*ALERT* UPDATED BID 3581 (URGENCY 8.2): Wu-Ftpd File Globbing Heap Corruption Vulnerability
Nancy Sollars
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 30 Nov 2001 20:16:31 -0700
Being WU-ftpd its proly true and you must be a right muppet to have it
running anyway
use Pro or Pure ftp people.
Nige
> --------------------------------------------------------------------------
-
> > Security Alert
> >
> > Subject: Wu-Ftpd File Globbing Heap Corruption
> > Vulnerability
> > BUGTRAQ ID: 3581 CVE ID:
> > CAN-2001-0550
> > Published: Nov 27, 2001 Updated:
> > Nov 30, 2001 00:19:10
> >
> > Remote: Yes Local:
> > No
> > Availability: Always Authentication:
> > Not Required
> > Credibility: Vendor Confirmed Ease:
> > No Exploit Available
> > Class: Failure to Handle Exceptional
> > Conditions
> >
> > Impact: 10.0 Severity: 10.0
> > Urgency: 8.2
> >
> > Last Change: Wirex Immunix advisory released,
> > updated packages available.
> >
> --------------------------------------------------------------------------
-
> >
> > Vulnerable Systems:
> >
> > David Madore ftpd-BSD 0.3.3
> > David Madore ftpd-BSD 0.3.2
> > Washington University wu-ftpd 2.6.1
> > + Caldera eDesktop 2.4
> > + Caldera eServer 2.3.1
> > + Caldera OpenLinux 2.3
> > + Caldera OpenLinux Server 3.1
> > + Cobalt Qube 1.0
> > + Conectiva Linux 7.0
> > + Conectiva Linux 6.0
> > + MandrakeSoft Corporate Server 1.0.1
> > + MandrakeSoft Linux Mandrake 8.1
> > + MandrakeSoft Linux Mandrake 8.0 ppc
> > + MandrakeSoft Linux Mandrake 8.0
> > + MandrakeSoft Linux Mandrake 7.2
> > + MandrakeSoft Linux Mandrake 7.1
> > + MandrakeSoft Linux Mandrake 7.0
> > + MandrakeSoft Linux Mandrake 6.1
> > + MandrakeSoft Linux Mandrake 6.0
> > + RedHat Linux 7.2 noarch
> > + RedHat Linux 7.2 ia64
> > + RedHat Linux 7.2 i686
> > + RedHat Linux 7.2 i586
> > + RedHat Linux 7.2 i386
> > + RedHat Linux 7.2 athlon
> > + RedHat Linux 7.2 alpha
> > + RedHat Linux 7.1 noarch
> > + RedHat Linux 7.1 ia64
> > + RedHat Linux 7.1 i686
> > + RedHat Linux 7.1 i586
> > + RedHat Linux 7.1 i386
> > + RedHat Linux 7.1 alpha
> > + RedHat Linux 7.0 sparc
> > + RedHat Linux 7.0 i386
> > + RedHat Linux 7.0 alpha
> > + TurboLinux TL Workstation 6.1
> > + TurboLinux Turbo Linux 6.0.5
> > + TurboLinux Turbo Linux 6.0.4
> > + TurboLinux Turbo Linux 6.0.3
> > + TurboLinux Turbo Linux 6.0.2
> > + TurboLinux Turbo Linux 6.0.1
> > + TurboLinux Turbo Linux 6.0
> > + Wirex Immunix OS 7.0-Beta
> > + Wirex Immunix OS 7.0
> > Washington University wu-ftpd 2.6.0
> > + Cobalt Qube 1.0
> > + Conectiva Linux 5.1
> > + Conectiva Linux 5.0
> > + Conectiva Linux 4.2
> > + Conectiva Linux 4.1
> > + Conectiva Linux 4.0es
> > + Conectiva Linux 4.0
> > + Debian Linux 2.2 sparc
> > + Debian Linux 2.2 powerpc
> > + Debian Linux 2.2 arm
> > + Debian Linux 2.2 alpha
> > + Debian Linux 2.2 68k
> > + Debian Linux 2.2
> > + RedHat Linux 6.2 sparc
> > + RedHat Linux 6.2 i386
> > + RedHat Linux 6.2 alpha
> > + RedHat Linux 6.1 sparc
> > + RedHat Linux 6.1 i386
> > + RedHat Linux 6.1 alpha
> > + RedHat Linux 6.0 sparc
> > + RedHat Linux 6.0 i386
> > + RedHat Linux 6.0 alpha
> > + RedHat Linux 5.2 sparc
> > + RedHat Linux 5.2 i386
> > + RedHat Linux 5.2 alpha
> > + S.u.S.E. Linux 7.3sparc
> > + S.u.S.E. Linux 7.3ppc
> > + S.u.S.E. Linux 7.3i386
> > + S.u.S.E. Linux 7.2i386
> > + S.u.S.E. Linux 7.1x86
> > + S.u.S.E. Linux 7.1sparc
> > + S.u.S.E. Linux 7.1ppc
> > + S.u.S.E. Linux 7.1alpha
> > + S.u.S.E. Linux 7.0sparc
> > + S.u.S.E. Linux 7.0ppc
> > + S.u.S.E. Linux 7.0i386
> > + S.u.S.E. Linux 7.0alpha
> > + S.u.S.E. Linux 6.4ppc
> > + S.u.S.E. Linux 6.4alpha
> > + S.u.S.E. Linux 6.4
> > + S.u.S.E. Linux 6.3 ppc
> > + S.u.S.E. Linux 6.3 alpha
> > + S.u.S.E. Linux 6.3
> > + S.u.S.E. Linux 6.2
> > + S.u.S.E. Linux 6.1 alpha
> > + S.u.S.E. Linux 6.1
> > + TurboLinux Turbo Linux 4.0
> > + Wirex Immunix OS 6.2
> > Washington University wu-ftpd 2.5.0
> > + Caldera eDesktop 2.4
> > + Caldera eServer 2.3.1
> > + Caldera eServer 2.3
> > + Caldera OpenLinux 2.4
> > + Caldera OpenLinux Desktop 2.3
> > + RedHat Linux 6.0 sparc
> > + RedHat Linux 6.0 i386
> > + RedHat Linux 6.0 alpha
> >
> >
> > Summary:
> >
> > Wu-Ftpd contains a remotely exploitable heap
> > corruption bug.
> >
> > Impact:
> >
> > A remote attacker may execute arbitrary code on
> > the vulnerable server.
> >
> > Technical Description:
> >
> > Wu-Ftpd is an ftp server based on the BSD ftpd
> > that is maintained by
> > Washington University.
> >
> > Wu-Ftpd allows for clients to organize files for
> > ftp actions based on
> > "file globbing" patterns. File globbing is
> > also used by various
> > shells. The implementation of file globbing
> > included in Wu-Ftpd
> > contains a heap corruption vulnerability that may
> > allow for an attacker
> > to execute arbitrary code on a server remotely.
> >
> > During the processing of a globbing pattern, the
> > Wu-Ftpd implementation
> > creates a list of the files that match. The
> > memory where this data is
> > stored is on the heap, allocated using malloc().
> > The globbing function
> > simply returns a pointer to the list. It is
> > up to the calling
> > functions to free the allocated memory.
> >
> > If an error occurs processing the pattern, memory
> > will not be allocated
> > and a variable indicating this should be set.
> > The calling functions
> > must check the value of this variable before
> > attempting to use the
> > globbed filenames (and later freeing the memory).
> >
> > Under certain circumstances, the globbing function
> > does not set this
> > variable when an error occurs. As a result of
> > this, Wu-Ftpd will
> > eventually attempt to free uninitialized memory.
> >
> > If this region of memory contained
> > user-controllable data before the
> > free call, it may be possible to have an
> > arbitrary word in memory
> > overwritten with an arbitrary value. This can
> > lead to execution of
> > arbitrary code if function pointers or
> > return addresses are
> > overwritten.
> >
> > If anonymous FTP is not enabled, valid user
> > credentials are required to
> > exploit this vulnerability.
> >
> > This vulnerability was initially scheduled for
> > public release on
> > December 3, 2001. However, Red Hat has made
> > details public as of
> > November 27, 2001. As a result, we are forced to
> > warn other users of
> > the vulnerable product, so that they may take
> > appropriate actions.
> >
> > Attack Scenarios:
> >
> > To exploit this vulnerability, an attacker must
> > have either valid
> > credentials required to log in as an FTP user, or
> > anonymous access must
> > be enabled.
> >
> > The attacker must ensure that a maliciously
> > constructed malloc header
> > containing the target address and it's replacement
> > value are in the
> > right location in the uninitialized part of the
> > heap. The attacker
> > must also place shellcode in server process
> > memory.
> >
> > The attacker must send an FTP command containing
> > a specific globbing
> > pattern that does not set the error variable.
> >
> > When the server attempts to free the memory used
> > to store the globbed
> > filenames, the target word in memory will be
> > overwritten.
> >
> > If an attacker overwrites a function pointer or
> > return address with a
> > pointer to the shellcode, it may be executed by
> > the server process.
> >
> > Exploits:
> >
> > The following (from the CORE advisory)
> > demonstrates the existence of
> > this vulnerability:
> >
> > ftp> open localhost
> > Connected to localhost (127.0.0.1).
> > 220 sasha FTP server (Version wu-2.6.1-18)
> > ready.
> > Name (localhost:root): anonymous
> > 331 Guest login ok, send your complete e-mail
> > address as password.
> > Password:
> > 230 Guest login ok, access restrictions apply.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls ~{
> > 227 Entering Passive Mode (127,0,0,1,241,205)
> > 421 Service not available, remote server has
> > closed connection
> >
> > 1405 ? S 0:00 ftpd: accepting
> > connections on port 21
> > 7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
> > 26256 ? S
> > 0:00 ftpd:
> > sasha:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> > 26265 tty3 R 0:00 bash -c ps ax | grep
> > ftpd
> > (gdb) at 26256
> > Attaching to program: /usr/sbin/wu.ftpd, process
> > 26256
> > Symbols already loaded for /lib/libcrypt.so.1
> > Symbols already loaded for /lib/libnsl.so.1
> > Symbols already loaded for /lib/libresolv.so.2
> > Symbols already loaded for /lib/libpam.so.0
> > Symbols already loaded for /lib/libdl.so.2
> > Symbols already loaded for /lib/i686/libc.so.6
> > Symbols already loaded for /lib/ld-linux.so.2
> > Symbols already loaded for
> > /lib/libnss_files.so.2
> > Symbols already loaded for
> > /lib/libnss_nisplus.so.2
> > Symbols already loaded for /lib/libnss_nis.so.2
> > 0x40165544 in __libc_read () from
> > /lib/i686/libc.so.6
> > (gdb) c
> > Continuing.
> >
> > Program received signal SIGSEGV, Segmentation
> > fault.
> > __libc_free (mem=0x61616161) at malloc.c:3136
> > 3136 in malloc.c
> >
> > Currently the SecurityFocus staff are not aware
> > of any exploits for
> > this issue. If you feel we are in error or are
> > aware of more recent
> > information, please mail us at:
> > vuldb@securityfocus.com
> > <mailto:vuldb@securityfocus.com>
> >
> > Mitigating Strategies:
> >
> > This vulnerability is remotely exploitable.
> > Restricting access to the
> > network port, (TCP port 21 is standard for FTP),
> > will block clients
> > from unauthorized networks.
> >
> > With some operating systems, anonymous FTP is
> > enabled by default.
> > Anonymous FTP is often in use on public FTP sites,
> > most often software
> > repositories. It is basically a guest account
> > with access to download
> > files from within a restricted environment.
> > This vulnerability is
> > exploitable by clients logged in through anonymous
> > FTP. Anonymous FTP
> > should be disabled immediately until fixes are
> > available, as it would
> > allow any host on the Internet who can connect
> > to the service to
> > exploit this vulnerability. It is a good idea to
> > disable it normally
> > unless it is absolutely necessary (in which case
> > the FTP server should
> > be on a dedicated, isolated host).
> >
> > Stack and other memory protection
> > schemes may complicate
> > exploitability, and/or prevent commonly
> > available exploits from
> > working. This should not be relied upon
> > for security. This
> > vulnerability involves 'poking' words in memory.
> > This means that there
> > are many different ways that it may be exploited.
> > Making the stack
> > non-executable or checking the integrity of stack
> > variables may not be
> > enough to prevent all possibile methods of
> > exploitation.
> >
> > It is advised to disable the service and use
> > alternatives until fixes
> > are available.
> >
> > Solutions:
> >
> > Vendor notified on Nov 14, 2001.
> >
> > Fixes will be available from the author as well
> > as from vendors who
> > ship products that include Wu-Ftpd as core or
> > optional components.
> >
> > This vulnerability was initially scheduled for
> > public release on
> > December 3, 2001. Red Hat pre-emptively
> > released an advisory on
> > November 27, 2001. As a result, other vendors may
> > not yet have fixes
> > available.
> >
> > This record will be updated as fixes from
> > various vendors become
> > available.
> >
> > For Washington University wu-ftpd 2.6.0:
> >
> > SuSE Upgrade 7.3 i386 wuftpd-2.6.0-344.i386.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-344.i386.
> > rpm
> >
> > SuSE Upgrade 7.2 i386 wuftpd-2.6.0-344.i386.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-344.i386.
> > rpm
> >
> > SuSE Upgrade 7.1 i386 wuftpd-2.6.0-346.i386.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wuftpd-2.6.0-346.i386.
> > rpm
> >
> > SuSE Upgrade 7.0 i386 wuftpd-2.6.0-344.i386.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/wuftpd-2.6.0-344.i386.
> > rpm
> >
> > SuSE Upgrade 6.4 i386 wuftpd-2.6.0-344.i386.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-344.i386.
> > rpm
> >
> > SuSE Upgrade 6.3 i386 wuftpd-2.6.0-347.i386.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-347.i386.
> > rpm
> >
> > SuSE Upgrade 7.3 sparc
> > wuftpd-2.6.0-240.sparc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-240.spar
> > c.rpm
> >
> > SuSE Upgrade 7.1 sparc
> > wuftpd-2.6.0-242.sparc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wuftpd-2.6.0-242.spar
> > c.rpm
> >
> > SuSE Upgrade 7.0 sparc
> > wuftpd-2.6.0-241.sparc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/wuftpd-2.6.0-241.spar
> > c.rpm
> >
> > SuSE Upgrade 7.1 alpha
> > wuftpd-2.6.0-252.alpha.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wuftpd-2.6.0-252.alpha.
> > rpm
> >
> > SuSE Upgrade 7.0 alpha
> > wuftpd-2.6.0-251.alpha.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/wuftpd-2.6.0-251.alpha.
> > rpm
> >
> > SuSE Upgrade 6.4 alpha
> > wuftpd-2.6.0-251.alpha.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-251.alpha.
> > rpm
> >
> > SuSE Upgrade 6.3 alpha
> > wuftpd-2.6.0-250.alpha.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-250.alpha.
> > rpm
> >
> > SuSE Upgrade 7.3 ppc wuftpd-2.6.0-277.ppc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-277.ppc.rp
> > m
> >
> > SuSE Upgrade 7.1 ppc wuftpd-2.6.0-277.ppc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wuftpd-2.6.0-277.ppc.rp
> > m
> >
> > SuSE Upgrade 7.0 ppc wuftpd-2.6.0-279.ppc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/wuftpd-2.6.0-279.ppc.rp
> > m
> >
> > SuSE Upgrade 6.4 ppc wuftpd-2.6.0-278.ppc.rpm
> >
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-278.ppc.rp
> > m
> >
> > For Washington University wu-ftpd 2.6.1:
> >
> > Red Hat RPM 6.2 alpha
> > wu-ftpd-2.6.1-0.6x.21.alpha.rpm
> >
> >
> ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.
> > rpm
> >
> > Red Hat RPM 6.2 sparc
> > wu-ftpd-2.6.1-0.6x.21.sparc.rpm
> >
> >
> ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.
> > rpm
> >
> > Caldera RPM OpenLinux 2.3
> > wu-ftpd-2.6.1-13OL.i386.rpm
> >
> >
> ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/wu-ftpd-
> > 2.6.1-13OL.i386.rpm
> >
> > Caldera RPM eServer 2.3.1
> > wu-ftpd-2.6.1-13OL.i386.rpm
> >
> >
> ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/wu-ftpd-2.
> > 6.1-13OL.i386.rpm
> >
> > Caldera RPM eDesktop 2.4
> > wu-ftpd-2.6.1-13OL.i386.rpm
> >
> >
> ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/wu-ftpd-2
> > .6.1-13OL.i386.rpm
> >
> > Caldera RPM OpenLinux 3.1 Server
> > wu-ftpd-2.6.1-13.i386.rpm
> >
> >
> ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/w
> > u-ftpd-2.6.1-13.i386.rpm
> >
> > Wirex Upgrade Immunix 7.0 i386
> > wu-ftpd-2.6.1-6_imnx_4.i386.rpm
> >
> >
> http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1-
> > 6_imnx_4.i386.rpm
> >
> > Red Hat RPM 7.0 alpha
> > wu-ftpd-2.6.1-16.7x.1.alpha.rpm
> >
> >
> ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> > rpm
> >
> > Red Hat RPM 7.0 i386
> > wu-ftpd-2.6.1-16.7x.1.i386.rpm
> >
> >
> ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> > m
> >
> > Red Hat RPM 7.1 alpha
> > wu-ftpd-2.6.1-16.7x.1.alpha.rpm
> >
> >
> ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> > rpm
> >
> > Red Hat RPM 7.1 i386
> > wu-ftpd-2.6.1-16.7x.1.i386.rpm
> >
> >
> ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> > m
> >
> > Red Hat RPM 7.1 ia64
> > wu-ftpd-2.6.1-16.7x.1.ia64.rpm
> >
> >
> ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rp
> > m
> >
> > Red Hat RPM 7.2 i386 wu-ftpd-2.6.1-20.i386.rpm
> >
> >
> ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm
> >
> > Red Hat RPM 6.2 i386
> > wu-ftpd-2.6.1-0.6x.21.i386.rpm
> >
> >
> ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rp
> > m
> >
> > Credit:
> >
> > Condition first reported by Matt Power.
> > Exploitability later confirmed
> > by Luciano Notarfrancesco and Juan Pablo
> > Martinez Kuhn from Core
> > Security Technologies, Buenos Aires, Argentina.
> >
> > References:
> >
> > advisory:
> > Caldera CSSA-2001-041.0: Linux - Vulnerability in
> > wu-ftpd
> > http://www.securityfocus.com/advisories/3693
> >
> > advisory:
> > Immunix IMNX-2001-70-036-01: wu-ftpd
> > http://www.securityfocus.com/advisories/3696
> >
> > advisory:
> > RedHat RHSA-2001:157-06: Updated wu-ftpd packages
> > are available
> > http://www.securityfocus.com/advisories/3680
> >
> > advisory:
> > SuSE SuSE-SA:2001:043: wuftpd
> > http://www.securityfocus.com/advisories/3691
> >
> > web page:
> > CORE SDI Homepage (CORE)
> > http://www.core-sdi.com
> >
> > web page:
> > Wu-Ftpd Homepage (Washington University)
> > http://www.wu-ftpd.org
> >
> > ChangeLog:
> >
> > Nov 30, 2001: Wirex Immunix advisory released,
> > updated packages
> > available.
> > Nov 29, 2001: SUSE and Caldera fixes available;
> > some versions of BSD
> > FTPD may also be vulnerable.
> > Nov 26, 2001: Initial analysis.
> >
> >
> --------------------------------------------------------------------------
-
> >
> > HOW TO INTERPRET THIS ALERT
> >
> > BUGTRAQ ID: This is a unique
> > identifier assigned to the
> > vulnerability by
> > SecurityFocus.com.
> >
> > CVE ID: This is a unique
> > identifier assigned to the
> > vulnerability by the CVE.
> >
> > Published: The date the vulnerability
> > was first made public.
> >
> > Updated: The date the information was
> > last updated.
> >
> > Remote: Whether this is a
> > remotely exploitable
> > vulnerability.
> >
> > Local: Whether this is a
> > locally exploitable
> > vulnerability.
> >
> > Credibility: Describes how credible the
> > information about the
> > vulnerability is. Possible
> > values are:
> >
> > Conflicting Reports: The are
> > multiple conflicting
> > about the existance of the
> > vulnerability.
> >
> > Single Source: There is
> > a single non-reliable
> > source reporting the
> > existence of the
> > vulnerability.
> >
> > Reliable Source: There is a
> > single reliable source
> > reporting the existence of
> > the vulnerability.
> >
> > Conflicting Details: There
> > is consensus on the
> > existence of the
> > vulnerability but not it's
> > details.
> >
> > Multiple Sources: There
> > is consensus on the
> > existence and details of the
> > vulnerability.
> >
> > Vendor Confirmed: The
> > vendor has confirmed the
> > vulnerability.
> >
> > Class: The class of vulnerability.
> > Possible values are:
> > Boundary Condition Error,
> > Access Validation Error,
> > Origin Validation Error,
> > Input Valiadtion Error,
> > Failure to Handle
> > Exceptional Conditions, Race
> > Condition Error,
> > Serialization Error, Atomicity
> > Error, Environment Error,
> > and Configuration Error.
> >
> > Ease: Rates how easiliy the
> > vulnerability can be
> > exploited. Possible
> > values are: No Exploit
> > Available, Exploit
> > Available, and No Exploit
> > Required.
> >
> > Impact: Rates the impact of the
> > vulnerability. It's range
> > is 1 through 10.
> >
> > Severity: Rates the severity of the
> > vulnerability. It's range
> > is 1 through 10. It's
> > computed from the impact
> > rating and remote flag.
> > Remote vulnerabiliteis with
> > a high impact rating
> > receive a high severity
> > rating. Local
> > vulnerabilities with a low impact
> > rating receive a low
> > severity rating.
> >
> > Urgency: Rates how quickly you should
> > take action to fix or
> > mitigate the vulnerability.
> > It's range is 1 through
> > 10. It's computed from the
> > severity rating, the
> > ease rating, and the
> > credibility rating. High
> > severity vulnerabilities
> > with a high ease rating,
> > and a high confidence rating
> > have a higher urgency
> > rating. Low severity
> > vulnerabilities with a low
> > ease rating, and a low
> > confidence rating have a
> > lower urgency rating.
> >
> > Last Change: The last change made
> > to the vulnerability
> > information.
> >
> > Vulnerable Systems: The list of vulnerable
> > systems. A '+' preceding a
> > system name indicates
> > that one of the system
> > components is vulnerable
> > vulnerable. For example,
> > Windows 98 ships with
> > Internet Explorer. So if a
> > vulnerability is found in IE
> > you may see something
> > like: Microsoft Internet
> > Explorer + Microsoft
> > Windows 98
> >
> > Non-Vulnerable Systems: The list of non-vulnerable
> > systems.
> >
> > Summary: A concise summary of the
> > vulnerability.
> >
> > Impact: The impact of the
> > vulnerability.
> >
> > Technical Description: The in-depth description of
> > the vulnerability.
> >
> > Attack Scenarios: Ways an attacker may make
> > use of the vulnerability.
> >
> > Exploits: Exploit intructions or
> > programs.
> >
> > Mitigating Strategies: Ways to mitigate the
> > vulnerability.
> >
> > Solutions: Solutions to the
> > vulnerability.
> >
> > Credit: Information about who
> > disclosed the vulnerability.
> >
> > References: Sources of information on
> > the vulnerability.
> >
> > Related Resources: Resources that might be of
> > additional value.
> >
> > ChangeLog: History of changes to the
> > vulnerability record.
> >
> >
> --------------------------------------------------------------------------
-
> >
> > Copyright 2001
> > SecurityFocus.com
> >
> >
> >
> >
> >
> > ----------
> > SecurityFocus - the leading provider of Security
> > Intelligence Services for
> > business.
> > Visit our website at www.securityfocus.com
> >
> > EnvoyWorldWide, Inc.
> > Business-Critical Communications for the wired and
> > wireless world.
> > Visit our website at www.envoyww.com
>
>
> __________________________________________________
> Do You Yahoo!?
> Buy the perfect holiday gifts at Yahoo! Shopping.
> http://shopping.yahoo.com
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>