Fwd: *ALERT* UPDATED BID 3581 (URGENCY 8.2): Wu-Ftpd File Globbing Heap Corruption Vulnerability
Edgardo Giraud
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 30 Nov 2001 19:12:21 -0800 (PST)
Just got this from the ASU LUG, wanted to make sure
y'all got this too, I don't know what to make of it,
whether it's a hoax or not, I'm a *nix newbie anyway,
so... take is as you will,
Light the way
--Egui (pronounced Egg-ee, don't ask)
--- ellipse <elliptic@CIPHERPUNKS.COM> wrote:
> Date: Fri, 30 Nov 2001 07:34:38 -0700
> From: ellipse <elliptic@CIPHERPUNKS.COM>
> Subject: *ALERT* UPDATED BID 3581 (URGENCY 8.2):
> Wu-Ftpd File Globbing Heap
> Corruption Vulnerability
> To: ASULUG@asu.edu
> Reply-to: Arizona State University Linux Users Group
> <ASULUG@asu.edu>
>
> For the benefit of those of you that haven't not
> seen this as of yet. Be
> sure to patch this, as you can bet there'll be a
> worm that comes out of
> this.
>
> Cheers,
> ellipse
>
>
---------------------------------------------------------------------------
> Security Alert
>
> Subject: Wu-Ftpd File Globbing Heap Corruption
> Vulnerability
> BUGTRAQ ID: 3581 CVE ID:
> CAN-2001-0550
> Published: Nov 27, 2001 Updated:
> Nov 30, 2001 00:19:10
>
> Remote: Yes Local:
> No
> Availability: Always Authentication:
> Not Required
> Credibility: Vendor Confirmed Ease:
> No Exploit Available
> Class: Failure to Handle Exceptional
> Conditions
>
> Impact: 10.0 Severity: 10.0
> Urgency: 8.2
>
> Last Change: Wirex Immunix advisory released,
> updated packages available.
>
---------------------------------------------------------------------------
>
> Vulnerable Systems:
>
> David Madore ftpd-BSD 0.3.3
> David Madore ftpd-BSD 0.3.2
> Washington University wu-ftpd 2.6.1
> + Caldera eDesktop 2.4
> + Caldera eServer 2.3.1
> + Caldera OpenLinux 2.3
> + Caldera OpenLinux Server 3.1
> + Cobalt Qube 1.0
> + Conectiva Linux 7.0
> + Conectiva Linux 6.0
> + MandrakeSoft Corporate Server 1.0.1
> + MandrakeSoft Linux Mandrake 8.1
> + MandrakeSoft Linux Mandrake 8.0 ppc
> + MandrakeSoft Linux Mandrake 8.0
> + MandrakeSoft Linux Mandrake 7.2
> + MandrakeSoft Linux Mandrake 7.1
> + MandrakeSoft Linux Mandrake 7.0
> + MandrakeSoft Linux Mandrake 6.1
> + MandrakeSoft Linux Mandrake 6.0
> + RedHat Linux 7.2 noarch
> + RedHat Linux 7.2 ia64
> + RedHat Linux 7.2 i686
> + RedHat Linux 7.2 i586
> + RedHat Linux 7.2 i386
> + RedHat Linux 7.2 athlon
> + RedHat Linux 7.2 alpha
> + RedHat Linux 7.1 noarch
> + RedHat Linux 7.1 ia64
> + RedHat Linux 7.1 i686
> + RedHat Linux 7.1 i586
> + RedHat Linux 7.1 i386
> + RedHat Linux 7.1 alpha
> + RedHat Linux 7.0 sparc
> + RedHat Linux 7.0 i386
> + RedHat Linux 7.0 alpha
> + TurboLinux TL Workstation 6.1
> + TurboLinux Turbo Linux 6.0.5
> + TurboLinux Turbo Linux 6.0.4
> + TurboLinux Turbo Linux 6.0.3
> + TurboLinux Turbo Linux 6.0.2
> + TurboLinux Turbo Linux 6.0.1
> + TurboLinux Turbo Linux 6.0
> + Wirex Immunix OS 7.0-Beta
> + Wirex Immunix OS 7.0
> Washington University wu-ftpd 2.6.0
> + Cobalt Qube 1.0
> + Conectiva Linux 5.1
> + Conectiva Linux 5.0
> + Conectiva Linux 4.2
> + Conectiva Linux 4.1
> + Conectiva Linux 4.0es
> + Conectiva Linux 4.0
> + Debian Linux 2.2 sparc
> + Debian Linux 2.2 powerpc
> + Debian Linux 2.2 arm
> + Debian Linux 2.2 alpha
> + Debian Linux 2.2 68k
> + Debian Linux 2.2
> + RedHat Linux 6.2 sparc
> + RedHat Linux 6.2 i386
> + RedHat Linux 6.2 alpha
> + RedHat Linux 6.1 sparc
> + RedHat Linux 6.1 i386
> + RedHat Linux 6.1 alpha
> + RedHat Linux 6.0 sparc
> + RedHat Linux 6.0 i386
> + RedHat Linux 6.0 alpha
> + RedHat Linux 5.2 sparc
> + RedHat Linux 5.2 i386
> + RedHat Linux 5.2 alpha
> + S.u.S.E. Linux 7.3sparc
> + S.u.S.E. Linux 7.3ppc
> + S.u.S.E. Linux 7.3i386
> + S.u.S.E. Linux 7.2i386
> + S.u.S.E. Linux 7.1x86
> + S.u.S.E. Linux 7.1sparc
> + S.u.S.E. Linux 7.1ppc
> + S.u.S.E. Linux 7.1alpha
> + S.u.S.E. Linux 7.0sparc
> + S.u.S.E. Linux 7.0ppc
> + S.u.S.E. Linux 7.0i386
> + S.u.S.E. Linux 7.0alpha
> + S.u.S.E. Linux 6.4ppc
> + S.u.S.E. Linux 6.4alpha
> + S.u.S.E. Linux 6.4
> + S.u.S.E. Linux 6.3 ppc
> + S.u.S.E. Linux 6.3 alpha
> + S.u.S.E. Linux 6.3
> + S.u.S.E. Linux 6.2
> + S.u.S.E. Linux 6.1 alpha
> + S.u.S.E. Linux 6.1
> + TurboLinux Turbo Linux 4.0
> + Wirex Immunix OS 6.2
> Washington University wu-ftpd 2.5.0
> + Caldera eDesktop 2.4
> + Caldera eServer 2.3.1
> + Caldera eServer 2.3
> + Caldera OpenLinux 2.4
> + Caldera OpenLinux Desktop 2.3
> + RedHat Linux 6.0 sparc
> + RedHat Linux 6.0 i386
> + RedHat Linux 6.0 alpha
>
>
> Summary:
>
> Wu-Ftpd contains a remotely exploitable heap
> corruption bug.
>
> Impact:
>
> A remote attacker may execute arbitrary code on
> the vulnerable server.
>
> Technical Description:
>
> Wu-Ftpd is an ftp server based on the BSD ftpd
> that is maintained by
> Washington University.
>
> Wu-Ftpd allows for clients to organize files for
> ftp actions based on
> "file globbing" patterns. File globbing is
> also used by various
> shells. The implementation of file globbing
> included in Wu-Ftpd
> contains a heap corruption vulnerability that may
> allow for an attacker
> to execute arbitrary code on a server remotely.
>
> During the processing of a globbing pattern, the
> Wu-Ftpd implementation
> creates a list of the files that match. The
> memory where this data is
> stored is on the heap, allocated using malloc().
> The globbing function
> simply returns a pointer to the list. It is
> up to the calling
> functions to free the allocated memory.
>
> If an error occurs processing the pattern, memory
> will not be allocated
> and a variable indicating this should be set.
> The calling functions
> must check the value of this variable before
> attempting to use the
> globbed filenames (and later freeing the memory).
>
> Under certain circumstances, the globbing function
> does not set this
> variable when an error occurs. As a result of
> this, Wu-Ftpd will
> eventually attempt to free uninitialized memory.
>
> If this region of memory contained
> user-controllable data before the
> free call, it may be possible to have an
> arbitrary word in memory
> overwritten with an arbitrary value. This can
> lead to execution of
> arbitrary code if function pointers or
> return addresses are
> overwritten.
>
> If anonymous FTP is not enabled, valid user
> credentials are required to
> exploit this vulnerability.
>
> This vulnerability was initially scheduled for
> public release on
> December 3, 2001. However, Red Hat has made
> details public as of
> November 27, 2001. As a result, we are forced to
> warn other users of
> the vulnerable product, so that they may take
> appropriate actions.
>
> Attack Scenarios:
>
> To exploit this vulnerability, an attacker must
> have either valid
> credentials required to log in as an FTP user, or
> anonymous access must
> be enabled.
>
> The attacker must ensure that a maliciously
> constructed malloc header
> containing the target address and it's replacement
> value are in the
> right location in the uninitialized part of the
> heap. The attacker
> must also place shellcode in server process
> memory.
>
> The attacker must send an FTP command containing
> a specific globbing
> pattern that does not set the error variable.
>
> When the server attempts to free the memory used
> to store the globbed
> filenames, the target word in memory will be
> overwritten.
>
> If an attacker overwrites a function pointer or
> return address with a
> pointer to the shellcode, it may be executed by
> the server process.
>
> Exploits:
>
> The following (from the CORE advisory)
> demonstrates the existence of
> this vulnerability:
>
> ftp> open localhost
> Connected to localhost (127.0.0.1).
> 220 sasha FTP server (Version wu-2.6.1-18)
> ready.
> Name (localhost:root): anonymous
> 331 Guest login ok, send your complete e-mail
> address as password.
> Password:
> 230 Guest login ok, access restrictions apply.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls ~{
> 227 Entering Passive Mode (127,0,0,1,241,205)
> 421 Service not available, remote server has
> closed connection
>
> 1405 ? S 0:00 ftpd: accepting
> connections on port 21
> 7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
> 26256 ? S
> 0:00 ftpd:
> sasha:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> 26265 tty3 R 0:00 bash -c ps ax | grep
> ftpd
> (gdb) at 26256
> Attaching to program: /usr/sbin/wu.ftpd, process
> 26256
> Symbols already loaded for /lib/libcrypt.so.1
> Symbols already loaded for /lib/libnsl.so.1
> Symbols already loaded for /lib/libresolv.so.2
> Symbols already loaded for /lib/libpam.so.0
> Symbols already loaded for /lib/libdl.so.2
> Symbols already loaded for /lib/i686/libc.so.6
> Symbols already loaded for /lib/ld-linux.so.2
> Symbols already loaded for
> /lib/libnss_files.so.2
> Symbols already loaded for
> /lib/libnss_nisplus.so.2
> Symbols already loaded for /lib/libnss_nis.so.2
> 0x40165544 in __libc_read () from
> /lib/i686/libc.so.6
> (gdb) c
> Continuing.
>
> Program received signal SIGSEGV, Segmentation
> fault.
> __libc_free (mem=0x61616161) at malloc.c:3136
> 3136 in malloc.c
>
> Currently the SecurityFocus staff are not aware
> of any exploits for
> this issue. If you feel we are in error or are
> aware of more recent
> information, please mail us at:
> vuldb@securityfocus.com
> <mailto:vuldb@securityfocus.com>
>
> Mitigating Strategies:
>
> This vulnerability is remotely exploitable.
> Restricting access to the
> network port, (TCP port 21 is standard for FTP),
> will block clients
> from unauthorized networks.
>
> With some operating systems, anonymous FTP is
> enabled by default.
> Anonymous FTP is often in use on public FTP sites,
> most often software
> repositories. It is basically a guest account
> with access to download
> files from within a restricted environment.
> This vulnerability is
> exploitable by clients logged in through anonymous
> FTP. Anonymous FTP
> should be disabled immediately until fixes are
> available, as it would
> allow any host on the Internet who can connect
> to the service to
> exploit this vulnerability. It is a good idea to
> disable it normally
> unless it is absolutely necessary (in which case
> the FTP server should
> be on a dedicated, isolated host).
>
> Stack and other memory protection
> schemes may complicate
> exploitability, and/or prevent commonly
> available exploits from
> working. This should not be relied upon
> for security. This
> vulnerability involves 'poking' words in memory.
> This means that there
> are many different ways that it may be exploited.
> Making the stack
> non-executable or checking the integrity of stack
> variables may not be
> enough to prevent all possibile methods of
> exploitation.
>
> It is advised to disable the service and use
> alternatives until fixes
> are available.
>
> Solutions:
>
> Vendor notified on Nov 14, 2001.
>
> Fixes will be available from the author as well
> as from vendors who
> ship products that include Wu-Ftpd as core or
> optional components.
>
> This vulnerability was initially scheduled for
> public release on
> December 3, 2001. Red Hat pre-emptively
> released an advisory on
> November 27, 2001. As a result, other vendors may
> not yet have fixes
> available.
>
> This record will be updated as fixes from
> various vendors become
> available.
>
> For Washington University wu-ftpd 2.6.0:
>
> SuSE Upgrade 7.3 i386 wuftpd-2.6.0-344.i386.rpm
>
>
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-344.i386.
> rpm
>
> SuSE Upgrade 7.2 i386 wuftpd-2.6.0-344.i386.rpm
>
>
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-344.i386.
> rpm
>
> SuSE Upgrade 7.1 i386 wuftpd-2.6.0-346.i386.rpm
>
>
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wuftpd-2.6.0-346.i386.
> rpm
>
> SuSE Upgrade 7.0 i386 wuftpd-2.6.0-344.i386.rpm
>
>
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/wuftpd-2.6.0-344.i386.
> rpm
>
> SuSE Upgrade 6.4 i386 wuftpd-2.6.0-344.i386.rpm
>
>
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-344.i386.
> rpm
>
> SuSE Upgrade 6.3 i386 wuftpd-2.6.0-347.i386.rpm
>
>
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-347.i386.
> rpm
>
> SuSE Upgrade 7.3 sparc
> wuftpd-2.6.0-240.sparc.rpm
>
>
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-240.spar
> c.rpm
>
> SuSE Upgrade 7.1 sparc
> wuftpd-2.6.0-242.sparc.rpm
>
>
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wuftpd-2.6.0-242.spar
> c.rpm
>
> SuSE Upgrade 7.0 sparc
> wuftpd-2.6.0-241.sparc.rpm
>
>
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/wuftpd-2.6.0-241.spar
> c.rpm
>
> SuSE Upgrade 7.1 alpha
> wuftpd-2.6.0-252.alpha.rpm
>
>
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wuftpd-2.6.0-252.alpha.
> rpm
>
> SuSE Upgrade 7.0 alpha
> wuftpd-2.6.0-251.alpha.rpm
>
>
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/wuftpd-2.6.0-251.alpha.
> rpm
>
> SuSE Upgrade 6.4 alpha
> wuftpd-2.6.0-251.alpha.rpm
>
>
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-251.alpha.
> rpm
>
> SuSE Upgrade 6.3 alpha
> wuftpd-2.6.0-250.alpha.rpm
>
>
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-250.alpha.
> rpm
>
> SuSE Upgrade 7.3 ppc wuftpd-2.6.0-277.ppc.rpm
>
>
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-277.ppc.rp
> m
>
> SuSE Upgrade 7.1 ppc wuftpd-2.6.0-277.ppc.rpm
>
>
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wuftpd-2.6.0-277.ppc.rp
> m
>
> SuSE Upgrade 7.0 ppc wuftpd-2.6.0-279.ppc.rpm
>
>
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/wuftpd-2.6.0-279.ppc.rp
> m
>
> SuSE Upgrade 6.4 ppc wuftpd-2.6.0-278.ppc.rpm
>
>
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-278.ppc.rp
> m
>
> For Washington University wu-ftpd 2.6.1:
>
> Red Hat RPM 6.2 alpha
> wu-ftpd-2.6.1-0.6x.21.alpha.rpm
>
>
ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.
> rpm
>
> Red Hat RPM 6.2 sparc
> wu-ftpd-2.6.1-0.6x.21.sparc.rpm
>
>
ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.
> rpm
>
> Caldera RPM OpenLinux 2.3
> wu-ftpd-2.6.1-13OL.i386.rpm
>
>
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/wu-ftpd-
> 2.6.1-13OL.i386.rpm
>
> Caldera RPM eServer 2.3.1
> wu-ftpd-2.6.1-13OL.i386.rpm
>
>
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/wu-ftpd-2.
> 6.1-13OL.i386.rpm
>
> Caldera RPM eDesktop 2.4
> wu-ftpd-2.6.1-13OL.i386.rpm
>
>
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/wu-ftpd-2
> .6.1-13OL.i386.rpm
>
> Caldera RPM OpenLinux 3.1 Server
> wu-ftpd-2.6.1-13.i386.rpm
>
>
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/w
> u-ftpd-2.6.1-13.i386.rpm
>
> Wirex Upgrade Immunix 7.0 i386
> wu-ftpd-2.6.1-6_imnx_4.i386.rpm
>
>
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1-
> 6_imnx_4.i386.rpm
>
> Red Hat RPM 7.0 alpha
> wu-ftpd-2.6.1-16.7x.1.alpha.rpm
>
>
ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> rpm
>
> Red Hat RPM 7.0 i386
> wu-ftpd-2.6.1-16.7x.1.i386.rpm
>
>
ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> m
>
> Red Hat RPM 7.1 alpha
> wu-ftpd-2.6.1-16.7x.1.alpha.rpm
>
>
ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> rpm
>
> Red Hat RPM 7.1 i386
> wu-ftpd-2.6.1-16.7x.1.i386.rpm
>
>
ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> m
>
> Red Hat RPM 7.1 ia64
> wu-ftpd-2.6.1-16.7x.1.ia64.rpm
>
>
ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rp
> m
>
> Red Hat RPM 7.2 i386 wu-ftpd-2.6.1-20.i386.rpm
>
>
ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm
>
> Red Hat RPM 6.2 i386
> wu-ftpd-2.6.1-0.6x.21.i386.rpm
>
>
ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rp
> m
>
> Credit:
>
> Condition first reported by Matt Power.
> Exploitability later confirmed
> by Luciano Notarfrancesco and Juan Pablo
> Martinez Kuhn from Core
> Security Technologies, Buenos Aires, Argentina.
>
> References:
>
> advisory:
> Caldera CSSA-2001-041.0: Linux - Vulnerability in
> wu-ftpd
> http://www.securityfocus.com/advisories/3693
>
> advisory:
> Immunix IMNX-2001-70-036-01: wu-ftpd
> http://www.securityfocus.com/advisories/3696
>
> advisory:
> RedHat RHSA-2001:157-06: Updated wu-ftpd packages
> are available
> http://www.securityfocus.com/advisories/3680
>
> advisory:
> SuSE SuSE-SA:2001:043: wuftpd
> http://www.securityfocus.com/advisories/3691
>
> web page:
> CORE SDI Homepage (CORE)
> http://www.core-sdi.com
>
> web page:
> Wu-Ftpd Homepage (Washington University)
> http://www.wu-ftpd.org
>
> ChangeLog:
>
> Nov 30, 2001: Wirex Immunix advisory released,
> updated packages
> available.
> Nov 29, 2001: SUSE and Caldera fixes available;
> some versions of BSD
> FTPD may also be vulnerable.
> Nov 26, 2001: Initial analysis.
>
>
---------------------------------------------------------------------------
>
> HOW TO INTERPRET THIS ALERT
>
> BUGTRAQ ID: This is a unique
> identifier assigned to the
> vulnerability by
> SecurityFocus.com.
>
> CVE ID: This is a unique
> identifier assigned to the
> vulnerability by the CVE.
>
> Published: The date the vulnerability
> was first made public.
>
> Updated: The date the information was
> last updated.
>
> Remote: Whether this is a
> remotely exploitable
> vulnerability.
>
> Local: Whether this is a
> locally exploitable
> vulnerability.
>
> Credibility: Describes how credible the
> information about the
> vulnerability is. Possible
> values are:
>
> Conflicting Reports: The are
> multiple conflicting
> about the existance of the
> vulnerability.
>
> Single Source: There is
> a single non-reliable
> source reporting the
> existence of the
> vulnerability.
>
> Reliable Source: There is a
> single reliable source
> reporting the existence of
> the vulnerability.
>
> Conflicting Details: There
> is consensus on the
> existence of the
> vulnerability but not it's
> details.
>
> Multiple Sources: There
> is consensus on the
> existence and details of the
> vulnerability.
>
> Vendor Confirmed: The
> vendor has confirmed the
> vulnerability.
>
> Class: The class of vulnerability.
> Possible values are:
> Boundary Condition Error,
> Access Validation Error,
> Origin Validation Error,
> Input Valiadtion Error,
> Failure to Handle
> Exceptional Conditions, Race
> Condition Error,
> Serialization Error, Atomicity
> Error, Environment Error,
> and Configuration Error.
>
> Ease: Rates how easiliy the
> vulnerability can be
> exploited. Possible
> values are: No Exploit
> Available, Exploit
> Available, and No Exploit
> Required.
>
> Impact: Rates the impact of the
> vulnerability. It's range
> is 1 through 10.
>
> Severity: Rates the severity of the
> vulnerability. It's range
> is 1 through 10. It's
> computed from the impact
> rating and remote flag.
> Remote vulnerabiliteis with
> a high impact rating
> receive a high severity
> rating. Local
> vulnerabilities with a low impact
> rating receive a low
> severity rating.
>
> Urgency: Rates how quickly you should
> take action to fix or
> mitigate the vulnerability.
> It's range is 1 through
> 10. It's computed from the
> severity rating, the
> ease rating, and the
> credibility rating. High
> severity vulnerabilities
> with a high ease rating,
> and a high confidence rating
> have a higher urgency
> rating. Low severity
> vulnerabilities with a low
> ease rating, and a low
> confidence rating have a
> lower urgency rating.
>
> Last Change: The last change made
> to the vulnerability
> information.
>
> Vulnerable Systems: The list of vulnerable
> systems. A '+' preceding a
> system name indicates
> that one of the system
> components is vulnerable
> vulnerable. For example,
> Windows 98 ships with
> Internet Explorer. So if a
> vulnerability is found in IE
> you may see something
> like: Microsoft Internet
> Explorer + Microsoft
> Windows 98
>
> Non-Vulnerable Systems: The list of non-vulnerable
> systems.
>
> Summary: A concise summary of the
> vulnerability.
>
> Impact: The impact of the
> vulnerability.
>
> Technical Description: The in-depth description of
> the vulnerability.
>
> Attack Scenarios: Ways an attacker may make
> use of the vulnerability.
>
> Exploits: Exploit intructions or
> programs.
>
> Mitigating Strategies: Ways to mitigate the
> vulnerability.
>
> Solutions: Solutions to the
> vulnerability.
>
> Credit: Information about who
> disclosed the vulnerability.
>
> References: Sources of information on
> the vulnerability.
>
> Related Resources: Resources that might be of
> additional value.
>
> ChangeLog: History of changes to the
> vulnerability record.
>
>
---------------------------------------------------------------------------
>
> Copyright 2001
> SecurityFocus.com
>
>
>
>
>
> ----------
> SecurityFocus - the leading provider of Security
> Intelligence Services for
> business.
> Visit our website at www.securityfocus.com
>
> EnvoyWorldWide, Inc.
> Business-Critical Communications for the wired and
> wireless world.
> Visit our website at www.envoyww.com
__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com