There were quite a few new network and information security threats
uncovered last month. Including some major exploits in some of the most
popular operating systems and software packages out there. Thus, I thought
our monthly newsletter (below) would be of interest to some folks here.
~Jay
--
== Jay Jacobson
== Edgeos, Inc. - Security is Critical -
http://www.edgeos.com
== We help you to easily get control of your network's security.
== ...or some hacker can just take control instead. You decide.
---------- Forwarded message ----------
Date: Mon, 2 Sep 2002 21:23:12 -0700 (MST)
From: Customer Support <
support@edgeos.com>
To:
edgeos-announce@lists.edgeos.com
Subject: Network Security Threats Newsletter - August 2002
EdgeSecure Security Updates - 62 threats added during August, 2002. This
newsletter provides a brief summary about each of these threats.
== == == == == == == == == == == == == == == == == == == == == == == == ==
All it takes is one attack to spell immediate disaster for you or your
business. Right now, you have the power to not become a victim. Protecting
your network and confidential data is fast, easy, and surprisingly
affordable. Get control of your network's security right now:
http://www.edgeos.com
Technology VARs, service providers, and professional services companies:
Generate new customers, service offerings, and increased revenue. Make
network security your business - we'll do all the work. Introducing Edgeos
Vendor Services:
http://www.edgeos.com/vendor/
== == == == == == == == == == == == == == == == == == == == == == == == ==
The EdgeSecure database of network security threats is updated every 12
hours and currently contains 1,086 unique vulnerabilities and attacks. You
can browse or search the complete EdgeSecure database of at any time. To
do so, simply visit the 'security threats' section of our web site at:
http://www.edgeos.com/threats/
The following 62 new network security tests were added to EdgeSecure
during the month of August, 2002:
--------------------------------------------------
Date Added: 2002-08-02
Threat ID: 11057
Threat Name: Raptor Weak ISN
Threat Family: Firewalls
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11057
Threat Summary: checks for ISN
--------------------------------------------------
Date Added: 2002-08-03
Threat ID: 11059
Threat Name: Trend Micro OfficeScan Denial of service
Threat Family: Denial of Service
Threat Risk Factor: Medium
Reference URL: http://edgeos.com/threats/details.php?id=11059
Threat Summary: Crashes OfficeScan
--------------------------------------------------
Date Added: 2002-08-03
Threat ID: 11058
Threat Name: rusersd output
Threat Family: RPC
Threat Risk Factor: Other
Reference URL: http://edgeos.com/threats/details.php?id=11058
Threat Summary: Checks the presence of a RPC service
--------------------------------------------------
Date Added: 2002-08-05
Threat ID: 11060
Threat Name: OpenSSL overflow (generic test)
Threat Family: Gain a shell remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11060
Threat Summary: Checks for the behavior of OpenSSL
--------------------------------------------------
Date Added: 2002-08-06
Threat ID: 11061
Threat Name: HTTP version number overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11061
Threat Summary: too long HTTP version kills the web server
--------------------------------------------------
Date Added: 2002-08-06
Threat ID: 11062
Threat Name: BadBlue invalid GET DoS
Threat Family: Denial of Service
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11062
Threat Summary: Invalid GET kills the BadBlue web server
--------------------------------------------------
Date Added: 2002-08-06
Threat ID: 11065
Threat Name: HTTP method overflow
Threat Family: Denial of Service
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11065
Threat Summary: too long HTTP method kills the web server
--------------------------------------------------
Date Added: 2002-08-06
Threat ID: 11063
Threat Name: LabView web server DoS
Threat Family: Denial of Service
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11063
Threat Summary: Kills the LabView web server
--------------------------------------------------
Date Added: 2002-08-06
Threat ID: 11064
Threat Name: BadBlue invalid null byte vulnerability
Threat Family: CGI abuses
Threat Risk Factor: Medium
Reference URL: http://edgeos.com/threats/details.php?id=11064
Threat Summary: Read BadBlue protected configuration file
--------------------------------------------------
Date Added: 2002-08-06
Threat ID: 11066
Threat Name: SunSolve CD CGI user input validation
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11066
Threat Summary: SunSolve CD CGI scripts are vulnerable to a few user input validation problems
--------------------------------------------------
Date Added: 2002-08-07
Threat ID: 11067
Threat Name: Microsoft's SQL Hello Overflow
Threat Family: Windows
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11067
Threat Summary: Microsoft's SQL Hello Overflow
--------------------------------------------------
Date Added: 2002-08-09
Threat ID: 11068
Threat Name: iPlanet chunked encoding
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11068
Threat Summary: Checks for the behavior of iPlanet
--------------------------------------------------
Date Added: 2002-08-13
Threat ID: 11070
Threat Name: PGPMail.pl detection
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11070
Threat Summary: Checks for the presence of PGPMail.pl
--------------------------------------------------
Date Added: 2002-08-13
Threat ID: 11069
Threat Name: HTTP User-Agent overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11069
Threat Summary: Too long User-Agent kills the web server
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11072
Threat Name: Basilix webmail dummy request vulnerability
Threat Family: CGI abuses
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11072
Threat Summary: Checks for the presence of basilix.php3
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11078
Threat Name: HTTP header overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11078
Threat Summary: Too long HTTP header kills the web server
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11081
Threat Name: Oracle9iAS too long URL
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11081
Threat Summary: Oracle9iAS buffer overflow
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11076
Threat Name: Oracle webcache admin interface
Threat Family: Denial of Service
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11076
Threat Summary: Get /. crashes Oracle webcache admin
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11071
Threat Name: ASP source using %20 trick
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11071
Threat Summary: downloads the source of ASP scripts
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11075
Threat Name: dwhttpd format string
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11075
Threat Summary: DynaWeb server vulnerable to format string
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11074
Threat Name: OfficeScan configuration file disclosure
Threat Family: CGI abuses
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11074
Threat Summary: Checks for the presence of /officescan/hotdownload/ofscan.ini
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11073
Threat Name: readmsg.php detection
Threat Family: CGI abuses
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11073
Threat Summary: Checks for the presence of Cobal Cube webmail
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11077
Threat Name: HTTP Cookie overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11077
Threat Summary: Too big Cookie chokes the web server
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11080
Threat Name: poprelayd & sendmail authentication problem
Threat Family: SMTP problems
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11080
Threat Summary: Checks if the remote mail server can be used as a spam relay
--------------------------------------------------
Date Added: 2002-08-14
Threat ID: 11079
Threat Name: Snapstream PVS web directory traversal
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11079
Threat Summary: Snapstream web directory traversal
--------------------------------------------------
Date Added: 2002-08-17
Threat ID: 11091
Threat Name: Windows Network Manager Privilege Elevation (Q326886)
Threat Family: Windows
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11091
Threat Summary: Checks for MS Hotfix Q326886, Network Elevated Privilege
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11087
Threat Name: Sendmail queue manipulation & destruction
Threat Family: SMTP problems
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11087
Threat Summary: Checks the version number for 'queue destruction'
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11088
Threat Name: Sendmail debug mode leak
Threat Family: SMTP problems
Threat Risk Factor: Other
Reference URL: http://edgeos.com/threats/details.php?id=11088
Threat Summary: Checks the version number for 'debug mode leak'
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11092
Threat Name: Apache 2.0.39 Win32 directory traversal
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11092
Threat Summary: Apache 2.0.39 Win32 directory traversal
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11086
Threat Name: Sendmail custom configuration file
Threat Family: SMTP problems
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11086
Threat Summary: Checks the version number for 'custom config file'
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11089
Threat Name: Webseal denial of service
Threat Family: Denial of Service
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11089
Threat Summary: Request ending with %2E kills WebSeal
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11090
Threat Name: AppSocket DoS
Threat Family: Denial of Service
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11090
Threat Summary: Too many AppSocket connections
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11085
Threat Name: Personal Web Sharing overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11085
Threat Summary: Too long request kills PWS
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11083
Threat Name: ibillpm.pl
Threat Family: CGI abuses
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11083
Threat Summary: Checks for the presence of /cgi-bin/ibillpm.pl
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11082
Threat Name: Boozt index.cgi overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11082
Threat Summary: Buffer overflow in Boozt AdBanner index.cgi
--------------------------------------------------
Date Added: 2002-08-18
Threat ID: 11093
Threat Name: EFTP installation directory disclosure
Threat Family: FTP
Threat Risk Factor: Low
Reference URL: http://edgeos.com/threats/details.php?id=11093
Threat Summary: EFTP installation directory disclosure
--------------------------------------------------
Date Added: 2002-08-19
Threat ID: 11084
Threat Name: Infinite HTTP request
Threat Family: Denial of Service
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11084
Threat Summary: Infinite HTTP request kills the web server
--------------------------------------------------
Date Added: 2002-08-21
Threat ID: 11095
Threat Name: webcart.cgi
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11095
Threat Summary: Detects webcart.cgi
--------------------------------------------------
Date Added: 2002-08-21
Threat ID: 11094
Threat Name: WS FTP overflows
Threat Family: FTP
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11094
Threat Summary: Attempts a buffer overflow on many commands
--------------------------------------------------
Date Added: 2002-08-21
Threat ID: 11096
Threat Name: Avirt gateway insecure telnet proxy
Threat Family: Untested
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11096
Threat Summary: Remote system compromise through insecure telnet proxy
--------------------------------------------------
Date Added: 2002-08-21
Threat ID: 11098
Threat Name: WS_FTP SITE CPWD Buffer Overflow
Threat Family: FTP
Threat Risk Factor: Medium
Reference URL: http://edgeos.com/threats/details.php?id=11098
Threat Summary: Checks FTP server banner for vulnerable version of WS_FTP Server
--------------------------------------------------
Date Added: 2002-08-21
Threat ID: 11097
Threat Name: TypSoft FTP STOR/RETR DoS
Threat Family: FTP
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11097
Threat Summary: Crashes the remote TypSoft FTP server
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11107
Threat Name: viralator
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11107
Threat Summary: Checks for the presence of /cgi-bin/viralator.cgi
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11101
Threat Name: PHPAdsNew code injection
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11101
Threat Summary: Checks for the presence of remotehtmlview.php
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11102
Threat Name: Awol code injection
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11102
Threat Summary: Checks for the presence of includes/awol-condensed.inc.php
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11106
Threat Name: NetTools command execution
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11106
Threat Summary: Executed 'id' through index.php
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11109
Threat Name: Achievo code injection
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11109
Threat Summary: Checks for the presence of Achievo
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11104
Threat Name: Directory Manager's edit_image.php
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11104
Threat Summary: Detects edit_image.php
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11105
Threat Name: ARCserve hidden share
Threat Family: Windows
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11105
Threat Summary: Connects to ARCSERVE$
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11100
Threat Name: eXtremail format strings
Threat Family: SMTP problems
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11100
Threat Summary: Checks the version number
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11108
Threat Name: Omron WorldView Wnn Overflow
Threat Family: Gain a shell remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11108
Threat Summary: Checks if the remote Wnn can be buffer overflown
--------------------------------------------------
Date Added: 2002-08-22
Threat ID: 11099
Threat Name: Pi3Web Webserver v2.0 Buffer Overflow
Threat Family: Denial of Service
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11099
Threat Summary: Tests for a DoS in Pi3Web
--------------------------------------------------
Date Added: 2002-08-23
Threat ID: 11110
Threat Name: SMB null param count DoS
Threat Family: Denial of Service
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11110
Threat Summary: crashes windows
--------------------------------------------------
Date Added: 2002-08-24
Threat ID: 11111
Threat Name: rpcinfo -p
Threat Family: RPC
Threat Risk Factor: Other
Reference URL: http://edgeos.com/threats/details.php?id=11111
Threat Summary: Dumps all the registered RPC
--------------------------------------------------
Date Added: 2002-08-26
Threat ID: 10161
Threat Name: rlogin -froot
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=10161
Threat Summary: Checks for rlogin -froot
--------------------------------------------------
Date Added: 2002-08-26
Threat ID: 10277
Threat Name: AnyForm
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=10277
Threat Summary: Checks for the presence of AnyForm2
--------------------------------------------------
Date Added: 2002-08-26
Threat ID: 10251
Threat Name: rpc.nisd overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=10251
Threat Summary: buffer overflow through rpc.nisd
--------------------------------------------------
Date Added: 2002-08-27
Threat ID: 11112
Threat Name: Generic FTP traversal
Threat Family: FTP
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11112
Threat Summary: Attempts to get the listing of the remote root dir
--------------------------------------------------
Date Added: 2002-08-27
Threat ID: 10278
Threat Name: Sendmail 8.6.9 ident
Threat Family: SMTP problems
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=10278
Threat Summary: Checks the version number
--------------------------------------------------
Date Added: 2002-08-29
Threat ID: 11113
Threat Name: Samba Buffer Overflow
Threat Family: Gain root remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11113
Threat Summary: checks samba version
--------------------------------------------------
Date Added: 2002-08-29
Threat ID: 11115
Threat Name: gallery code injection
Threat Family: CGI abuses
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11115
Threat Summary: Checks for the presence of includes/needinit.php
--------------------------------------------------
Date Added: 2002-08-29
Threat ID: 11114
Threat Name: Canna Overflow
Threat Family: Gain a shell remotely
Threat Risk Factor: High
Reference URL: http://edgeos.com/threats/details.php?id=11114
Threat Summary: Checks if the remote Canna can be buffer overflown
--------------------------------------------------
--
== Edgeos Customer Support
== Security is Critical
==
support@edgeos.com
==
http://edgeos.com
(text/plain)