Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
11121314151617181920
SAFER – Vol. 3, Issue 6 18 © 2000 The Relay Group
Solaris netpr Buffer Overflow Vulnerability
Released May 12, 2000
Affects Sun Solaris 2.6, 7.0, 8.0
Reference http://www.securityfocus.com/bid/1200
Problem1
- A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with
Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86
have been confirmed as being vulnerable.
- The overflow is present in the -p option, normally used to specify a printer. By specifying a long
buffer containing machine executable code, it is possible to execute arbitrary commands as root.
On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root
shell in /tmp.
SAFER
- Sun has patches available for this vulnerability.
Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability
Released May 12, 2000
Affects Microsoft Outlook 98, Microsoft Outlook Express 4.0 up to 4.72.3612.1700
Reference http://www.securityfocus.com/bid/1195
Problem
- When the email client receives a malicious mail or news message that contains an attachment
with a very long filename, it could cause the email client to shut down unexpectedly. These very
long filenames do not normally occur in mail or news messages, and must be intentionally created
by someone with malicious intent. A skilled hacker could use this malicious email message to run
arbitrary computer code contained in the long string.
- This issue can cause one of the following to occur when attempting to download, open or view an
mail or news message in Microsoft Outlook 98 or Microsoft Outlook Express 4.x that has an
attachment with a very long filename.
- An error message similar to the following may be displayed: This program has performed an illegal
operation and will be shut down. If the problem persists, contact the program vendor. This issue
does not affect outlook Express 4.01 for Microsoft Windows 3.1 and Windows NT 3.51.
SAFER
- Microsoft has released patches to fix Outlook 98 and Outlook Express 4.x.
Microsoft Office 2000 UA Control Vulnerability
Released May 11, 2000
Affects Microsoft Office 2000
Reference http://www.securityfocus.com/bid/1197
Problem
- Microsoft Office 2000 and related individual packages (eg., Microsoft Word 2000) have a feature
called "Show Me" as part of the built-in help, which makes use of an ActiveX control (Office 2000
UA Control).
- This function was incorrectly flagged as "safe for scripting" and, although undocumented, could be
used by a malicious web site operator to execute any commands in Microsoft Office 2000. It
provides the ability to script almost all Office 2000 functions including file manipulation,
configuration settings, etc.
SAFER
- Microsoft has released a patch which fixes this vulnerability.