Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: III, Issue: 31
August 9, 2004

SANS Newsletters Home

A light week for all, especially after patching the systems for the unscheduled Microsoft patch MS04-025.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Third-Party Windows Apps
    • 4 (#2, #4)
    • Linux
    • 1
    • Unix
    • 3 (#6)
    • Cross Platform
    • 11 (#1, #3, #5)
    • Web Application
    • 15
    • Network Device
    • 2

******************** Security Training Update *************************

Featured Security Training Program: SANS Network Security 2004 Las Vegas, NV September 28 - October 6, 2004

The largest training conference in the world with 16 immersion training tracks and a large security exposition. Great courses for security managers and CISOs, for security experts, for auditors, for forensics scientists, and even for those just starting out. And Las Vegas is a great place to visit in the fall.

Register soon to get a seat at your choice of courses. http://www.sans.org/ns2004

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application
Network Device

************************** SPONSORED LINK ***************************

Receive a FREE T-shirt after evaluating Enterprise Security Reporter from ScriptLogic http://www.sans.org/info.php?id=547

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
Other Software
  • (2) HIGH: Sapporo Works BlackJumboDog FTP Server Buffer Overflow
  • Affected: BlackJumboDog version 3.6.1 and possibly prior

  • Description: BlackJumboDog, a Windows based FTP, mail and web-proxy server in Japanese, contains multiple stack-based buffer overflows in its FTP server component. The problems arise because the server does not validate the length of the FTP command arguments. An unauthenticated attacker can pass an overlong argument (over 256 bytes) to the FTP "USER" command, and execute arbitrary code on the server. Exploit code has been publicly posted.

  • Status: Vendor confirmed, upgrade to version 3.6.2.

  • Council Site Actions: The affected software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (4) MODERATE: MailEnable HTTP Content-Length Overflow
  • Affected: MailEnable version 1.19 and prior

  • Description: MailEnable, a Windows based mail server, provides HTTPMail services. HTTPMail is a protocol that uses HTTP webDAV extensions, and can be used as an alternative to POP3 and SMTP protocols. MailEnable's HTTPMail service runs on port 8080/tcp by default. This service reportedly contains a buffer overflow that can be triggered by an HTTP request with a "Content-Length" header longer than 64 bytes. The overflow can be exploited to possibly execute arbitrary code (not confirmed). The technical details regarding the vulnerability have been posted.

  • Status: Vendor not confirmed, no updates available.

  • Council Site Actions: The affected software is not in production or widespread use at any of the council sites. They reported that no action was necessary.

  • References:
  • (5) LOW: Mozilla Browsers User Interface Spoofing
  • Affected:
    • Mozilla versions prior to 1.7.2Firefox versions prior to 0.9.3

  • Description: This vulnerability provides a way for an attacker to spoof the identity of a malicious site such that it appears to be a trusted site. The problem occurs because Mozilla does not prevent a webpage from using arbitrary XML user interface(XUL) files. These XUL files can be used to display attacker specified values for the tool bar, address bar, SSL certificate etc. Hence, the flaw can be exploited to conduct phishing attacks and steal sensitive user information. A proof-of-concept webpage that appears to be the "PayPal webpage" has been posted.

  • Status: Vendor confirmed, upgrade to Mozilla 1.7.2 and Firefox 0.9.3. Users should be advised not to follow links in suspicious webpages or emails.

  • Council Site Actions: The council sites reported their action on this vulnerability item is the same as for Item 1 above.

  • References:
Patches
  • (6) HIGH: SGI IRIX CDE dtlogin Double Free Vulnerability

  • Council Site Actions: Only two of the reporting council sites are using the affected software. One site notified their small number of SGI users of the problem and advised them to patch as appropriate. The other site also has a small number of SGI/IRIX systems. However, their systems are not listening on UDP port 177 and thus are not vulnerable to the XDMCP remote attack. Since their SGI system administrations receive patch alerts via SGI's service, they presume the patches have already been installed.

  • References:
Exploit Code
  • (7) HIGH: Microsoft Internet Explorer Multiple Vulnerabilities
  • Affected:
    • Internet Explorer version 5.01, 5.5 and 6.0
    • Description
    • Microsoft released a cumulative update, MS04-025, which fixes multiple
    • vulnerabilities in the Internet Explorer. These vulnerabilities can be
    • exploited by a malicious webpage or an HTML email to compromise a client
    • system.
    • (a) Internet Explorer contains a cross-domain vulnerability that can be
    • triggered when handling a frame, a "modal dialog box" that is invoked
    • from the frame, and a webserver "redirect" that points to a local file
    • on the client computer. This vulnerability can be exploited to execute
    • arbitrary code on the client system. The flaw has been leveraged in the
    • wild by the "JS.Scob" Trojan. The exploit code has been publicly posted
    • since early June 2004.
    • (b) Internet Explorer contains an integer overflow vulnerability that
    • can be triggered by a specially crafted bitmap (.bmp) image file. A
    • malicious webpage can exploit this flaw to possibly execute arbitrary
    • code on a client system with the privileges of the currently logged-on
    • user. A proof-of-concept bitmap file has been publicly posted since
    • February 2004.
    • (c) Internet Explorer contains a "double free" vulnerability (the flaw
    • resulting from the same memory being freed twice) that is triggered by
    • certain GIF files. The flaw can be exploited by a malicious webpage to
    • possibly compromise a client system. The "double free" bugs are known
    • to be platform dependant and harder to exploit. Hence, a large-scale
    • attack leveraging this vulnerability is unlikely. The technical details
    • regarding the flaw have been posted since 2003.

  • Status: Microsoft has confirmed all the vulnerabilities. The patch MS04-025 should be installed on an expedited basis.

  • Council Site Actions: All of the council sites are responding to this group of vulnerabilities. Some sites have already started distributing the patches and a few sites have completed the process. The remaining sites will install the patches during their next regularly scheduled system update process.

  • References: Microsoft Advisory
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2004

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3630 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 04.31.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BlackJumboDog FTP Server Buffer Overflow
  • Description: SapporoWorks BlackJumboDog is a proxy that includes FTP service as part of its functionality. It is vulnerable to a buffer overflow weakness in its FTP component due to insufficient input sanitization. BlackJumboDog version 3.6.1 is reported to be vulnerable.
  • Ref: http://www.security.org.sg/vuln/bjd361.html
  • 04.31.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable Content-Length Header Denial of Service
  • Description: MailEnable is a POP3 and SMTP server. Insufficient sanitization of the "Content-Length" HTTP header parameter exposes a buffer overflow issue in the application. MailEnable Professional version 1.x is affected.
  • Ref: http://www.securityfocus.com/archive/1/370629
  • 04.31.3 - CVE: CAN-2004-0766,CAN-2004-0767
  • Platform: Third Party Windows Apps
  • Title: StackDefender Invalid Pointer Dereference Denial of Service
  • Description: StackDefender is intrusion prevention software designed to protect against memory corruption vulnerabilities. It is reported to be vulnerable to a weakness that may permit attackers to crash the computer. The issue may be triggered when the program attempts to dereference an invalid pointer. StackDefender version 2.0 is reported to be vulnerable.
  • Ref: http://www.idefense.com/application/poi/display?id=118&type=vulnerabilities&
    amp;flashstatus=true
  • 04.31.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PuTTY Remote Buffer Overflow
  • Description: PuTTY is a free Telnet and SSH client. It has been reported that PuTTY is subject to a pre-authentication buffer overflow that can allow malicious servers to execute code on a client machine as it attempts to negotiate connection. PuTTY 0.54 and previous versions are vulnerable.
  • Ref: http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
  • 04.31.5 - CVE: CAN-2004-0494
  • Platform: Linux
  • Title: Gnome VFS
  • Description: It has been reported that a vulnerability in Gnome VFS can be exploited resulting in system compromise. The vulnerability is caused due to unspecified errors within the "extfs" backend scripts. RedHat has released an update that fixes this vulnerability.
  • Ref: http://rhn.redhat.com/errata/RHSA-2004-373.html
  • 04.31.6 - CVE: Not Available
  • Platform: Unix
  • Title: Citadel/UX Username Buffer Overflow
  • Description: Citadel/UX is a BBS package. Insufficient sanitization of the "USER" command exposes a buffer overflow issue in the application. Citadel/UX versions 4.x and 5.x are affected.
  • Ref: http://www.nosystem.com.ar/advisories/advisory-04.txt
  • 04.31.7 - CVE: Not Available
  • Platform: Unix
  • Title: Webbsyte Chat Denial of Service
  • Description: Webbsyte Chat, a network chat application, is reportedly vulnerable to a denial of service condition. This issue is exposed when multiple simultaneous TCP connections are made to the chat server. Webbsyte Chat version 0.9 was reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10842/info/
  • 04.31.8 - CVE: Not Available
  • Platform: Unix
  • Title: Acme thttpd Directory Traversal Vulnerability
  • Description: Acme thttpd is an HTTP server. It has been reported that the Windows port of thttpd is subject to a directory traversal issue due to insufficient sanitization of URL data. Requests that contain drive letters or backslash characters will not be properly sanitized, allowing remote users access to files located outside the document root of the http server. thttpd version 2.07 beta 0.4 is considered vulnerable.
  • Ref: http://packetstormsecurity.nl/0408-exploits/thttp207.txt
  • 04.31.9 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gnu Transport Layer Security Library Denial Of Service
  • Description: Gnu Transport Layer Security Library (GnuTLS) is a library which attempts to provide a secure layer, over a reliable transport layer. It is reported to be vulnerable to a X.509 certificate verification denial of service. The issue exists due to a design error that causes the application to attempt to verify invalid X.509 certificates. GnuTLS versions prior to 1.0.17 are considered to be vulnerable.
  • Ref: http://www.hornik.sk/SA/SA-20040802.txt
  • 04.31.10 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Directory Server LDACGI Directory Traversal
  • Description: IBM Tivoli Directory Server is a multi-platform Lightweight Directory Access Protocol (LDAP) server. Insufficient sanitization of the "../" character sequence in the "Template" URL parameter of the "lsacgi" script exposes a directory traversal issue. IBM Tivoli versions 3.2.2 and 4.1 are affected.
  • Ref: http://www.oliverkarow.de/research/IDS_directory_traversal.txt
  • 04.31.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla and Netscape SOAPParameter Integer Overflow
  • Description: Mozilla and Netscape web browsers contain an integer overflow vulnerability in the SOAPParameter object constructor. This results in the corruption of critical heap memory structures, leading to possible remote code execution. Netscape versions 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are affected.
  • Ref: http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
  • 04.31.12 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Java Runtime Environment Remote XSLT Privilege Escalation
  • Description: The Sun Java Runtime Environment (JRE) supports an Extensible Stylesheet Language Transformation (XSLT) processor to perform XML translation. It has been reported that the JRE is affected by an XSLT access validation vulnerability. An attacker can exploit this vulnerability to allow an untrusted applet to read data from a trusted applet. Sun JRE versions previous to 1.4.2_05 are considered vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/370624
  • 04.31.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ripMIME Attachment Decoding Weakness
  • Description: ripMIME is a MIME decoder. Insufficient sanitization of extra newline characters in the ripMIMEs decoding routine causes the engine to fail to extract attachments. This can lead to attachments not being scanned for viruses. ripMIME version 1.3.2.3 has been released to address this issue.
  • Ref: http://www.pldaniels.com/ripmime/CHANGELOG
  • 04.31.14 - CVE: CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
  • Platform: Cross Platform
  • Title: LibPNG Graphics Library Multiple Vulnerabilities
  • Description: libpng is the official Portable Network Graphics (PNG) reference library. It is reported to be vulnerable to stack-based buffer overrun, denial of service and several integer overrun issues. These issue exist due to improper sanitization of user-supplied input. Users are urged to upgrade to libpng version 1.0.16rc1, as previous versions are considered to be vulnerable.
  • Ref: http://www.libpng.org/pub/png/libpng.html
  • 04.31.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PSCP modpow Base Integer Handling Buffer Overrun
  • Description: PSCP is reportedly vulnerable to a heap-based buffer overrun condition. The issue exists in the "modpow()" function. An attacker could cause a denial of service or even execute arbitrary code on the PSCP client. PSCP versions 0.54 and prior are reported to be vulnerable.
  • Ref: http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
  • 04.31.16 - CVE: CAN-2004-0759
  • Platform: Cross Platform
  • Title: Mozilla HTML Tag Unauthorized Access
  • Description: Mozilla Firefox is a Web browser developed and supported by Mozilla. Mozilla Firefox browser has been reported to be affected by an input type HTML tag unauthorized access vulnerability. This vulnerability could allow access to arbitrary files on the client computer. Mozilla versions 1.7 and earlier are considered vulnerable.
  • Ref: http://xforce.iss.net/xforce/xfdb/16870
  • 04.31.17 - CVE: CAN-2004-0757
  • Platform: Cross Platform
  • Title: Mozilla Browser Remote Heap Overflow
  • Description: Mozilla and Mozilla Thunderbird email clients are reported vulnerable to a remote heap overflow condition. The issue is reported to exist due to a lack of sufficient boundary checks performed on POP3 data handled by the Mozilla "SendUidl()" function. This can be exploited by an attacker controlled POP3 server that returns specially crafted, malformed email messages to the client. Mozilla versions prior to 1.7 and Thunderbird versions prior to 0.7 based on the Windows platform are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/10856/
  • 04.31.18 - CVE: CAN-2004-0765
  • Platform: Cross Platform
  • Title: Mozilla Browser Non-FQDN SSL Certificate Spoofing
  • Description: Insufficient sanitization of non-FQDN certificates in the "cert_TestHostName()" function expose a weakness by which a certificate is validated as safe without warning the user. Firefox versions 0.9 and earlier as well as Mozilla versions 1.7 and earlier are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/16868
  • 04.31.19 - CVE: CAN-2004-0761
  • Platform: Cross Platform
  • Title: Mozilla SSL Redirect Spoofing Vulnerability
  • Description: Mozilla is reportedly vulnerable to an SSL redirect spoofing weakness. Reportedly, if the browser is redirected to an SSL-enabled target site, the SSL lock icon on the browser's status bar is not cleared even if the connection fails. This issue can be used to facilitate phishing style attacks. Mozilla versions prior to 1.7, Mozilla Firebird version 0.7, Mozilla Firefox versions prior to 0.9, and Mozilla Thunderbird versions prior to 0.7 are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/10856/
  • 04.31.20 - CVE: Not Available
  • Platform: Web Application
  • Title: PowerPortal Private Message HTML Injection
  • Description: PowerPortal is a web-based portal implemented in PHP. It is reported to be vulnerable to HTML injection attacks. The issue exists due to improper sanitization of user-supplied input in the "read_message()" function of the "private_messages/index.php" script. PowerPortal versions 1.3, 1.3b and 1.1b are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10835/
  • 04.31.21 - CVE: Not Available
  • Platform: Web Application
  • Title: Fusion News Administrative Module Command Execution
  • Description: FusionPHP Fusion News is a news management system. Insufficient sanitization of user supplied URL parameters of the administrative command interface exposes a command execution issue. FusionPHP versions 3.6.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/370514
  • 04.31.22 - CVE: Not Available
  • Platform: Web Application
  • Title: Webcam Watchdog Cross-Site Scripting
  • Description: Webcam Watchdog is reportedly vulnerable to a cross-site scripting issue. This is due to insufficient sanitization of the "cam" URL parameter supplied to "sresult.exe". This can be used to steal cookie-based authentication credentials from legitimate clients. Webcam Watchdog version 4.0.1a was reported to be vulnerable.
  • Ref: http://members.lycos.co.uk/r34ct/main/Webcam_watchdog_401a.txt
  • 04.31.23 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum Search Script Cross-Site Scripting
  • Description: Phorum is a PHP based web forum package. Insufficient sanitization of the "subject" URL parameter in the "search.php" script exposes a cross-site scripting issue. Phorum version 5.0.7b is reported to be affected.
  • Ref: http://www.securitytracker.com/alerts/2004/Jul/1010787.html
  • 04.31.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Verylost LostBook Message Entry HTML Injection
  • Description: Verylost LostBook is a web-based guestbook application. Insufficient sanitization of user supplied parameters "Email" and "Web page" exposes an HTML injection issue. LostBook versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/370361
  • 04.31.25 - CVE: Not Available
  • Platform: Web Application
  • Title: MyServer Multiple Remote Vulnerabilities
  • Description: MyServer is a server application designed to create a simple interface for providing various file sharing services. It is reported to be vulnerable to cross-site scripting and buffer overflow attacks within its "math_sum.mscgi" example script. These issues are due to improperly sanitized input. MyServer version 0.6.2 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10831/info/
  • 04.31.26 - CVE: CAN-2004-0584
  • Platform: Web Application
  • Title: Horde IMP HTML+TIME HTML Injection Vulnerability
  • Description: IMP is a set of PHP scripts designed to implement a web based IMAP email interface. HTML+TIME is a Microsoft Internet Explorer technology designed to add timing and media synchronization support to HTML pages. It is reported that Horde IMP is affected by an HTML injection vulnerability due to insufficient sanitization of HTML+TIME script. Horde IMP versions 3.0 through 3.2.4 are reported to be vulnerable.
  • Ref: http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109
    &ty=h
  • 04.31.27 - CVE: Not Available
  • Platform: Web Application
  • Title: WHM AutoPilot Username/Password Information Disclosure
  • Description: WHM AutoPilot web-hosting environment administration script. Insufficient authentication checks in the script allow unauthorized users to access username and password information. WHM AutoPilot version 2.x is reported to be affected.
  • Ref: http://secunia.com/advisories/12200/
  • 04.31.28 - CVE: Not Available
  • Platform: Web Application
  • Title: BreakCalendar Multiple Remote Vulnerabilities
  • Description: BreakCalendar is a web-based calendar utility. It is affected by multiple remote vulnerabilities. These issues are due to a failure to sanitize user-supplied input. These issues could allow attackers to effect HTML injection, remote command execution, and cross-site scripting attacks. Versions 1.0 through 1.4 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/10847/
  • 04.31.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Pete Stein GoScript Remote Command Execution
  • Description: GoScript is a web-based layout management application. Insufficient sanitization of shell metacharacters in the "go.cgi" script exposes a command execution issue. GoScript version 2.0 is reported to be vulnerable.
  • Ref: http://packetstormsecurity.nl/0408-exploits/goscript20.txt
  • 04.31.30 - CVE: Not Available
  • Platform: Web Application
  • Title: eNdonesia Search Form Cross-Site Scripting
  • Description: eNdonesia is a PHP based web content management system. Insufficient sanitization of the "query" URL parameter in the "mod.php" script exposes a cross-site scripting issue. eNdonesia versions 8.3 and earlier are affected.
  • Ref: http://echo.or.id/adv/adv02-y3dips-2004.txt
  • 04.31.31 - CVE: Not Available
  • Platform: Web Application
  • Title: Jetbox One Plaintext Password Storage Vulnerability
  • Description: Jetbox One is a web content management application. The software stores credentials in plaintext in a MySQL table, which may allow users with read access to the "user" table to view authentication credentials. Jetbox One versions 2.0.8 and earlier are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/16898
  • 04.31.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Jetbox One Remote Server-Side Script Execution
  • Description: Jetbox One is a web-based content management application. Reportedly, the image module of the application does not enforce file extensions of image files uploaded onto the server. An attacker can spoof a malicious PHP script as an image file, upload and save it with a PHP extension on the server, and later execute it remotely as a server-side script. Version 2.0.8 is reported vulnerable to this issue.
  • Ref: http://echo.or.id/adv/adv03-y3dips-2004.txt
  • 04.31.33 - CVE: Not Available
  • Platform: Web Application
  • Title: WackoWiki TextSearch Cross-Site Scripting
  • Description: WackoWiki is a Wiki-clone. Insufficient sanitization of user-supplied input in the text search form exposes a cross-site scripting issue. WackoWiki versions 3.x and earlier are affected.
  • Ref: http://wackowiki.com/WackoDownload/InEnglish
  • 04.31.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Free Web Chat Multiple Denial of Service Vulnerabilities
  • Description: Free Web Chat is a Java based chat server and client applet. It has been revealed that it is susceptible to multiple denial of service attacks. All current versions are susceptible to the attacks.
  • Ref: http://seclists.org/lists/bugtraq/2004/Aug/0042.html
  • 04.31.35 - CVE: Not Available
  • Platform: Network Device
  • Title: U.S. Robotics USR808054 Web Administration Denial of Service
  • Description: The U.S. Robotics USR808054 is a combination wide area network (WAN) router and wireless access point (WAP). Part of its firmware includes a web administration interface. Large HTTP GET requests can cause the web interface to stop responding, resulting in a denial of service. USR808054 with firmware version 1.21h is reported vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/370624
  • 04.31.36 - CVE: Not Available
  • Platform: Network Device
  • Title: NetScreen SSHv1 Denial of Service
  • Description: NetScreen ScreenOS is an application provided for configuration of the NetScreen firewall appliance. It has been reported to be vulnerable to a denial of service condition when configured to run SSH with protocol version 1. A remote attacker can utilize this weakness to crash or reboot the appliance. Netscreen ScreenOS versions 3.x through 5.x were reported to be affected.
  • Ref: http://www.juniper.net/support/security/alerts/screenos-sshv1-2.txt

(c) 2004. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2004. All rights reserved. No posting or reuse allowed, other than listed above, without prior written permission.

Years of experience downloaded into your brain in 6 days.
-Chris Koutras, Titan Corp

SEC505: Securing Windows and Resisting Malware

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc