Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
40414243444546474849
SAFER – Vol. 3, Issue 6 46 © 2000 The Relay Group
SECURITY BUGS
Many security problems are too specific to become a full advisory. Below is a list of security problems
discovered in various softwares during the month of May 2000, which we advise you to check against
your IT environment.
Remote Dos attack against Intel express 8100 router
Intel express 8100 isdn router vulnerable for remote icmp fragmented packets and oversize
packets. Download libnet and isic-0.05 test following exploit. And do the following command to
generate oversized and fragmented packets: ./icmpsic -s 127.0.0.1,23 -d <target.router.ip.address>
-F 100. After a couple of minutes router hangs. No patch from the vendor yet.
Allmanage.pl vulnerability
Websites using 'Allmanage Website Administration Software 2.6 WITH the upload ability', and
maybe earlier versions, contain a vulnerability which gives you full add/del/change access in the
user-account directories and you can change the files in the main directory of the CGI script. Go
instead of /allmanage.pl to /allmanageup.pl (extension can be .cgi eventually). You'll get into the
"Upload Successful! page" and press on the 'Return To Filemanager'-button. Now you'll get into the
Root Directory. From here you can add, change, delete user-accounts and change the contents of
the directory main page. This vulnerability is only tested with the Perl version of the script on 9
different sites, all were vulnerable, and it is not tested with the MySQL version and earlier releases.
Allmanage.pl Admin Password vulnerability
Everybody can easily get the admin password from the allmanage directory. You are able to
set/change lots of variables, add accounts, mail users, backup, restore, edit header/footer code
etcFind were allmanage.pl is located and change allmanage.pl with K. For example:
allmanage/allmanage.pl will become allmanage/k. This file contains the admin password, not
encrypted. Go to allmanage_admin.pl instead of allmanage.pl and login. You can use admin as
loginname. Now you're in the main admin panel. N.B. loginname is not always admin, but in most of
the cases it is. That is tried on 8 sites using allmanage.pl. 6 of them were vulnerable. Other
interesting files to request: adp : Admin information and encrypted password userfile.dat: All user
information they entered requesting their account. (N.B. not always there) settings.cfg: Config file,
you can get the same information out of the admin panel. This may also work on the version
without the upload ability.
PC-Cillin vulnerability
Version 6.x of Trend Micro's PC-Cillin Anti-Virus software can be a subject to a remote DoS attack
and possibly unauthorized relays. As part of its Java/ActiveX protection, it routes all http requests
through its own internal proxy on port 8431. Unfortunately, it allows anyone anywhere to connect to
that port and dump enough data through it to saturate an unexpected victims connection. Trends
Micro technical support could not confirm or deny if remote users are able to get an outbound
connection from the victims system.