Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 25
June 28, 2004

SANS Newsletters Home

A very tough week for vulnerable web sites using Microsoft IIS and for worried Internet Explorer users concerned about whether keystroke loggers were installed on their systems to steal credit cards and passwords. The biggest issue facing the web site victims is whether to go public to warn individual users that they might have been exploited. Those who don't warn their users risk both reputational and legal liability. Those who do tell are also at risk. The entire debacle reminds us of the enormous danger created when a software vendor persuades thousands of clients that installing a web site is so easy "anyone can do it." When that same vendor doesn't take responsibility for securing the systems installed by "anyone," lots of people are put at risk. (#6 in Part I) Lotus Notes users also were busy patching their systems quickly this week. (#2 in Part I)

Jeff Kirby from Cornell University graciously suggested an improved design for @RISK bringing more of the timely information to the front and pushing the static information to the back, plus other improvements. Tell us if you like it or you would rather we return to the old design.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1 (#6)
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 2 (#2)
    • Linux
    • 7 (#5)
    • Solaris
    • 2 (#1, #3)
    • UNIX
    • 4
    • Novell
    • 1
    • Cross Platform
    • 3
    • Web Application
    • 8 (#4)
    • Network Device
    • 6 (#1)

******************** Security Training Update *************************

SANS largest Fall conference will be in Las Vegas this year - September 28 to October 6. The brochures will arrive in a week or so with seventeen immersion tracks and special one day programs and a big vendor expo. http://www.sans.org/ns2004

***********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Unix
Novell
Cross Platform
Web Application
Network Device
PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: ISC DHCP Buffer Overflow Vulnerabilities
  • Affected: DHCP daemon versions 3.0.1rc12 and 3.0.1rc13

  • Description: ISC's freely redistributable implementation of DHCP protocol includes a DHCP server, a DHCP client and a DHCP relay agent. This DHCP implementation ships with many operating systems and networking products. Specifically, the DHCP server, contains the following buffer overflows: 1) A malicious client can trigger a buffer overflow via DHCP "DISCOVER" or "REQUEST" packets that contain multiple "hostname" options. The "hostname" option allows a DHCP client to provide its host name to the DHCP server, which is logged by the server. The problem occurs because a malicious client can send multiple "hostname" options in a DHCP packet. The multiple hostnames are concatenated that leads to overflowing a fixed size buffer. This stack-based buffer overflow can be exploited to cause a DoS to the DHCP server, and possibly execute arbitrary code on the server with root privileges. 2) The "vsnprint" and "vsprintf" C functions copy variable arguments into a buffer according to a specified format string, with the difference that the "vsnprintf" function does bounds checking on the number of bytes copied, whereas "vsprintf" does not. On certain platforms "vsnprintf" support is not available. Hence, on these platforms the DHCP server may contain buffer overflows due to the lack of bounds checking on the client-supplied data. The technical details required to exploit these vulnerabilities have been posted. Note that in order to exploit the flaws remotely, an attacker may need to correctly guess the range of IP addresses being leased by the targeted DHCP server.

  • Status: Vendor confirmed, upgrade to version 3.0.1rc14. For a complete list of vulnerable vendors, please refer to the CERT advisory. A workaround is to block access to the DHCP server (port 67/udp) at the network perimeter.

  • Council Site Actions: The affected software or version of software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (2) MODERATE: IBM Lotus Notes URI Handling Vulnerability
  • Affected: Lotus Notes version 6.0.3 and 6.5

  • Description: The Lotus Notes software suite is designed to provide users a single access point to frequently used applications like e-mail, calendar, instant messaging and web browser. The software installs a URI handler that interprets URIs beginning with "notes:". This URI handler contains a remote command injection vulnerability. The problem occurs because the URI handler passes the "notes:" URI as an argument to the "notes.exe" program without sufficient sanitization. A malicious webpage or an email may exploit this flaw to invoke the "notes.exe" program with additional command-line options. The posted advisory shows how the command-line options can be used to run malicious DLLs, which may lead to the client compromise.

  • Status: Vendor confirmed, upgrade to version 6.0.4 or 6.5.2. A workaround is to remove the "registry key" for the "notes:" URI handler. Another possible workaround is to block access to the ports 139/tcp and 445/tcp at the network perimeter, which will prevent access to the attacker specified Lotus notes configuration file.

  • Council Site Actions: Only two of the reporting council sites are running the affected software. One site has already implemented the work around. They will deploy the patch during their next regularly scheduled system update process. The second site only has a handful of systems running the affected software. They believe the maintainers of their Lotus Notes installations stay up-to-date with patches. They also block ports 139 and 445 at their network security perimeters. Given these two conditions, they don't plan further action at this time.

  • References:
Other Software
  • (3) HIGH: rlprd Format String Vulnerability
  • Affected: rlpr version 2.0.4

  • Description: rlpr package includes printing utilities that offer enhanced functions compared to the "lpr", "lprm" and "lpq" programs on UNIX platforms. The rlprd server is a proxy that runs between the "rlpr" clients and the standard "lpd" printers. This server, which runs on port 7290/tcp by default, contains a format string vulnerability. An unauthenticated attacker can trigger the flaw by specifying a format string such as "%1" in the first 64 bytes of data to the server. The flaw can be exploited to execute arbitrary code with the rlprd privileges. An exploit has been publicly posted.

  • Status: Vendor confirmed, patches available.

  • Council Site Actions: Only one of the reporting council sites is running the affected software, but only on a handful of systems. The only action they have planned at this time is to scan their network to see if any machines have open connections on port TCP 7290. They don't believe that their Debian administrators would select rlprd as the default printer daemon.

  • References:
  • (4) MODERATE: PHP-Nuke Journal Module SQL Injection
  • Affected: PHP-Nuke version 7.x

  • Description: PHP-Nuke, a popular open-source portal, contains a SQL injection vulnerability in the "Journal" module's "search.php" script. An attacker can exploit the flaw by specifying arbitrary SQL statements in the script's "forwhat" parameter. This may lead to the back-end database and/or the portal compromise. The posted advisory shows how to craft an HTTP query to extract the portal administrator password's md5 hash.

  • Status: Vendor not confirmed, no patches available.

  • Council Site Actions: Only two of the reporting council sites are running the affected software. One site plans no action at this time since the number of affected systems is very low and the system owners are typically good at keeping the systems up to date. The second site plans to install the patches during their next regularly scheduled system update process. In the mean time, they have notified their UNIX support team.

  • References:
  • (5) MODERATE: Asterisk Logging Format String Vulnerabilities
  • Affected: Asterisk version 0.7.x

  • Description: Asterisk, a Linux based open-source telephony software, contains multiple format string vulnerabilities in its logging functions. The flaws may be exploited to crash the Asterisk server and possibly execute arbitrary code. A proof-of-concept exploit has been publicly posted.

  • Status: Vendor confirmed, upgrade to version 0.9.0 Council Site Actions:The affected software or version of software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3474 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.25.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Non-FQDN URL Address Zone Bypass
  • Description: An issue with Microsoft Internet Explorer (IE) has been reported that would allow malicious web-sites to bypass the zone security settings. A specially crafted non-FQDN URL will trick IE into browsing content with less restrictive settings. All current versions of IE are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/366490
  • 04.25.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZoneAlarm Mobile Code Filter Bypass
  • Description: ZoneAlarm Pro is a firewall for Microsoft Windows. It supports a "Mobile Code" filter designed to block potentially dangerous active web content. The "Mobile Code" filter fails to analyze active content from web sites that are viewed using the HTTPS protocol. ZoneAlarm Pro version 5.0.590.015 is affected.
  • Ref: http://www.kurczaba.com/securityadvisories/0406214.htm
  • 04.25.3 - CVE: CAN-2004-0480
  • Platform: Third Party Windows Apps
  • Title: Lotus Notes URL Handler Remote Code Execution
  • Description: Lotus Notes, a groupware application, has been identified to be vulnerable to a URL handler issue. Lotus Notes URL handlers are subject to an input sanitization weakness. A specially crafted URL, when followed, will execute attacker supplied DLL code. Current versions of Lotus Notes are reported to be vulnerable.
  • Ref: http://seclists.org/lists/fulldisclosure/2004/Jun/0799.html
  • 04.25.4 - CVE: Not Available
  • Platform: Linux
  • Title: Asterisk PBX Logging Format String Vulnerabilities
  • Description: Asterisk is a PBX system developed for Linux. It has been revealed that Asterisk is subject to multiple format string vulnerabilities. The problem is found in its insufficient sanitization inside of its logging functions. Asterisk versions 0.7.0 through 0.7.2 have been reported to be vulnerable.
  • Ref: http://www.penguin-skills.com/index.php?action=view&id=99
  • 04.25.5 - CVE: CAN-2004-0451
  • Platform: Linux
  • Title: Sup Remote Syslog Format String Vulnerability
  • Description: Sup is an application that allows collections of files to be synchronized across multiple systems. It is vulnerable to a remotely exploitable format string vulnerability. The issue exists due to insecure usage of the "syslog()" function. Attackers exploiting this weakness could to execute arbitrary code. Debian Linux version 3.0 and Sup version 1.8 are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-06/0361.html
  • 04.25.6 - CVE: Not Available
  • Platform: Linux
  • Title: TildeSlash Monit Authentication Buffer Overflow
  • Description: TildeSlash is a system and network monitoring utility. It is reported that TildeSlash is vulnerable to a stack based buffer overflow during authentication handling. The issue exists due to improper length validation of the "username" field. TildeSlash Monit versions 4.2 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10581/info/
  • 04.25.7 - CVE: CAN-2004-0461
  • Platform: Linux
  • Title: ISC DHCPD vsnprintf() Buffer Overflow
  • Description: ISC DHCPD is reported vulnerable to remotely exploitable buffer overflows. This issue expresses itself when DHCPD discards the size argument from the "vsnprintf()" library call on systems that lack the "vsnprintf()" function. Successful exploitation of this issue may lead to a denial of service or remote code execution. This issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13.
  • Ref: http://www.us-cert.gov/cas/techalerts/TA04-174A.html
  • 04.25.8 - CVE: Not Available
  • Platform: Linux
  • Title: gzexe Temporary File Command Execution
  • Description: GNU gzexe is reportedly vulnerable to a privilege escalation issue. If the creation of a temporary file fails when using gzexe, instead of bailing out, it executes the command given as argument. An attacker could thereby have an unsuspecting user execute an arbitrary file when decompression fails this way. This issue was reported for version 1.3.3 of gzip.
  • Ref: http://article.gmane.org/gmane.linux.gentoo.announce/376
  • 04.25.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel IEEE 1394 Integer Overflow Vulnerability
  • Description: The IEEE 1394 driver implements access to the IEEE 1394 high speed serial bus. The Linux kernel driver for IEEE 1394 is subject to an integer overflow vulnerability. Successful exploitation could lead to system crash, or possible arbitrary code execution. The driver is included in the latest stable versions of the 2.4 and 2.6 branches.
  • Ref: http://secunia.com/advisories/11931/
  • 04.25.10 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow
  • Description: The Broadcom Cryptonet BCM5820 is a hardware cryptography accelerator device. The bcm5820 Linux kernel driver contains an integer overflow vulnerability that could lead to a system crash, or possible code execution. Redhat 8 with Linux kernel 2.4.20 is known to include the vulnerable driver.
  • Ref: http://secunia.com/advisories/11936/
  • 04.25.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris Basic Security Module Denial of Service Vulnerability
  • Description: Local unprivileged users may be able to panic Solaris systems with Basic Security Module (BSM) enabled causing a denial of service. This issue can only occur on systems where BSM has been configured to audit the Administrative audit class "ad" or the System-Wide Administration audit class "as".
  • Ref: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57497
  • 04.25.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun StorEdge ESM Unspecified Privilege Escalation Vulnerability
  • Description: A local unprivileged user may be able to gain unauthorized root access on systems with Sun StorEdge Enterprise Storage Manager (ESM) 2.1 installed. This issue only occurs when a non-root user has been assigned the "ESMUser" role on the management station.
  • Ref: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57581
  • 04.25.13 - CVE: Not Available
  • Platform: Unix
  • Title: rssh Information Disclosure Vulnerability
  • Description: rssh is a shell that restricts users to utilizing scp or sftp. When a user inside the chroot jail uses a wildcard to copy all files in a directory, an error message is returned for all files that exist outside the chroot jail. This will allow the user to identify files outside of the chroot environment. rssh versions 2.0 to 2.1.x are affected.
  • Ref: http://www.securityfocus.com/archive/1/366691
  • 04.25.14 - CVE: Not Available
  • Platform: Unix
  • Title: Multiple ircd Socket Dequeuing Denial of Service
  • Description: Due to faulty logic in the socket dequeuing mechanism used in "hybrid 7" and the derivated "ircd-ratbox", it is possible to severely lag an IRC server using a low-bandwidth denial of service attack. ircd-hybrid versions 7.0.1 and earlier, ircd-ratbox versions 1.5.1 and earlier, and ircd-ratbox versions 2.0rc6 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/366486
  • 04.25.15 - CVE: CAN-2004-0393, CAN-2004-0454
  • Platform: Unix
  • Title: rlpr Multiple Vulnerabilities
  • Description: rlpr is a utility to print files on remote sites to a local printer. Insufficient sanitization of user supplied data in the "msg()" function exposes format string and buffer overflow vulnerabilities. rlpr versions 2.04 and prior are affected by these issues.
  • Ref: http://felinemenace.org/advisories/rlprd
  • 04.25.16 - CVE: CAN-2004-0576
  • Platform: Unix
  • Title: Radius SNMP Remote Denial of Service
  • Description: GNU Radius is an authentication and accounting server that includes support for Simple Network Management Protocol (SNMP). By sending a specially crafted SNMP packet with an invalid Object ID (OID), an attacker can crash the server resulting in a denial of service condition. The Radius server is only vulnerable if it was compiled with the "-enable-snmp" option. GNU Radius version 1.1 is known to be vulnerable.
  • Ref: http://www.idefense.com/application/poi/display?id=110&type=vulnerabilities
  • 04.25.17 - CVE: Not Available
  • Platform: Novell
  • Title: Novell iChain SNMP Information Disclosure
  • Description: Novell iChain Server is a security product for managing network security access controls. iChain implements a web server with limited functionality. The iChain server uses the "public" community string for read-only access. A remote attacker could leverage this to gather sensitive information.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762. htm
  • 04.25.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Epic Games Unreal Engine Memory Corruption
  • Description: Epic Game(tm)s Unreal Engine is a 3D game engine used by "Unreal" and other games. Insufficient sanitization of user supplied input via the "secure" query in the UDP packet causes memory corruption, leading to a denial of service.
  • Ref: http://aluigi.altervista.org/adv/unsecure-adv.txt
  • 04.25.19 - CVE: CAN-2004-0460
  • Platform: Cross Platform
  • Title: ISC DHCPD Logging Buffer Overflow
  • Description: ISC DHCPD has been reported to be subject to a remotely exploitable buffer overflow vulnerability. The issue presents itself when DHCPD logs hostname options provided by DHCP clients. Correctly exploited this vulnerability would allow the execution of attacker supplied code. ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13 have been reported to be vulnerable.
  • Ref: http://www.us-cert.gov/cas/techalerts/TA04-174A.html
  • 04.25.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: giFT-FastTrack Remote Denial of Service
  • Description: giFT-FastTrack is a module for the giFT file sharing daemon. Insufficient sanitization of user supplied input in "string_sep()" function of the "src/fst_http_header.c" file causes the application to crash. giFT-FastTrack versions 0.8.6 and earlier are affected.
  • Ref: http://gift-fasttrack.berlios.de/
  • 04.25.21 - CVE: CAN-2004-0455
  • Platform: Web Application
  • Title: www-sql Include Command Buffer Overflow
  • Description: www-sql is a web-based application that translates database contents into HTML documents for remote viewing. It is reportedly vulnerable to a buffer overflow condition in its remote CGI script include functionality. Properly exploited, this could allow a malicious user to execute arbitrary code. www-sql version 0.5.7 has been reported to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/6876
  • 04.25.22 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP-Rider Cookie Administrative Access Vulnerability
  • Description: ASP-Rider is a weblogging application. Insufficient sanitization of malformed cookies exposes an issue that allows a remote attacker to gain administrative access. ASP-Rider version 1.6 is affected.
  • Ref: http://www.securitytracker.com/alerts/2004/Jun/1010549.html
  • 04.25.23 - CVE: Not Available
  • Platform: Web Application
  • Title: osTicket Remote Command Execution
  • Description: osTicket is an open source support ticket system. It is vulnerable to a remote command execution attack. An attacker can attach a malicious PHP script to a ticket and then make an HTTP request to execute it.
  • Ref: http://www.securityfocus.com/archive/1/366686
  • 04.25.24 - CVE: Not Available
  • Platform: Web Application
  • Title: SqWebMail Email Header HTML Injection
  • Description: SqWebMail is reportedly vulnerable to an HTML injection issue. This is due to insufficient sanitization of user-supplied email header strings. This can be used by an attacker to execute malicious scripts in a victim's browser when an email message with full headers is viewed. SqWebMail version 4.0.4.20040524 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/366595
  • 04.25.25 - CVE: Not Available
  • Platform: Web Application
  • Title: ArbitroWeb Cross-Site Scripting vulnerability
  • Description: ArbitroWeb is an anonymous web surfing proxy written in PHP. ArbitroWeb is vulnerable to a cross-site scripting issue in its rawURL URI parameter. ArbitroWeb versions 0.5 and 0.6 are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/366757
  • 04.25.26 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke Multiple Vulnerabilities
  • Description: PHP-Nuke is reportedly vulnerable to multiple security issues including cross-site scripting, script injection and SQL injection attacks. These issues occur due to insufficient user-input sanitization in various PHP scripts in the package. All current versions of the package are reported to be vulnerable.
  • Ref: http://www.waraxe.us/index.php?modname=sa&id=33
  • 04.25.27 - CVE: Not Available
  • Platform: Web Application
  • Title: php-exec-dir Command Access Restriction Bypass
  • Description: php-exec-dir is a patch that allows PHP to specify a directory that contains binary files. PHP will not be able to execute files outside of this directory. Insufficient sanitization of the ";" character allows malicious users to execute files outside of the specified directory. All current versions are affected.
  • Ref: http://secunia.com/advisories/11928/
  • 04.25.28 - CVE: Not Available
  • Platform: Web Application
  • Title: VBulletin HTML Injection Vulnerability
  • Description: VBulletin is a PHP based bulletin board application. An HTML injection vulnerability exists due to insufficient sanitization of user supplied input in the "newreply.php" and "newthread.php" scripts. VBulletin version 3.0.1 is vulnerable and other versions may be affected as well.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-06/0386.html
  • 04.25.29 - CVE: Not Available
  • Platform: Network Device
  • Title: Infoblox DNS One Script Injection Vulnerability
  • Description: The Infoblox DNS One network device provides a web interface to manage DNS and DHCP services. It is reportedly vulnerable to a script injection issue. This is due to insufficient sanitization of the "HOSTNAME" and "CLIENTID" options of DHCP requests. Scripts injected in this manner will be saved in the device log and executed when the log is viewed by the administrator.
  • Ref: http://www.securityfocus.com/archive/1/366506
  • 04.25.30 - CVE: Not Available
  • Platform: Network Device
  • Title: netHSM Passphrase Information Disclosure
  • Description: nCipher Network Hardware Security Module (netHSM) is reportedly vulnerable to a password disclosure issue. Passphrases entered in the front-panel of the device are appended to the system log. With improper physical security, an attacker could harvest the passwords from the device. This issue is fixed in netHSM firmware version 2.1.12cam5.
  • Ref: http://www.ncipher.com/support/advisories/advisory10.htm
  • 04.25.31 - CVE: Not Available
  • Platform: Network Device
  • Title: Netgear FVS318 Router Denial of Service
  • Description: It has been reported that the FVS318 router has a denial of service issue in its web administration interface. The problem lies in its handling of concurrent TCP connections. After seven connections the router will stop accepting additional connections, thus denying legitimate users access.
  • Ref: http://www.securityfocus.com/archive/1/366601
  • 04.25.32 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link AirPlus DHCP Log HTML Injection
  • Description: D-Link AirPlus is a wireless broadband router series. It is reported to be vulnerable to an HTML injection issue. Malicious HTML scripts injected into the DHCP log will be executed when the administrator views the log files. D-Link Dl-704 firmware version 2.60b2 and DI-614+ versions 2.18 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/366615
  • 04.25.33 - CVE: Not Available
  • Platform: Network Device
  • Title: BT Voyager 2000 SNMP Information Disclosure
  • Description: BT Voyager 2000 Wireless ADSL Router is prone to an information disclosure issue. It is reported that the "public" SNMP community string with OID "23.2.3.1.6.5.1" contains the plaintext password to the administrative interface. All current firmware versions are reported to be affected.
  • Ref: http://www.securityfocus.com/archive/1/366780/2004-06-20/2004-06-26/0
  • 04.25.34 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com SuperStack Web Interface Denial of Service
  • Description: 3Com SuperStack switches are vulnerable to a denial of service issue due to a failure in handling specially crafted packets. SuperStack 3 Switch 4400 (3C17203, 3C17204), SuperStack 3 Switch 4400 SE (3C17206), SuperStack 3 Switch 4400 PWR (3C17205), SuperStack 3 Switch 4400 FX (3C17210) are known to be vulnerable.
  • Ref: http://secunia.com/advisories/11934/

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner. ______________________________________________________________________

Why @RISK is so timely and comprehensive

Part I - the critical vulnerabilities - is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/ cva/#process"> http://www.sans.org/newsletters/ cva/#process Archives at http://www.sans.org/newsletters/

Part II - the comprehensive list of all newly discovered vulnerabilities - - is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3493 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other than listed above, without prior written permission.

We just purchased Securing the Human, which I think is the best I have ever seen. In addition it's backed up by SANS extensive experience and knowledge base in infosec.
-- Karen McDowell

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage