NetProwler 3.5.1 SU13 introduces seven (7) new signatures detecting a CDE dtspcd attack, a Microsoft IE object tag exploit, an Oracle 8i dbsnmp DoS, an Apache PHP file read attack, two newly discovered SNMP vulnerabilities, and a buffer overflow in Wu_Ftpd. In addition, the HTTP IIS ISAPI Extension signature released in an earlier SU has been modified to detect attempts to exploit the vulnerability using multiple packets. You may obtain NetProwler 3.5.1 SU13 through the product's autoupdate feature.
- CDE_dtspcd_Buffer_Overflow
This signature detects attempts to exploit a buffer overflow vulnerability in most versions of the CDE's Subprocess Control Service dtspcd daemon. Successful exploitation of this vulnerability could provide root access to the malicious user.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0803
- HTTP_IIS_ISAPI_Extension
This signature detects attempts to overflow the buffer in the ISAPI extensions of the IIS server. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0500
- MSIE_Pop_Up_Object_Tag_Bug
Vulnerabilities exist in Internet Explorer 5.5 and 6.0 wherein the Javascript object handler allows remote access to locally stored objects. By referencing a known registry key, or identifying executable code on the local hard drive, the remote attacker can execute code on the browsing computer.
- Oracle_8i_dbsnmp_DoS
This signature detects attempts to cause a denial of service against Oracle's TNS Listener Service. If either the dbsnmp_start or dbsnmp_stop commands are sent remotely to the TNS Listener Service, a memory error occurs. According to Oracle documentation these commands should only be issued locally.
http://www.securityfocus.com/bid/3903
- PHP_Apache_Win_Reader
This signature detects attempts to parse arbitrary files using a PHP and Apache Web server misconfiguration. The exploit works against Windows-based Apache Web server, version 2.0 applications, and the PHP 4.X script engine. In a successful attack, malicious users can acquire files, including hidden system files, from the local hard drive and parse them back to their browsers.
http://www.securityfocus.com/bid/3786
- SNMP_Community_BO
Vulnerabilities exist in multiple vendors' implementations of simple network management protocol version 1 (SNMPv1) wherein the SNMP community name buffer may be overrun. This vulnerability may cause routers, switches, and managed hubs to perform erratically, or to stop processing altogether. Carefully crafted exploits may give administrator-level control of a router or computer to the attacker. This alert may also indicate a pre-strike probe using the Uolu University SNMPv1 vulnerability assessment tool, Protos.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013
- SNMP_Default_Community_Name
This signature detects connections to SNMP ports where common or default community strings are used. Vulnerabilities exist in multiple vendors' implementations of simple network management protocol version 1 (SNMPv1). Scans to locate vulnerable systems may involve scanning with common or default SNMP community strings. High level of alerts may be experienced if common or default community strings are used.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013
- Wuftpd_Site_Exec_Overflow
Washington University's FTP server versions 2.6.0 and 2.6.1 have a file globbing heap address error in the server that potentially may allow an attacker to execute a buffer overflow in the Site Exec command and gain root level access to the server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0550
Last modified on: Tuesday, 11-Jun-02 11:49:36
|
