|
October 19, 2005
Symantec ESM 6.5 Network Assessment Security Updates File(s) Download the cumulative Symantec ESM Network Assessment Release Notes (PDF) Description
This update for Symantec ESM Network Assessment detects and reports 15 additional vulnerabilities and 357 additional security exposures.
Additional vulnerabilities Bugtraq ID Vulnerability name 12160 Microsoft Windows FTP Client Directory Traversal Vulnerability 14260 Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability 14594 Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability 15056 Microsoft Windows MSDTC Memory Corruption Vulnerability 15057 Microsoft MSDTC COM+ Remote Code Execution Vulnerability 15058 Microsoft MSDTC TIP Denial Of Service Vulnerability 15059 Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability 15061 Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability 15063 Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability 15064 Microsoft Windows Explorer Web View Script Injection Vulnerability 15065 Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability 15066 Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability 15067 Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability 15069 Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability 15070 Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability Additional security exposures Bugtraq ID Exposure Title exp.4 Server can be compromised with physical access exp.5 Access to a UNIX password file allows user profiling and possible password cracking exp.6 MCI registry key does not conform to Microsoft-recommended security settings exp.7 Windows NT password filter is not enabled exp.8 Password is easy to guess exp.9 Windows 95 .pwl file uses weak encryption exp.10 CurrentVersion key has vulnerable default permissions exp.11 Performance Monitor's Perflib registry key has inappropriate access controls exp.12 Daytime service lets attackers probe system exp.13 Poker service lets attackers profile a computer exp.14 DCOM lets attackers run arbitrary programs remotely exp.15 POP services let attackers profile a computer exp.16 Portmap services let attackers profile a computer exp.17 Admin user name and password are stored as plain text in registry exp.18 WinGate allows attack by proxy with default configuration exp.19 Dictionary service lets attackers profile computers exp.20 A registry key that lists communication ports has inappropriate access controls exp.21 Discard service lets attackers profile a computer exp.22 POSIX subsystem subjects a host computer to Trojan horse attacks exp.23 DNS denial of service attack is possible exp.24 Domain Name Service lets attackers profile a network exp.25 Echo service lets attackers probe a computer exp.26 EFS service lets attackers profile a computer exp.27 Password is insecure exp.28 erlogin service lets attackers profile a computer exp.29 Print-srv service lets attackers profile a computer exp.30 Symantec Enterprise Security Manager is not installed exp.31 No action can be taken when auditing is unavailable exp.32 Printer service may profile a system for attack exp.33 exec service allows remote command execution exp.35 Finger service can be used in denial of service attack exp.36 Qmaster service may help profile a system for attack exp.37 Qotd service lets attackers profile a computer exp.38 Finger service lets attackers execute arbitrary commands as root exp.39 Finger service lets attackers profile a computer exp.40 Finger service reveals information about user accounts exp.41 Queue service may help profile a system for attack exp.42 A registry key that configures applications to edit the registry has inappropriate access controls exp.43 Finger service lists all active users accounts exp.44 Finger service listing all users currently logged in exp.45 Registry can be accessed remotely exp.46 Finger service lists all inactive user accounts exp.47 Registry files associated with the registry editor allows access to the registry. exp.48 Remotefs service may help profile a system for attack exp.49 Remp service may help profile a system for attack exp.50 Network resource discovery helps identify systems for attack exp.51 FTP service allows access exp.52 ICMP replies help profile a system for attack. exp.53 FTP service allows anonymous users to write to root directory exp.54 Rje service may help profile a system for attack exp.55 Rmt service may help profile a system for attack exp.56 FTP service may create opportunity for attack exp.57 FTP backdoor in wu-ftpd may allow anonymous root access exp.58 Windows NT SP1 and SP2 are vulnerable to RPC denial of service attacks exp.59 RPC registry settings have inappropriate access controls. exp.60 Run key has inappropriate access controls exp.61 RunOnce registry key has inappropriate access controls exp.62 FTP service allows unauthorized file access exp.63 SAP information may help profile a system for attack exp.64 Apache version 1.2.4 and earlier are vulnerable to multiple buffer overflow attacks exp.65 Pandora spoofing attack possible exp.66 Sendmail 8.8.0-8.8.1 MIEM overflow allows remote root access exp.67 Sendmail allows information obscuring via long HELO/EHLO exp.68 Windows NT application event log can be accessed by the guest account exp.69 Sendmail versions up to 8.8.0 allows e-mail re-directs exp.70 Services identifiable by product or version allow them to be profiled for future attacks exp.71 Sftp service may help profile a system for attack exp.72 Windows NT security event log can be accessed by the guest account exp.73 Windows NT guest account can access the system event log exp.74 A registry key that configures shares has inappropriate access controls exp.76 SL Mail service is vulnerable to a buffer overflow attack exp.77 Registry keys under HKEY_LOCAL_MACHINE are vulnerable to attack exp.78 SL Mail is vulnerable to a denial of service attack exp.79 SMB can force the use of clear text passwords exp.80 HP laserjet IP address can be changed without password exp.82 SMB client message signing disabled exp.83 SMB server has message signing disabled exp.84 Finger client script in CGI directory of web server exp.85 Perl interpreter accessible from web server exp.87 Web server running exp.88 SMTP allows user verification with rcpt field exp.89 SMTP servers that allow mail relaying can be used to produce spam exp.90 Firewall type identified exp.91 SMTP servers that connect to clients quickly may facilitate vulnerability probing exp.92 Service listening on non-standard port exp.93 Sendmail allows file manipulation through e-mail sent to a decode alias exp.94 Unexpected service behavior exp.95 Network printer may be a target for attack exp.96 Router or switch may be target for attack exp.97 Intruder alert not installed exp.98 Internal DNS information available to public network exp.99 SMTP EXPN feature allows for username discovery exp.100 Valid e-mail account obtainable exp.101 Smtp service lets attackers profile a computer exp.105 SSH service may help profile a system for attack exp.106 Sunrpc service may help profile a system for attack exp.107 Supdup service may help profile a system for attack exp.108 Internet Explorer 3.0 and 3.01 are vulnerable to attack exp.109 Internet explorer without year 2000 patch exp.110 Systat service allows remote system monitoring exp.111 Internet explorer 4.01 vulnerable to untrusted scripted paste exp.112 Tcprepo service may help profile a system for attack exp.113 Internet explorer 4.x security zones not preserved exp.114 Telnet service communicates in clear text exp.115 Tempo service may help profile a system for attack exp.116 Tetrinet service may help profile a system for attack exp.117 Time service may help profile a system for attack exp.118 A registry key that configures PostScript fonts has inappropriate access controls exp.119 A registry key that configures uninstall applications has inappropriate access controls exp.120 NULL session connections allow user and domain server enumeration exp.121 A registry key that configures UPS devices has inappropriate access controls exp.122 Internet explorer 4.x without service pack 1 is vulnerable to attack exp.123 Internet Relay Chat server lets attackers probe a computer exp.124 Login dialogs that display the last user to log in facilitate user account attacks exp.125 SMB lets anonymous connections read and write to shares exp.127 Uucp service may help profile a system for attack exp.128 Uucp-path service may help profile a system for attack. exp.129 Netware 4.x vulnerable to denial of service attack exp.130 LanManager passwords use weak encryption exp.131 Legal notice banner at login makes prosecuting attackers easier exp.132 Getadmin attack allows users to be added the administrators group exp.133 Inappropriate registry access controls allow the SNMP community name to be read. exp.134 Vmnet0 service may help profile a system for attack exp.135 VNC service could be monitored to profile a computer exp.136 Volrmmount utility allows shell users to gain root privileges exp.137 The w service may help profile a system for attack. exp.138 Whois service may help profile a system for attack exp.139 Drivers registry key does not conform to Microsoft recommended security settings exp.140 Apache win32 allows retrieval of files outside of document trees exp.141 Embedding registry key does not conform to Microsoft recommended security settings exp.142 Font Drivers registry key does not conform to Microsoft recommended security settings exp.143 FontCache registry key does not conform to Microsoft recommended security settings exp.144 Not clearing the Windows page file may provide attackers with sensitive system information. exp.145 FontMapper registry key does not conform to Microsoft recommended security settings exp.146 Fonts registry key does not conform to Microsoft recommended security settings exp.147 FontSubstitutes registry key does not conform to Microsoft recommended security settings exp.148 GRE_Initialize registry key does not conform to Microsoft recommended security settings exp.149 MCI Extensions registry key does not conform to Microsoft recommended security settings exp.150 Windows NT system caches logon credentials exp.151 garcon service may allow attackers to profile for future attacks exp.152 Windows PWL file uses weak encryption exp.153 Gateway service may allow attackers to profile for future attacks exp.154 WinGate pop3 proxy server is vulnerable to a buffer overflow exp.155 Wingate telnet proxy service is vulnerable to a buffer overflow attack exp.156 hostnames service may allow attackers to profile for future attacks exp.157 Inappropriate WinLogin registry key access controls may allow trojan applications to be executed. exp.158 ingreslock service may allow attackers to profile for future attacks exp.159 iso-tsap service may allow attackers to profile for future attacks exp.160 kerberos service may allow attackers to profile for future attacks exp.161 A registry key that configures how 16 bit processes are executed has inappropriate access controls. exp.162 X400 service may help profile a system for attack exp.163 X400-snd service may help profile a system for attack. exp.164 Malformed broadcast packets can cause a denial of service in older NetWare client software exp.165 Kerberos master service may allow attackers to profile for future attacks exp.166 NFS allows device creation exp.167 NFS is vulnerable to directory traversals that grant access to files that are not exported exp.168 klogin service may allow attackers to profile for future attacks exp.169 knetd service may allow attackers to profile for future attacks exp.170 krb_prop service may allow attackers to profile for future attacks exp.171 kshell service may allow attackers to profile for future attacks exp.172 link service may allow attackers to profile for future attacks exp.173 rlogin service uses plain text passwords exp.174 NFS allows root access by failing to properly validate UIDs. exp.175 NFS services that export writable directories are vulnerable to attack. exp.176 Exporting hosts.equiv and .rhosts files through NFS as writable makes a system vulnerable to attack exp.177 Exporting hosts.cshrc and .login files through NFS as writable makes a system vulnerable to attack. exp.178 Exporting .netrc through NFS as writable makes a system vulnerable to attack. exp.179 Portmap can be used to create NFS mounts. exp.180 Access to mountd allows access to local and remote file systems. exp.181 Mountd service allows discovery of network resources. exp.182 Mountd service may allow NFS client enumeration exp.183 Mountd service allows directory to be mounted by anyone. exp.184 NFS mounts that grant access to .netrc files may compromise user passwords. exp.185 NFS may publish host names when exporting .netrc files. exp.186 Passwd files that are exported by NFS compromise user account information. exp.187 Passwd files that are exported by NFS with encrypted passwords compromise user account information. exp.188 Sendmail is vulnerable to a denial of service attack through a malformed message header. exp.190 Append actions can overwrite a file in older Linux kernels with securelevel protection enabled. exp.191 SLmailNT 3.1-3.2 allows file restrictions to be bypassed by users. exp.192 SLmailNT 3.1 and prior can be terminated by remote users. exp.193 NIS client can be identified via passwd file. exp.194 Maitrd service may help profile a system for attack exp.195 Man service may help profile a system for attack exp.196 Mantst service may help profile a system for attack exp.199 Mtb service may help profile a system for attack exp.200 Mtp service may help profile a system for attack exp.201 Name service may help profile a system for attack. exp.202 Windows NT 4 is vulnerable to a denial of service attack through named pipes. exp.203 Nameserver service may help profile a system for attack exp.204 Nbname service may help profile a system for attack. exp.205 Nbsession service may help profile a system for attack. exp.206 NetBus backdoor service allows remote attackers system level access. exp.207 Netnews service may help profile a system for attack. exp.208 NetWare console grants system level access without authentication. exp.209 NetWare password intercept possible via trojan horse exp.210 Netstat service my help profile a system for attack. exp.211 Rconsole passwords stored in clear text. exp.212 NetWare serves with DOS loaded allow access to DOS partitions. exp.213 NetWare telnet server allows insecure remote console access exp.215 Windows could allow network access to the floppy drive. exp.216 Networks can be identified through NIS. exp.217 Network Peripherals switching hub is vulnerable to a denial of service attack. exp.218 Network Peripherals switching hub's IP address can be changed without a password. exp.219 NeWS service may help profile a system for attack exp.220 Windows NT 4.0 is vulnerable to newtear exp.221 NFS may help profile a system for attack exp.222 Windows NT 4.0 allows network access to the CD-ROM exp.223 NIS may help profile a system for attack exp.224 NIS map ethers.byname may help profile a system for attack exp.225 NIS map ethers.byaddr may help profile a system for attack exp.226 NIS map bootparams may help profile a system for attack. exp.227 NIS map auto.master may help profile a system for attack exp.228 NIS map auto.home may help profile a system for attack exp.229 NIS map auto.direct may help profile a system for attack. exp.230 NIS map auto.src may help profile a system for attack exp.231 RPC services let attackers profile a computer exp.232 Portmap service identifies running RPC services exp.233 Trinoo agent daemons allow denial of service attacks by proxy. exp.234 Trinoo master daemons allow denial of service attacks by proxy. exp.235 Tfn trojan horse daemon allows attack-by-proxy exp.236 Stacheldraht trojan horse agent allows attack-by-proxy. exp.237 Stacheldraht trojan horse handler allows attack-by-proxy. exp.238 Stacheldraht trojan horse component allows attack-by-proxy. exp.239 Mstream trojan horse master allows attack-by-proxy exp.240 Mstream server allows attack by proxy. exp.241 Cold Fusion sourcewindow.cfm allows remote file access exp.242 Cold Fusion evaluate.cfm may allow unauthorized access exp.243 Cold Fusion fileexists.cfm allows remote file detection access exp.244 Cold Fusion sample file cfmlsyntaxcheck.cfm is vulnerable to a denial of service attack. exp.245 Cold Fusion mainframeset.cfm allows local http access by proxy. exp.246 Linux kernel capability bug allows shell users to gain root access. exp.247 Personal Mail Server is vulnerable to a buffer overflow attack exp.248 University of Washington POP/IMAP server are vulnerable to buffer overflow attacks. exp.249 Unsigned ActiveX controls marked safe for scripting in Restricted Sites zone exp.250 Active scripting enabled in Restricted Sites zone exp.251 Microsoft Outlook is not in the Restricted Sites zone. exp.252 Microsoft Outlook Express is not in the Restricted Sites zone. exp.253 SNMP community names provide write access to MIB entries exp.254 BIND is vulnerable to a fdmax denial of service attack exp.255 BIND is vulnerable to a maxdname buffer overflow attack. exp.257 BIND is vulnerable to a sig denial of service attack. exp.258 BIND is vulnerable to a solinger denial of service attack. exp.259 BIND is vulnerable to a sigdiv0 denial of service attack. exp.260 BIND is vulnerable to a srv denial of service attack. exp.261 BIND discloses system information. exp.262 Girlfriend backdoor program listens on port 21554. exp.263 Deep Throat client grants remote attackers administrative system access. exp.264 Subseven back door gives administrative control to remote attackers exp.265 A Jana HTTP server CGI allows directory traversals to reference files outside of the document root. exp.266 HTTP allows CGI access to config.sys exp.267 ICQ-WebServer allows access to files outside of the document root. exp.268 _AuthChangeUrl.cgi allows password attacks by proxy. exp.269 HTTP allows CGI access to _vti_inf.html exp.270 HTTP allows CGI access to _vti_pvt/service.grp exp.271 HTTP allows execution of catalog_type.asp CGI exp.272 HTTP server allows execution of sendmail.cfm CGI exp.274 HTTP service allows execution of AnyBoard.cgi CGI exp.275 HTTP service allows execution of AT-admin.cgi CGI exp.276 HTTP service allows execution of ax-admin.cgi CGI exp.277 HTTP service allows execution of ax.cgi CGI exp.278 HTTP service allows execution of bb-hist.sh CGI exp.280 HTTP service allows execution of day5datacopier.cgi CGI exp.281 HTTP service allows execution of day5datanotifier.cgi CGI exp.283 HTTP service allows execution of dumpenv.pl CGI exp.284 HTTP service allows execution of environ.cgi CGI exp.285 HTTP service allows execution of filemail.pl CGI exp.288 HTTP service allows execution of fpexplore.exe CGI exp.289 HTTP service allows execution of gH.cgi CGI exp.293 HTTP service allows execution of maillist.pl CGI exp.294 HTTP service allows execution of nph-publish CGI exp.295 HTTP service allows CGI access to passwd. exp.296 HTTP service allows CGI access to passwd.pwd exp.297 HTTP service allows CGI access to passwd.txt. exp.298 HTTP service allows CGI access to password exp.299 HTTP service allows CGI access to password.pwd exp.300 HTTP service allows CGI access to password.pwl exp.301 HTTP service allows execution of perlshop.cgi CGI exp.303 HTTP service allows execution of ppdscgi.exe CGI exp.304 HTTP service allows execution of rwwwshell.pl CGI exp.305 HTTP service allows execution of sendform.cgi CGI exp.310 HTTP service allows execution of tst.bat CGI exp.311 HTTP service allows execution of unlg1.1 CGI exp.312 HTTP service allows execution of unlg1.2 CGI exp.313 HTTP service allows execution of upload.pl CGI exp.318 HTTP service allows execution of wwwadmin.pl CGI exp.319 HTTP service allows execution of args.bat CGI exp.320 HTTP service allows execution of args.cmd CGI exp.321 HTTP service allows execution of default.asp CGI exp.322 HTTP service allows view of the doc directory. exp.323 HTTP service allows execution of domcfg.nsf CGI exp.324 HTTP service allows access to etc/group exp.325 HTTP service allows access to etc/passwd exp.337 HTTP service allows execution of fpcount.exe CGI that is vulnerable to a buffer overflow attack exp.338 HTTP service allows execution of pfieffer.bat CGI that may help profile the system for attack. exp.339 HTTP service allows execution of pfieffer.cmd CGI exp.342 HTTP service allows execution of queryhit.htm CGI exp.343 HTTP service allows execution of adminlogin CGI exp.344 HTTP service allows execution of tools/getdrvs.exe CGI exp.346 NAVCE service not detected exp.347 NAVCE service Identified exp.348 Shaft distributed denial of service daemon allows attack by proxy exp.349 Packaging Anomaly Could Cause Hotfixes to be removed exp.350 Carbon Copy can provide remote access to a computer exp.351 CaptureScreen can provide remote access to a computer exp.352 Desktop Delivery can provide remote access to a computer exp.353 IKS (Invisible Keylogger Stealth) will keep a log of all keystrokes typed exp.354 NetBus backdoor program allows remote administrative access. exp.355 Netlook allows a remote capture of screenshots exp.356 PC Protect Stealth logs stored locally exp.357 Serv-U FTP-Server v2.5e is vulnerable to a denial of service attack exp.358 Serv-U FTP-Server version 2.3x is vulnerable to a buffer overflow attack exp.360 Microsoft IIS Malformed HTR Request vulnerable to buffer overflow attack exp.361 Microsoft SQL Server 2000 stored procedure is vulnerable to an input validation attack exp.362 Microsoft MSSQL server may help profile a system for attack. exp.363 Microsoft SQL Server 2000 is vulnerable to a OpenDataSource buffer overflow attack exp.364 VPN service enabled exp.365 Embedded web servers may help profile a host for attack exp.366 Wireless access point may allow unauthorized network access exp.367 D-Link wireless access point can reveal version information exp.368 Netgear wireless access point may real version information. exp.369 SMC wireless access point may reveal version information. exp.370 Cisco-Aironet Wireless Access Point Identified exp.371 Corega wireless access point may reveal version information. exp.372 IOData wireless access point may reveal version information. exp.373 Melco wireless access point may reveal version information. exp.374 Melco wireless access point can be identified through SNMP. exp.375 SESA agent not installed. exp.376 SESA agent identified. exp.377 SESA Manager detected. exp.382 BackOrifice allows remote system access with administrator privileges exp.391 Unauthorized users can add printer drivers exp.401 Unauthorized users can shut down system exp.407 Weak passwords allow compromise exp.408 Rlogin allows remote root access exp.409 User rights not being audited exp.410 Open TCP and UDP port allows system profiling exp.411 Auth service running exp.413 Base system objects are not protected from modification exp.414 Chargen service found to be running exp.450 System may be susceptible to burn attack exp.452 Busboy service found to be running exp.470 Registry key \HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Compatibility exp.501 Microsoft Windows NULL session logon can enumerate users exp.503 Registry key \HKEY_USERS\.Default has inappropriate security settings exp.504 Parent of shared directory can be accessed by remote attacker exp.505 anonymous FTP access is enabled exp.506 Windows shares can be enumerated remotely exp.507 Registry key \HKEY_LOCAL_MACHINE\Software\Classes\AppId has vulnerable default permissions exp.508 NIS allows user account and system information to be obtained exp.509 Bnews service found to be running exp.511 Unnecessary services on a host may present opportunities for attack exp.512 nntp service may profile a host for attack exp.514 Registry key for Ole has inappropriate access settings exp.515 OS/2 subsystem enabled on windows exp.516 Default user automatically logged in through autologin feature exp.545 SNMP community name is guessable exp.547 Remote access to shell interpreters in cgi-bin directory Initial Post on: Thursday, 20-Oct-05 15:10:00 Last modified on: Thursday, 20-Oct-05 23:24:15 |