Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Uživatelský manuál stáhnout pdf (Strana 9)

NIPC CyberNotes #2002-12 Page 9 of 33 06/17/2002

Vendor

Operating

System

Software

Name

Vulnerability/

Impact

Patches/Workarounds/

Alerts

Common

Name

Risk*

Attacks/

Scripts

Marc

Druilhe

Multiple W-Agora

4.1.1-4.1.3

A vulnerability exists in the

‘inc_dir’ variable in several

scripts, which could let a

remote malicious user execute

arbitrary code.

No workaround or patch

available at time of

publishing.

W-Agora

Arbitrary Code

Execution

High

Bug discussed

in newsgroups

and websites.

Proof of

Concept

exploit has

been published.

Matsushita

Research

Unix MNews

1.2.2

Multiple local and remote

buffer overflow vulnerabilities

exist due to improper bounds

checking on certain command

line arguments as well as the

MAILSERVER and JNAMES

environment variables, which

could let a local malicious

user obtain elevated privileges

and a remote malicious user

use MNews to penetrate an

affected system.

No workaround or patch

available at time of

publishing.

MNews

Multiple

Buffer

Overflows

Medium Bug discussed

in newsgroups

and websites.

Exploit script

has been

published.

Matthew

Mondor

Unix mmftpd .7 A format string vulnerability

exists in the mmftpd FTP

deamon due to improper use

of the syslog call, which could

let remote malicious user

execute arbitrary code.

Upgrade available at:

http://mmondor.gobot.ca/sof

tware/linux/mmftpd-

0.0.8.tar.gz

MMFTPD

SysLog Format

String

High

Bug discussed

in newsgroups

and websites.

Matthew

Mondor

Unix mmmail

.11, .12, .13

A vulnerability exists due to

improper use of the syslog

call, which could let a

malicious user execute

arbitrary code.

Update available at:

http://mmondor.gobot.ca/sof

tware/linux/mmmail-

0.0.14.tar.gz

MMMail

Remote

SysLog Format

String

High

Bug discussed

in newsgroups

and websites.

Microsoft

Windows .NET

Framework

1.0 SP1,

1.0

A buffer overflow

vulnerability exists because a

function that processes cookie

data in the ASPState service

fails to properly check the

length of the cookies passed

to it, which could let a

malicious user cause a Denial

of Service and possibly

execute arbitrary code.

Frequently asked

questions regarding this

vulnerability and the

patch can be found at:

http://www.microsoft.com/t

echnet/treeview/default.asp?

url=/technet/security/bulleti

n/MS02-026.asp

Note: Microsoft

encourages users not to

install the patch while

VS.NET is running.

Microsoft

ASP.NET

StateServer

Buffer

Overflow

CVE Name:

CAN-2002-

0369

Low/High

(High if

arbitrary

code can

executed)

Bug discussed

in newsgroups

and websites.

Microsoft

Windows

4.0/2000

IIS 4.0, 5.0 A buffer overflow

vulnerability exists because of

an arithmetic error in the

ISAPI extension that

implements the HTR

functionality, which could let

a remote malicious user

execute arbitrary code.

Frequently asked

questions regarding this

vulnerability and the

patch can be found at:

http://www.microsoft.com/t

echnet/treeview/default.asp?

url=/technet/security/bulleti

n/MS02-028.asp

Microsoft IIS

ISAPI

Extension

Buffer

Overflow

CVE Name:

CAN-2002-

0364

High

Bug discussed

in newsgroups

and websites.

SecurityFocus, June 10, 2002.

Strategic Reconnaissance Team Security Advisory, SRT2002-04-31-1159, May 31, 2002.

INTEXXIA(c) Security Advisory, #1053-040602, June 6, 2002.

INTEXXIA(c) Security Advisory, #1054-040602, June 12, 2002.

Microsoft Security Bulletin, MS02-026 Ver 2.0, June 7, 2002.

Microsoft Security Bulletin, MS02-028, June 12, 2002.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 ... 32 33

Komentáře k této Příručce

Žádné komentáře

Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Uživatelský manuál Strana 9

Komentáře k této Příručce

Související produkty a manuály pro Servery Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR