NIPC CyberNotes #2002-12 Page 18 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Scripts For
Educators
76
Multiple MakeBook
2.2
A vulnerability exists because
form field input is not
properly sanitized, which
could let a remote malicious
user execute arbitrary HTML.
No workaround or patch
available at time of
publishing.
MakeBook
Input
Validation
High
Bug discussed
in newsgroups
and websites.
Exploit has
been published.
Seanox
77
Windows DevWex
Windows
Binary
1.2002.052
0
Several vulnerabilities exist: a
Directory Traversal
vulnerability exists because
certain sequences from web
requests are not sufficiently
filtered, which could let a
malicious user obtain
sensitive information; and a
buffer overflow vulnerability
exits in the GET request
function, which could let a
malicious user execute
arbitrary code.
Upgrade available at:
http://www.seanox.de/projec
ts.devwex.php4
DevWex
Multiple
Vulnerabilities
Low/
High
(High if
arbitrary
code can
be
executed)
Bug discussed
in newsgroups
and websites.
Vulnerabilities
can be
exploited via a
web browser.
SGI
78
Unix IRIX
5.0-5.3,
6.0-6.5.16
A vulnerability exists in
MediaMail when certain
command line arguments are
passed to it, which could let a
malicious user obtain
sensitive information and
elevated privileges.
MediaMail is an expired
product, therefore SGI
has not provided patches
for these vulnerabilities.
SGI recommends
uninstalling the program
and switching to a
different mail program.
IRIX
MediaMail
Memory
Corruption
CVE Name:
CAN-2002-
0358
Medium Bug discussed
in newsgroups
and websites.
SGI
79
Unix IRIX
6.5-6.5.15,
6.5.2f-
6.5.15f,
6.5.2m-
6.5.15m
A buffer overflow
vulnerability exists in the NIS
password server, 'rpc.passwd',
which could let a remote
malicious user obtain root
access.
Patch available at:
http://support.sgi.com/irix/s
wupdates/
IRIX
rpc.passwd
Buffer
Overflow
CVE Name:
CAN-2002-
0357
High
Bug discussed
in newsgroups
and websites.
Splatt.it
80
Multiple Splatt
Forum 3.0
A vulnerability exists because
HTML is not filtered from
image tags, which could let a
malicious user execute
arbitrary script code.
Upgrade available at:
www.splatt.it
Splatt Forum
Image Tag
HTML
Injection
High
Bug discussed
in newsgroups
and websites.
Exploit has
been published.
Stellar-X
Software
81
Windows
NT
MSNTAuth
2.0
A vulnerability exists when
data is passed to the syslog()
as the format string argument,
which may let a remote
malicious user execute
arbitrary code.
No workaround or patch
available at time of
publishing.
Stellar-X
Format String
High
Bug discussed
in newsgroups
and websites.
76
DownBload Security Research Lab Advisory, June 12, 2002.
77
Securiteam, June 11, 2002.
78
SGI Security Advisory, 20020602-01-I, June 6, 2002.
79
SGI Security Advisory, 20020601-01-P, June 4, 2002.
80
Bugtraq, June 6, 2002.
81
David Evlis Reign Security Advisory #11, June 4, 2002.
(51 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales