NIPC CyberNotes #2002-12 Page 6 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Evolvable
Corpora-
tion
23
Windows
95/98/NT
4.0/2000
Shambala
Server 4.5
Several vulnerabilities exist: a
Directory Traversal
vulnerability exists in the FTP
server, which could let a
malicious user obtain
sensitive information; and a
Denial of Service
vulnerability exists when a
malicious user sends a
malformed request to the
server.
No workaround or patch
available at time of
publishing.
Shambala
Server FTP
Server
Directory
Traversal &
Denial of
Service
Low/
Medium
(Medium
if
sensitive
informa-
tion can
be
obtained)
Bug discussed
in newsgroups
and websites.
There is no
exploit code
required for the
Directory
Traversal
vulnerability.
A Proof of
Concept
exploit has
been published
for the Denial
of Service.
Geeklog
24
Multiple Geeklog
1.3.5
Multiple vulnerabilities exist:
a vulnerability exists because
externally-supplied input that
is used in SQL queries is not
properly validated, which
could let a malicious user
execute arbitrary SQL
commands; multiple Cross-
Site Scripting vulnerabilities
exists because script code is
not properly filtered from
URL parameters, which could
let a malicious user execute
arbitrary script code; and a
vulnerability exists because
script code is not properly
sanitized from form fields,
which could let a malicious
user execute arbitrary script
code.
Patch available at:
http://prdownloads.sourcefor
ge.net/geeklog/geeklog-
1.3.5sr1.tar.gz
Geeklog
Multiple
Vulnerabilities
High
Bug discussed
in newsgroups
and websites.
Exploits have
been published.
Hewlett
Packard,
Systems
25
Unix HP-UX
11.0, 11.11
A Denial of Service
vulnerability exists in the
HP-UX Software Distributor
(SD) because a data view of
files not normally readable by
a user is allowed.
Patches available at:
http://itrc.hp.com
PHCO_25875
PHCO_25887
HP-UX SD
Data View
Denial Of
Service
Low Bug discussed
in newsgroups
and websites.
IBM
26
Unix Informix
SE
7.25.UC1
A buffer overflow
vulnerability exists if the
'INFORMIXDIR'
environment variable is
defined with a size greater
than 2023 bytes, which could
let a malicious user obtain
root privileges.
No workaround or patch
available at time of
publishing.
Informix SE
Buffer
Overflow
High
Bug discussed
in newsgroups
and websites.
Exploit scripts
have been
published.
23
Telhack 026 Inc. Security Advisory #3, May 30, 2002.
24
ALPER Research Labs Security Advisory, ARL02-A13, June 10, 2002.
25
Hewlett-Packard Company Security Bulletin, HPSBUX0205-194, May 30, 2002.
26
Bugtraq, May 30, 2002.
(51 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce