-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Thursday, December 12, 2002 6:53 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/12/02 December 11, CERT/CC Vulnerability Note VU#810921 -- Cobalt RaQ4 contains vulnerability allowing remote root compromise. A remotely exploitable vulnerability exists in Cobalt RaQ 4 Server Appliances with the Security Hardening Package (SHP) installed. The Cobalt RaQ 4 is a Sun Server Appliance. Sun describes the Cobalt RaQ4 as follows: The Cobalt RaQTM4 is a server appliance that provides a dedicated Web-hosting platform and offers new capabilities for high-traffic, complex Web sites and e-commerce applications. The RaQ 4 server appliance offers a full suite of Internet services with remote administration capabilities, pre-packaged in a single rack-unit (1RU) industry-standard enclosure. The RaQ 4 is pre-configured with Apache Web server, Sendmail, File Transfer Protocol (FTP) server, Domain Name System (DNS), the Linux operating system, FrontPage Server extensions, and support for Active Server Pages (ASP), PHP and common gateway interface (CGI) scripts. A remotely exploitable vulnerability in the SHP may allow a remote attacker to execute arbitrary code on a Cobalt RaQ 4 server appliance. The vulnerability occurs in a cgi script that does not properly filter input. Specifically, overflow.cgi does not adequately filter input destined for the email variable. Source. http://www.kb.cert.org/vuls/id/810921 December 10, CERT/CC Vulnerability Note VU#210409 -- Multiple FTP clients contain directory traversal vulnerabilities. Multiple File Transfer Protocol (FTP) clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. In a typical file transfer operation, one participant (the client) requests a file while a second participant (the server) provides the requested file. Before processing each request, many server implementations will consult an access control policy to determine whether the client should be permitted to read, write, or create a file at the requested location. If the client is able to craft a request that violates the server's access control policy, then the server contains a vulnerability. Since most vulnerabilities of this type involve escaping a restricted set of directories, they are commonly known as "directory traversal" vulnerabilities. Directory traversal vulnerabilities are most often reported in server implementations, but recent research into the behavior of FTP clients has revealed several vulnerabilities in various FTP client implementations. To exploit these vulnerabilities, an attacker must convince the FTP client user to access a specific FTP server containing files with crafted filenames. Source. http://www.kb.cert.org/vuls/id/210409 Virus: #1 Virus in USA: WORM_FRIENDGRT.B Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 25(smtp); 4662; 8080(webcache); 445(microsoft-ds); 139(netbios-ssn); 27374(asp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 08:48:41 PST