt to free uninitialized memory. > > > > > > If this region of memory contained > > > user-controllable data before the > > > free call, it may be possible to have an > > > arbitrary word in memory > > > overwritten with an arbitrary value. This can > > > lead to execution of > > > arbitrary code if function pointers or > > > return addresses are > > > overwritten. > > > > > > If anonymous FTP is not enabled, valid user > > > credentials are required to > > > exploit this vulnerability. > > > > > > This vulnerability was initially scheduled for > > > public release on > > > December 3, 2001. However, Red Hat has made > > > details public as of > > > November 27, 2001. As a result, we are forced to > > > warn other users of > > > the vulnerable product, so that they may take > > > appropriate actions. > > > > > > Attack Scenarios: > > > > > > To exploit this vulnerability, an attacker must > > > have either valid > > > credentials required to log in as an FTP user, or > > > anonymous access must > > > be enabled. > > > > > > The attacker must ensure that a maliciously > > > constructed malloc header > > > containing the target address and it's replacement > > > value are in the > > > right location in the uninitialized part of the > > > heap. The attacker > > > must also place shellcode in server process > > > memory. > > > > > > The attacker must send an FTP command containing > > > a specific globbing > > > pattern that does not set the error variable. > > > > > > When the server attempts to free the memory used > > > to store the globbed > > > filenames, the target word in memory will be > > > overwritten. > > > > > > If an attacker overwrites a function pointer or > > > return address with a > > > pointer to the shellcode, it may be executed by > > > the server process. > > > > > > Exploits: > > > > > > The following (from the CORE advisory) > > > demonstrates the existence of > > > this vulnerability: > > > > > > ftp> open localhost > > > Connected to localhost (127.0.0.1). > > > 220 sasha FTP server (Version wu-2.6.1-18) > > > ready. > > > Name (localhost:root): anonymous > > > 331 Guest login ok, send your complete e-mail > > > address as password. > > > Password: > > > 230 Guest login ok, access restrictions apply. > > > Remote system type is UNIX. > > > Using binary mode to transfer files. > > > ftp> ls ~{ > > > 227 Entering Passive Mode (127,0,0,1,241,205) > > > 421 Service not available, remote server has > > > closed connection > > > > > > 1405 ? S 0:00 ftpd: accepting > > > connections on port 21 > > > 7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd > > > 26256 ? S > > > 0:00 ftpd: > > > sasha:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > > > 26265 tty3 R 0:00 bash -c ps ax | grep > > > ftpd > > > (gdb) at 26256 > > > Attaching to program: /usr/sbin/wu.ftpd, process > > > 26256 > > > Symbols already loaded for /lib/libcrypt.so.1 > > > Symbols already loaded for /lib/libnsl.so.1 > > > Symbols already loaded for /lib/libresolv.so.2 > > > Symbols already loaded for /lib/libpam.so.0 > > > Symbols already loaded for /lib/libdl.so.2 > > > Symbols already loaded for /lib/i686/libc.so.6 > > > Symbols already loaded for /lib/ld-linux.so.2 > > > Symbols already loaded for > > > /lib/libnss_files.so.2 > > > Symbols already loaded for > > > /lib/libnss_nisplus.so.2 > > > Symbols already loaded for /lib/libnss_nis.so.2 > > > 0x40165544 in __libc_read () from > > > /lib/i686/libc.so.6 > > > (gdb) c > > > Continuing. > > > > > > Program received signal SIGSEGV, Segmentation > > > fault. > > > __libc_free (mem=0x61616161) at malloc.c:3136 > > > 3136 in malloc.c > > > > > > Currently the SecurityFocus staff are not aware > > > of any exploits for > > > this issue. If you feel we are in error or are > > > aware of more recent > > > information, please mail us at: > > > vuldb@securityfocus.com > > > > > > > > > Mitigating Strategies: > > > > > > This vulnerability is remotely exploitable. > > > Restricting access to the > > > network port, (TCP port 21 is standard for FTP), > > > will block clients > > > from unauthorized networks. > > > > > > With some operating systems, anonymous FTP is > > > enabled by default. > > > Anonymous FTP is often in use on public FTP sites, > > > most often software > > > repositories. It is basically a guest account > > > with access to download > > > files from within a restricted environment. > > > This vulnerability is > > > exploitable by clients logged in through anonymous > > > FTP. Anonymous FTP > > > should be disabled immediately until fixes are > > > available, as it would > > > allow any host on the Internet who can connect > > > to the service to > > > exploit this vulnerability. It is a good idea to > > > disable it normally > > > unless it is absolutely necessary (in which case > > > the FTP server should > > > be on a dedicated, isolated host). > > > > > > Stack and other memory protection > > > schemes may complicate > > > exploitability, and/or prevent commonly > > > available exploits from > > > working. This should not be relied upon > > > for security. This > > > vulnerability involves 'poking' words in memory. > > > This means that there > > > are many different ways that it may be exploited. > > > Making the stack > > > non-executable or checking the integrity of stack > > > variables may not be > > > enough to prevent all possibile methods of > > > exploitation. > > > > > > It is advised to disable the service and use > > > alternatives until fixes > > > are available. > > > > > > Solutions: > > > > > > Vendor notified on Nov 14, 2001. > > > > > > Fixes will be available from the author as well > > > as from vendors who > > > ship products that include Wu-Ftpd as core or > > > optional components. > > > > > > This vulnerability was initially scheduled for > > > public release on > > > December 3, 2001. Red Hat pre-emptively > > > released an advisory on > > > November 27, 2001. As a result, other vendors may > > > not yet have fixes > > > available. > > > > > > This record will be updated as fixes from > > > various vendors become > > > available. > > > > > > For Washington University wu-ftpd 2.6.0: > > > > > > SuSE Upgrade 7.3 i386 wuftpd-2.6.0-344.i386.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-344.i386. > > > rpm > > > > > > SuSE Upgrade 7.2 i386 wuftpd-2.6.0-344.i386.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-344.i386. > > > rpm > > > > > > SuSE Upgrade 7.1 i386 wuftpd-2.6.0-346.i386.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wuftpd-2.6.0-346.i386. > > > rpm > > > > > > SuSE Upgrade 7.0 i386 wuftpd-2.6.0-344.i386.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/wuftpd-2.6.0-344.i386. > > > rpm > > > > > > SuSE Upgrade 6.4 i386 wuftpd-2.6.0-344.i386.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-344.i386. > > > rpm > > > > > > SuSE Upgrade 6.3 i386 wuftpd-2.6.0-347.i386.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-347.i386. > > > rpm > > > > > > SuSE Upgrade 7.3 sparc > > > wuftpd-2.6.0-240.sparc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-240.spar > > > c.rpm > > > > > > SuSE Upgrade 7.1 sparc > > > wuftpd-2.6.0-242.sparc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wuftpd-2.6.0-242.spar > > > c.rpm > > > > > > SuSE Upgrade 7.0 sparc > > > wuftpd-2.6.0-241.sparc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/wuftpd-2.6.0-241.spar > > > c.rpm > > > > > > SuSE Upgrade 7.1 alpha > > > wuftpd-2.6.0-252.alpha.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wuftpd-2.6.0-252.alpha. > > > rpm > > > > > > SuSE Upgrade 7.0 alpha > > > wuftpd-2.6.0-251.alpha.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/wuftpd-2.6.0-251.alpha. > > > rpm > > > > > > SuSE Upgrade 6.4 alpha > > > wuftpd-2.6.0-251.alpha.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-251.alpha. > > > rpm > > > > > > SuSE Upgrade 6.3 alpha > > > wuftpd-2.6.0-250.alpha.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-250.alpha. > > > rpm > > > > > > SuSE Upgrade 7.3 ppc wuftpd-2.6.0-277.ppc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-277.ppc.rp > > > m > > > > > > SuSE Upgrade 7.1 ppc wuftpd-2.6.0-277.ppc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wuftpd-2.6.0-277.ppc.rp > > > m > > > > > > SuSE Upgrade 7.0 ppc wuftpd-2.6.0-279.ppc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/wuftpd-2.6.0-279.ppc.rp > > > m > > > > > > SuSE Upgrade 6.4 ppc wuftpd-2.6.0-278.ppc.rpm > > > > > > > > ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-278.ppc.rp > > > m > > > > > > For Washington University wu-ftpd 2.6.1: > > > > > > Red Hat RPM 6.2 alpha > > > wu-ftpd-2.6.1-0.6x.21.alpha.rpm > > > > > > > > ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha. > > > rpm > > > > > > Red Hat RPM 6.2 sparc > > > wu-ftpd-2.6.1-0.6x.21.sparc.rpm > > > > > > > > ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc. > > > rpm > > > > > > Caldera RPM OpenLinux 2.3 > > > wu-ftpd-2.6.1-13OL.i386.rpm > > > > > > > > ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/wu-ftpd- > > > 2.6.1-13OL.i386.rpm > > > > > > Caldera RPM eServer 2.3.1 > > > wu-ftpd-2.6.1-13OL.i386.rpm > > > > > > > > ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/wu-ftpd-2. > > > 6.1-13OL.i386.rpm > > > > > > Caldera RPM eDesktop 2.4 > > > wu-ftpd-2.6.1-13OL.i386.rpm > > > > > > > > ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/wu-ftpd-2 > > > .6.1-13OL.i386.rpm > > > > > > Caldera RPM OpenLinux 3.1 Server > > > wu-ftpd-2.6.1-13.i386.rpm > > > > > > > > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/w > > > u-ftpd-2.6.1-13.i386.rpm > > > > > > Wirex Upgrade Immunix 7.0 i386 > > > wu-ftpd-2.6.1-6_imnx_4.i386.rpm > > > > > > > > http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1- > > > 6_imnx_4.i386.rpm > > > > > > Red Hat RPM 7.0 alpha > > > wu-ftpd-2.6.1-16.7x.1.alpha.rpm > > > > > > > > ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha. > > > rpm > > > > > > Red Hat RPM 7.0 i386 > > > wu-ftpd-2.6.1-16.7x.1.i386.rpm > > > > > > > > ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp > > > m > > > > > > Red Hat RPM 7.1 alpha > > > wu-ftpd-2.6.1-16.7x.1.alpha.rpm > > > > > > > > ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha. > > > rpm > > > > > > Red Hat RPM 7.1 i386 > > > wu-ftpd-2.6.1-16.7x.1.i386.rpm > > > > > > > > ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp > > > m > > > > > > Red Hat RPM 7.1 ia64 > > > wu-ftpd-2.6.1-16.7x.1.ia64.rpm > > > > > > > > ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rp > > > m > > > > > > Red Hat RPM 7.2 i386 wu-ftpd-2.6.1-20.i386.rpm > > > > > > > > ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm > > > > > > Red Hat RPM 6.2 i386 > > > wu-ftpd-2.6.1-0.6x.21.i386.rpm > > > > > > > > ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rp > > > m > > > > > > Credit: > > > > > > Condition first reported by Matt Power. > > > Exploitability later confirmed > > > by Luciano Notarfrancesco and Juan Pablo > > > Martinez Kuhn from Core > > > Security Technologies, Buenos Aires, Argentina. > > > > > > References: > > > > > > advisory: > > > Caldera CSSA-2001-041.0: Linux - Vulnerability in > > > wu-ftpd > > > http://www.securityfocus.com/advisories/3693 > > > > > > advisory: > > > Immunix IMNX-2001-70-036-01: wu-ftpd > > > http://www.securityfocus.com/advisories/3696 > > > > > > advisory: > > > RedHat RHSA-2001:157-06: Updated wu-ftpd packages > > > are available > > > http://www.securityfocus.com/advisories/3680 > > > > > > advisory: > > > SuSE SuSE-SA:2001:043: wuftpd > > > http://www.securityfocus.com/advisories/3691 > > > > > > web page: > > > CORE SDI Homepage (CORE) > > > http://www.core-sdi.com > > > > > > web page: > > > Wu-Ftpd Homepage (Washington University) > > > http://www.wu-ftpd.org > > > > > > ChangeLog: > > > > > > Nov 30, 2001: Wirex Immunix advisory released, > > > updated packages > > > available. > > > Nov 29, 2001: SUSE and Caldera fixes available; > > > some versions of BSD > > > FTPD may also be vulnerable. > > > Nov 26, 2001: Initial analysis. > > > > > > > > -------------------------------------------------------------------------- > - > > > > > > HOW TO INTERPRET THIS ALERT > > > > > > BUGTRAQ ID: This is a unique > > > identifier assigned to the > > > vulnerability by > > > SecurityFocus.com. > > > > > > CVE ID: This is a unique > > > identifier assigned to the > > > vulnerability by the CVE. > > > > > > Published: The date the vulnerability > > > was first made public. > > > > > > Updated: The date the information was > > > last updated. > > > > > > Remote: Whether this is a > > > remotely exploitable > > > vulnerability. > > > > > > Local: Whether this is a > > > locally exploitable > > > vulnerability. > > > > > > Credibility: Describes how credible the > > > information about the > > > vulnerability is. Possible > > > values are: > > > > > > Conflicting Reports: The are > > > multiple conflicting > > > about the existance of the > > > vulnerability. > > > > > > Single Source: There is > > > a single non-reliable > > > source reporting the > > > existence of the > > > vulnerability. > > > > > > Reliable Source: There is a > > > single reliable source > > > reporting the existence of > > > the vulnerability. > > > > > > Conflicting Details: There > > > is consensus on the > > > existence of the > > > vulnerability but not it's > > > details. > > > > > > Multiple Sources: There > > > is consensus on the > > > existence and details of the > > > vulnerability. > > > > > > Vendor Confirmed: The > > > vendor has confirmed the > > > vulnerability. > > > > > > Class: The class of vulnerability. > > > Possible values are: > > > Boundary Condition Error, > > > Access Validation Error, > > > Origin Validation Error, > > > Input Valiadtion Error, > > > Failure to Handle > > > Exceptional Conditions, Race > > > Condition Error, > > > Serialization Error, Atomicity > > > Error, Environment Error, > > > and Configuration Error. > > > > > > Ease: Rates how easiliy the > > > vulnerability can be > > > exploited. Possible > > > values are: No Exploit > > > Available, Exploit > > > Available, and No Exploit > > > Required. > > > > > > Impact: Rates the impact of the > > > vulnerability. It's range > > > is 1 through 10. > > > > > > Severity: Rates the severity of the > > > vulnerability. It's range > > > is 1 through 10. It's > > > computed from the impact > > > rating and remote flag. > > > Remote vulnerabiliteis with > > > a high impact rating > > > receive a high severity > > > rating. Local > > > vulnerabilities with a low impact > > > rating receive a low > > > severity rating. > > > > > > Urgency: Rates how quickly you should > > > take action to fix or > > > mitigate the vulnerability. > > > It's range is 1 through > > > 10. It's computed from the > > > severity rating, the > > > ease rating, and the > > > credibility rating. High > > > severity vulnerabilities > > > with a high ease rating, > > > and a high confidence rating > > > have a higher urgency > > > rating. Low severity > > > vulnerabilities with a low > > > ease rating, and a low > > > confidence rating have a > > > lower urgency rating. > > > > > > Last Change: The last change made > > > to the vulnerability > > > information. > > > > > > Vulnerable Systems: The list of vulnerable > > > systems. A '+' preceding a > > > system name indicates > > > that one of the system > > > components is vulnerable > > > vulnerable. For example, > > > Windows 98 ships with > > > Internet Explorer. So if a > > > vulnerability is found in IE > > > you may see something > > > like: Microsoft Internet > > > Explorer + Microsoft > > > Windows 98 > > > > > > Non-Vulnerable Systems: The list of non-vulnerable > > > systems. > > > > > > Summary: A concise summary of the > > > vulnerability. > > > > > > Impact: The impact of the > > > vulnerability. > > > > > > Technical Description: The in-depth description of > > > the vulnerability. > > > > > > Attack Scenarios: Ways an attacker may make > > > use of the vulnerability. > > > > > > Exploits: Exploit intructions or > > > programs. > > > > > > Mitigating Strategies: Ways to mitigate the > > > vulnerability. > > > > > > Solutions: Solutions to the > > > vulnerability. > > > > > > Credit: Information about who > > > disclosed the vulnerability. > > > > > > References: Sources of information on > > > the vulnerability. > > > > > > Related Resources: Resources that might be of > > > additional value. > > > > > > ChangeLog: History of changes to the > > > vulnerability record. > > > > > > > > -------------------------------------------------------------------------- > - > > > > > > Copyright 2001 > > > SecurityFocus.com > > > > > > > > > > > > > > > > > > ---------- > > > SecurityFocus - the leading provider of Security > > > Intelligence Services for > > > business. > > > Visit our website at www.securityfocus.com > > > > > > EnvoyWorldWide, Inc. > > > Business-Critical Communications for the wired and > > > wireless world. > > > Visit our website at www.envoyww.com > > > > > > __________________________________________________ > > Do You Yahoo!? > > Buy the perfect holiday gifts at Yahoo! Shopping. > > http://shopping.yahoo.com > > ________________________________________________ > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't > post to the list quickly and you use Netscape to write mail. > > > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss