Specifications
SAFER – Vol. 3, Issue 6 40 © 2000 The Relay Group
NAI Security Advisory-May042000: Trend Micro InterScan VirusWall Remote Overflow
Released May 04, 2000
Affects Trend Micro InterScan VirusWall 3.0.1 up to 3.32
Reference http://www.nai.com/covert/
Problem
- InterScan VirusWall includes the ability to scan for virii in uuencoded files. Due to an unchecked
buffer in the code, if a uuencoded file is sent that includes an embedded final filename of more
than 128 characters, arbitrary remote code can be executed at the privilege level of the VirusWall
software.
- In an NT installation, VirusWall runs as SYSTEM by default.
SAFER
- Trend Micro has rectified this issue with the release of InterScan VirusWall 3.4 Beta and a patch.
ISS Security Advisory: Vulnerability in Quake3Arena Auto-Download Feature
Released May 03, 2000
Affects ID Software Quake3 Arena 1.16n
Reference http://www.iss.net/
Problem
- The Quake3Arena game is vulnerable to a directory traversal attack when participating in games
hosted on remote servers.
- A Quake3 Arena server is capable of gaining read or writes access and executing arbitrary code
on machines connecting to their server participating in a multi-player game. The Quake3 Arena
server operator can access and write to any known directory above the subdirectory of the
Quake3 Arena install directory. This is due to the implementation of the Software Developers Kit
(SDK) shipped with Quake3 Arena which allows for modifications to the filesystem, and the failure
of the client to properly handle the '..\' string.
- Attempting to access files above the subdirectory of the install directory will display an error
message, however, access is still granted. This vulnerability in conjunction with the Automatic
Download feature in Quake3 Arena can be used to launch an attack.
SAFER
- Select the 'setup' option from the main menu and choose 'game options.' From there, disable the
'automatic downloading' feature.
SuSE Security Announcement: aaa_base
Released May 02, 2000
Affects All versions of SuSE Linux
Reference http://www.suse.com/
Problem
- aaa_base is the basic package that comes with any SuSE Linux installation. Two vulnerabilities
have been found.
- The cron job /etc/cron.daily/aaa_base does a daily checking of files in /tmp and /var/tmp, where
old files will be deleted if configured to do so. Please note this this feature is NOT activated by
default. If the /tmp cleanup is activated, any file or directory can be deleted by any local user
- Some system accounts have their home directories set to /tmp by default. These are the users
games, firewall, wwwrun and nobody on a SuSE 6.4. If an attacker creates dot files in /tmp (e.g.
bash profiles), these might be executed if someone uses e.g. "su - nobody" to switch to the
nobody user. This can lead to a compromise of that userid. This vulnerability is present in several
other unix systems as well - please check all!
SAFER
- Update the package.