RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
1fd2ed25e75ae6103e367de4a012acaddbd2dec2b82709822d1d1f127d8cc413Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration.
8c9396b46daebd7ef569ec0f947a5ed309df55823876b48edcb9daffb8a5e521Vigilante Security Advisory - The OS/2 Warp 4.5 FTP Server contains denial of service vulnerabilities which allow anyone who can connect to port 21 to crash the service. Fix available here.
dcb764dd372fa94bea264f25decd609cbc3da5a3d482b1c028224a0dfc38159bVigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here.
14919ca4948fe3696698e353b783188ead84c819a08b964e581bbb6c4dfa3cc0SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. It is updated regularly and scans for just about all remotely detectable vulnerabilities. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
1fe273cce1201e64f6f19fc103eba93d769dc8c40751545da0db092e1bd99896Zorp is a new-generation modular proxy firewall suite to finetune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
89e17d764b7a8436d07d7726f15232917095f08f3614394f41fd7158b0c0b1d0AckCmd is a special kind of remote Command Prompt for Windows 2000. It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through a firewall in some cases. More information can be found in the ACK Tunneling Trojans paper.
76bfbdd19f3bc39942b1179dd39f4ee701c18efc216705a72c44051bde2db503Snitch turns back the asterisks in password fields to plaintext passwords.
42ac6b745abd6ab4895ecab7baa93ec7cbdd618cc9419a1e7f8609f403d3110aZorp is a new-generation modular proxy firewall suite to finetune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
a86b2f395f87bdcbfae1a142a7c641e88fea08eea99c2fd086af17680178aabaInzider v1.2 shows which processes listen at which ports, and can be used to find Back Orfice 2000 when it is hidden in another process. This is like LSOF for Windows 95/98, Windows NT 4.0 and Windows 2000.
2e6466d6e3dddc4f8a9cbd550dc4bdf278548f173b6f6f055ed30ebfbff8d7b9FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.
5a9e498c2ef801c16119a90749139794ff69b96fbd1ef6e91651a427170d3b2fVersions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here.
2f0b0f3203076a0c3be1376c0bf6a444c51fef60e897a936f0aedc04872cfb91Microsoft Security Bulletin (MS00-058) - Microsoft has released a patch for the "Specialized Header" security vulnerability in Internet Information Server (IIS 5.0) that ships with Windows 2000. The vulnerability causes a web server to send the source code of certain types of web files to a visiting user. Microsoft FAQ on this issue available here.
ffb426bb0a7ba1499d38ac3b01b2c19dd310421d100dd0f99c96880a7b7fca7aFreeBSD Security Advisory FreeBSD-SA-00:38 - The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization.
2c7946820d2ce844168c150997ecaac13fffc19e1a17ce6a21cbf3fb2673e66fFreeBSD Security Advisory FreeBSD-SA-00:37 - The cvsweb port, versions prior to 1.86, contains a vulnerability which allows users with commit access to a CVS repository monitored by cvsweb to execute arbitrary code as the user running the cvsweb.cgi script, which may be located on another machine where the committer has no direct access.
09f40debfcad1cf3bc4043b2e8953260477c781d053e3f643b9e71c1db46c228FreeBSD Security Advisory FreeBSD-SA-00:36 - The ntop software is written in a very insecure style, with many potentially exploitable buffer overflows (including several demonstrated ones) which could in certain conditions allow the local or remote user to execute arbitrary code on the local system with increased privileges.
7c0acd2703b07ca2be23cdd13d8a4ddc0d3ffedbcef8d1fe088ffb25c5bec951FreeBSD Security Advisory FreeBSD-SA-00:35 - The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
76f84091c90af96f01cf6608f849ae0a2517b33712ed0dccad709b014fd49f84FreeBSD Security Advisory FreeBSD-SA-00:34 - ISC-DHCP is an implementation of the DHCP protocol containing client and server. FreeBSD 3.2 and above includes the version 2 client by default in the base system, and the version 2 and version 3 clients and servers in the Ports Collection. The dhclient utility (DHCP client), versions 2.0pl2 and before (for the version 2.x series), and versions 3.0b1pl16 and before (for the version 3.x series) does not correctly validate input from the server, allowing a malicious DHCP server to execute arbitrary commands as root on the client. DHCP may be enabled if your system was initially configured from a DHCP server at install-time, or if you have specifically enabled it after installation. FreeBSD 4.1 is not affected by this problem since it contains the 2.0pl3 client.
731b4459394d525653b202ac1f9670f2fd6318ef0126d6b65c986f45ff803366Crypto-gram for August 15, 2000. In this issue: Secrets and Lies: Digital Security in a Networked World, Microsoft Vulnerabilities, Publicity, and Virus-Based Fixes, News, Counterpane Internet Security News, Crypto-Gram Reprints, European "Crime in Cyberspace" Convention, The Doghouse: Authentica, Bluetooth, and Comments from Readers.
25a5817a41cbe004c4d6e1112bdf771fb54aa8cfa70fb1ad5de105a3f6e42b66
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed