Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
11121314151617181920
SAFER – Vol. 3, Issue 6 13 © 2000 The Relay Group
MetaProducts Offline Explorer Directory Traversal Vulnerability
Released May 19, 2000
Affects MetaProducts Offline Explorer 1.2x, 1.1x, 1.0x
Reference http://www.securityfocus.com/bid/1231
Problem
- By default Offline Explorer listens on port 800 on which a remote user can gain read-access to a
remote host's web cache and from their directory traverse.
- Performing a GET request containing "../..\" will allow the remote user to browse the cache and the
upper directory structure.
SAFER
- Download latest version of Offline Explorer.
Gauntlet Firewall Remote Buffer Overflow Vulnerability
Released May 19, 2000
Affects Gauntlet Firewall 5.5, 5.0, 4.2, 4.1, WebShield E-ppliance 300.0, 100.0
Reference http://www.securityfocus.com/bid/1234
Problem
- A buffer overflow exists in the version of Mattel's Cyber Patrol software integrated in to Network
Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. Due to the manner in which Cyber
Patrol was integrated, a vulnerability was introduced which could allow a remote attacker to gain
root access on the firewall, or execute arbitrary commands on the firewall.
- By default, Cyber Patrol is installed on Gauntlet installations, and runs for 30 days. After that
period, it is disabled. During this 30 day period, the firewall is susceptible to attack. Due to the
filtering software being externally accessible, users not on the internal network may also be able to
exploit the vulnerability
SAFER
- Patches from NAI are available.
Lotus Domino Server Misconfiguration: Documents Can Be Modified over the Web
Released May 19, 2000
Affects Lotus Domino Server
Reference http://www.perfectotech.com/blackwatchlabs/
Problem
- Documents (records) available for viewing in Lotus Domino server may be edited over the web, if
the access rights are not properly configured for them.
- The access rights for documents available through Lotus Domino server allow users to edit them,
although the URL contains only the open(i.e. view) operation. This can be done easily via
modifying the URL, so that instead of OpenDocument, the browser will send EditDocument.
SAFER
- Each site running a Domino server is encouraged to ensure that its databases are well-configured,
so that the outside user is not allowed to change records.
Big Brother bbd.c Buffer Overflow Vulnerability
Released May 18, 2000
Affects Big Brother 1.0 up to 1.4
Reference http://www.securityfocus.com/bid/1257
Problem
- Big Brother versions prior to 1.4g (BBDisplay and BBPager bbd.c) contain a buffer overflow
vulnerability, which allows for the execution of arbitrary code with the permissions of the user
running bbd.c
SAFER
- Download and install version 1.4g.