NIPC CyberNotes #2002-12 Page 14 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Mozilla/
Netscape
60
Windows
95/98/ME/
NT
4.0/2000,
XP,
Mac OS
9.0, 9.0.4,
9.1, 9.2,
MacOS X
10.x,
Unix
Mozilla
Browser
0.9.2.1,
0.9.2, 0.9.3,
0.9.4.1,
0.9.4-0.9.9,
1.0, 1.0
RC1&2;
Netscape
Communi-
cator
4.0.4-4.08,
4.0,
4.5-4.7,
4.51, 4.61,
4.72-4.77,
Netscape
6.0 1, 6.0
Mac,
6.0-6.2.2
A Denial of Service
vulnerability exists when
malformed e-mail messages
are received, which could
prevent clients from accessing
POP3 mailboxes.
This issue is resolved in
Mozilla 1.1. Alpha
versions may be accessed
at:
http://www.mozilla.org/rele
ases/
Netscape /
Mozilla
Malformed E-
mail
Denial of
Service
Low Bug discussed
in newsgroups
and websites.
Exploit has
been published.
Netscape
61
Windows
95/98/NT
4.0/2000,
Unix
Communi-
cator 4.77
A buffer overflow
vulnerability exists in the
Composer function when an
HTML page is edited that
contains a Font Face field of
arbitrary length, which could
let a malicious user execute
arbitrary code.
No workaround or patch
available at time of
publishing.
Netscape
Composer
Buffer
Overflow
High
Bug discussed
in newsgroups
and websites.
Proof of
Concept
exploit has
been published.
NetScreen
62
Multiple ScreenOS
3.0.3 r1.1
A vulnerability exists because
HTML tags are not filtered
from authentication fields,
which could let a malicious
user cause the log files to
appear as though they have
been deleted.
No workaround or patch
available at time of
publishing.
ScreenOS
HTML
File Display
Medium Bug discussed
in newsgroups
and websites.
Novell
63
Multiple eDirectory
8.6.2, 8.7
A vulnerability exists because
case-insensitive passwords are
allowed, which decreases the
number of unique passwords.
As a result, a brute-force
attack may be more feasible.
No workaround or patch
available at time of
publishing.
eDirectory
Weak
Password
Medium Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
Nullsoft
64
Unix Shoutcast
Server
1.8.9
Win32,
Solaris,
Mac OS X,
Linux,
FreeBSD
A buffer overflow
vulnerability exists, which
could let a remote malicious
unauthorized user execute
arbitrary code.
No workaround or patch
available at time of
publishing.
Shoutcast
Remote Buffer
Overflow
High
Bug discussed
in newsgroups
and websites.
Exploit script
has been
published.
60
Bugtraq, May 12, 2002.
61
Infobyte Security Research, June 13, 2002.
62
SecurityFocus, June 5, 2002.
63
Bugtraq, May 30, 2002.
64
Netric Security Team, June 4, 2002.
(51 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce