NIPC CyberNotes #2002-12 Page 15 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Patrick
Powell
65
Unix LPRng
3.7.4, 3.8.9
A vulnerability exists because
default configurations of
LPRng accept all remote print
submissions to the print
queue, which could let a
malicious user submit
numerous print requests to the
existing print queue.
Update available at:
ftp://updates.redhat.com/7.0/
en/os/
LPRNG
Remote Print
Submission
CVE Name:
CAN-2002-
0378
Low Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
PHP-
Reactor
66
Multiple Ekilat LLC
php(Reacto
r) 1.2.7
A Cross-Site Scripting
vulnerability exists in the
'browse.php,' in the
"comments" section because
user input is not properly
filtered, which could let a
remote malicious user execute
arbitrary script code.
Upgrade available at:
http://prdownloads.sourcefor
ge.net/phpreactor/phpreactor
-1.2.7pl1.tar.gz?download
Global.INC.
PHP Cross-Site
Scripting
High
Bug discussed
in newsgroups
and websites.
QNX
Software
Systems
Ltd.
67
Multiple QNX
RTOS
4.25, 6.1.0
Multiple vulnerabilities exist:
a vulnerability exists in the
'su' utility which could let a
malicious user obtain
sensitive information; a
vulnerability exists in the
‘phgrafx’ utility, which could
let a malicious user obtain
elevated privileges and root
access; a vulnerability exists
in the ‘phgrafx-startup’ utility,
which could let a malicious
user obtain elevated privileges
and root access; a buffer
overflow vulnerability exists
in the ‘phlocale’ utility, which
could let a malicious user
execute arbitrary code as root;
and a vulnerability exists in
the ptrace() implementation,
which could let a malicious
user obtain elevated
privileges.
No workaround or patch
available at time of
publishing.
QNX RTOS
Multiple
Vulnerabilities
Medium/
High
(High if
root
access
can be
obtained
or
arbitrary
code can
be
executed)
Bug discussed
in newsgroups
and websites.
Proof of
concept exploit
has been
published.
Exploit scripts
for the
‘phgrafx,’
‘phgrafx-
startup,’ and
‘phlocale’
utilities and the
ptrace()
implementation
vulnerabilities
have been
published.
QNX
Software
Systems
Ltd.
68
Multiple RTOS
6.1.0
A buffer overflow
vulnerability exists in the
‘pkg-installer’ utility, which
could let a malicious user
execute arbitrary code.
No workaround or patch
available at time of
publishing.
QNX RTOS
PKG-Installer
Buffer
Overflow
High
Bug discussed
in newsgroups
and websites.
Exploit script
has been
published.
65
Red Hat, Inc. Red Hat Security Advisory, RHSA-2002:089-07, June 9, 2002.
66
ALPER Research Labs Security Advisory, ARL02-A12, June 6, 2002.
67
Bugtraq, June 3, 2002.
68
Bugtraq, June 3, 2002.
(51 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales