This Issue is Sponsored by GuardedNet - Transforming Security
Data into Knowledge neuSECURE - a Threat Management Solution Your CFO Will
Appreciate
neuSECURE isa centralized monitoring system that correlates and analyzes
event data from firewalls, IDS, hosts and routers for real-time attack
detection and response. It's proven to reduce the time you spend
investigating attacks and improves the value of your security
infrastructure.
Sign up to receive a paper entitled "Calculating the ROI of a neuSECURE
implementation" at <http://www.guarded.net/secondary/calculating_roi.html>
------------------------------------------------------------------------
-------
I. FRONT AND CENTER
1. Exchange 2000 in the Enterprise: Tips and Tricks Part One
2. Windows Forensics: A Case Study, Part 1
3. The Briscoe Syndrome
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL)
II. BUGTRAQ SUMMARY
1. Microsoft Windows File Protection Signed File Replacement...
2. Sun Solaris RPC AUTH_DES Privilege Escalation Vulnerability
3. Typespeed Local Buffer Overflow Vulnerability
4. SkyStream Edge Media Router-5000 Local Buffer Overflow...
5. monopd Remote Buffer Overflow Vulnerability
6. PHP wordwrap() Heap Corruption Vulnerability
7. Gallery Remote Code Execution Vulnerability
8. Leafnode Resource Exhaustion Denial Of Service Vulnerability
9. Web-cyradm Remote Denial of Service Vulnerability
10. PlatinumFTPServer Information Disclosure Vulnerability
11. PlatinumFTPServer Arbitrary File Deletion Vulnerability
12. PlatinumFTPserver Denial Of Service Vulnerability
14. PEEL Remote File Include Vulnerability
15. Perl-HTTPd File Disclosure Vulnerability
16. ShadowJAAS Command Line Password Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Macro and script viruses dying off
2. US military medical records stolen in burglary
3. FBI Arrests Russian Student Accused of Stealing Secret DirecTV...
4. Unhappy new Yaha
IV. SECURITYFOCUS TOP 6 TOOLS
1. DumpWin v2.0
2. pfstats v0.1
3. Nate Kohari's regular expression pipe v1.32
4. HotSaNIC v0.5.0-pre3
5. AlarmMon v0.35
6. Jay's Iptables Firewall v0.8.1.1 (dev)
V. SECURITYJOBS LIST SUMMARY
1. Seeking information security opportunity (Thread)
2. ISS Certified Expert. Contract role in Middle East. January...
3. Dror shalev (Thread)
4. Malcode Analyst -- Sydney, Australia (Thread)
5. Resume Submit - relocation (Thread)
6. ArcSight in Sunnyvale, California - Open jobs (Thread)
VI. INCIDENTS LIST SUMMARY
1. What constitutes authorized server access? - was Re: RPAT...
2. RPAT - Realtime Proxy Abuse Triangulation (Thread)
3. Mysterious "Support" account created on Win2k server (Thread)
4. PDL anti-spam blacklist (Thread)
5. Abnormally high Sub-Seven attack rate increase (Thread)
6. What constitutes authorized server access? - was Re: RPAT...
7. MS IIS 5 server is hacked leaving undeletable folders and files...
8. NC_S_ISLCK? (Thread)
9. Virus? Trojan? (Thread)
10. NIMDA - ceased ? - (Thread)
11. Random unprivileged TCP ports below 5000 kind-of open for...
VII. VULN-DEV RESEARCH LIST SUMMARY
1. ASM OpenBSD (Thread)
2. Query: BID 6273: PortailPhp SQL Injection Vulnerability. (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Account Management (Thread)
2. SecurityFocus Microsoft Newsletter #119 (Thread)
3. MDAC 2.7 SP1 now available as a standalone install (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NO NEW POSTS FOR THE WEEK ENDING 01.03.03
X. LINUX FOCUS LIST SUMMARY
1. User's and Shells (Thread)
2. RE : quotas on Redhat 7.3 problem (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Exchange 2000 in the Enterprise: Tips and Tricks Part One
By Tim Mullen
In this two-part article we will discuss an alternate configuration in
which we will utilize Microsoft's Internet Security and Acceleration (ISA)
Server, a third party SMTP Gateway (Trend Micro's Internet Messaging
Security Suite) and Exchange 2000. This sort of configuration is flexible
enough to be used in smaller installations that do not use a DMZ, or as
part of the DMZ configuration itself.
http://online.securityfocus.com/infocus/1654
2. Windows Forensics: A Case Study, Part One
by Stephen Barish
It's a security person's worst nightmare. You've just inherited a large,
diverse enterprise with relatively few security controls when something
happens. We all try to detect malicious activity at the perimeter of the
network by monitoring our intrusion detection systems, and watching
attackers bang futilely on our firewall. Even those attackers tricky
enough to slip through the firewall bounce harmlessly off our highly
secured servers, and trip alarms off throughout the network as they
attempt to compromise it. Reality is usually somewhat different: most of
us simply don't have the tools, or at least we don't have expensive,
dedicated tools. But we do have ways to stop the pain.
http://online.securityfocus.com/infocus/1653
3. The Briscoe Syndrome
By Mark Rasch
Fear of terrorism and a desire to cooperate with law enforcement has led
many corporate insiders to pony up sensitive information on their
customers to anyone with a badge... with no court order required.
http://online.securityfocus.com/columnists/132
4. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today?s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Windows File Protection Signed File Replacement Vulnerability
BugTraq ID: 6483
Remote: No
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6483
Summary:
Microsoft Windows ships with a component to verify digital signatures that
have been applied to system files and third-party code called 'Windows
File Protection' (WFP). A vulnerability in Windows File Protection has
been reported that may result in the re-introduction of vulnerable files
after fixes/patches have replaced them.
According to the report, Security Catalogs containing the hashes of old
files are kept in %WinDir%\System32\CatRoot after patches/fixes which
replace them have been deployed. If these patched files are somehow
overwritten with the vulnerable old files, Windows File Protection will
not detect the old files as being invalid due to the existent catalog
containing their hash.
This may allow for attackers to re-introduce onto a system and then
exploit vulnerable executables/files.
2. Sun Solaris RPC AUTH_DES Privilege Escalation Vulnerability
BugTraq ID: 6484
Remote: Yes
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6484
Summary:
Sun has reported a privilege escalation vulnerability for some versions of
Solaris.
The vulnerability occurs when certain RPC requests are made. Specifically,
the vulnerability exists for some RPC requests that involve AUTH_DES
authentication.
This vulnerability can be exploited by local or remote attackers to obtain
access to systems with elevated privileges. In some cases it is possible
for attackers to obtain root privileges.
This vulnerability has been reported to affect Sun Solaris 2.5.1 to 7.
3. Typespeed Local Buffer Overflow Vulnerability
BugTraq ID: 6485
Remote: No
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6485
Summary:
Typespeed is a game designed to test typing skills. It is available for
the Linux operating system. Typespeed is installed setgid 'games' by
default on the Debian Linux distribution.
A vulnerability has been discovered in Typespeed. It is possible to
trigger a buffer overflow in Typespeed by passing excessive data as a
user-supplied parameter. By exploiting this issue to overwrite sensitive
locations in memory it may be possible for a local attacker to execute
commands with elevated privileges.
The precise technical details regarding this vulnerability are not yet
known. This BID will be updated as further information becomes available.
4. SkyStream Edge Media Router-5000 Local Buffer Overflow Vulnerability
BugTraq ID: 6486
Remote: No
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6486
Summary:
SkyStream Edge Media Router-5000 (EMR5000) is a satellite network
connection router. It provides remote administration capabilities through
telnet or optionally a web interface.
The EMR5000 is prone to a buffer overflow. This vulnerability may be
exploited from the client shell (accessible via telnet) by an
authenticated user.
It is possible to trigger this condition by supplying an overly long
string to the command line, which will cause sensitive regions of memory
(such as stack variables) to be corrupted with attacker-supplied data.
This issue may be leveraged to cause arbitrary code to be executed with
elevated privileges.
monopd is game server for Monopoly-like board games. It is designed for
use with Linux variant operating systems.
A buffer overflow vulnerability has been reported for monopd. The
vulnerability occurs due to improper use of the vsprintf() function.
An attacker can exploit this vulnerability by supplying an overly long
command to the monopd server. This will trigger the buffer overflow
condition and result in the process corrupting memory with attacker
supplied values.
This vulnerability was reported for monopd 0.6.1 and earlier.
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been discovered in the wordwrap() function which is a
built-in PHP function. Under some circumstances it may be possible to
trigger a heap corruption bug when supplying input to a script which uses
the vulnerable wordwrap() function. This issue exists due to insufficient
allocation of memory used to store wrapped text. Memory corrupted through
the wordwrap() function may be later referenced by the web server calling
the vulnerable script.
A malicious attacker may be able to exploit this issue to overwrite a
malloc header stored in the heap. This may cause an arbitrary word in
memory to be overwritten when corrupted chunk is released with the free()
function. By replacing a Global Offset Table entry with an address pointed
to attacker-supplied data, it may be possible for the attacker to execute
malicious instructions. Any code executed will be run with the privileges
of the web server that ran the vulnerable script.
Gallery is an open source web based photo album. It is written in PHP and
is available for Linux and Unix variant as well as Microsoft Windows
operating systems.
A new feature supporting the Windows XP publishing subsystem in Gallery
1.3.2 has introduced a security vulnerability nearly identical to that
described in BID 5375.
The PHP script 'publish_xp_docs.php' attempts to include a file,
'init.php', from a path constructed using an uninitiated PHP variable.
Malicious remote clients may pass a value for that variable, specifying a
remote server as the location of the include file. By doing so, attackers
may force a remote server to execute arbitrary PHP code with the
privileges of the webserver.
8. Leafnode Resource Exhaustion Denial Of Service Vulnerability
BugTraq ID: 6490
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6490
Summary:
Leafnode is a USENET proxy server intended for sites with a small number
of readers.
A denial of service vulnerability has been reported for Leafnode. The
vulnerability occurs when Leafnode tries to retrieve certain news
postings. Specifically, Leafnode will consume all available CPU resources
when it tries to retrieve messages that have been cross-posted to several
groups.
An attacker can exploit this vulnerability by cross-posting to several
newsgroups where some groups are prefixes of others. When leafnode
attempts to retrieve these news articles by the message-id, the leafnode
nntpd server will will go into an infinite loop and consume all CPU
resources thereby leading to a denial of service condition.
This vulnerability affects Leafnode 1.9.20 to 1.9.29. The default
installation of Leafnode is not affected by this vulnerabilty.
9. Web-cyradm Remote Denial of Service Vulnerability
BugTraq ID: 6491
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6491
Summary:
Web-cryadm is a management tool written in PHP. It is used with a
Mailsystem built on Cyrus IMAP and Postfix. It is available for the Unix
and Linux operating systems.
A vulnerability has been discovered in Web-cyradm. A denial of service may
be triggered when attempting to administrate a domain when the necessary
IMAP daemon is not running. If this situation occurs the Web-cyradm
process will enter an infinite loop, generating errors. This issue occurs
due to invalid checks for a running IMAP daemon by the browseaccounts.php,
deleteaccount.php, and newaccount.php PHP scripts.
By exploiting this vulnerability it may be possible to consume network
resources causing legitimate requests to be denied. Under some
circumstances it may also cause the system to crash due to excessive CPU
utilization.
10. PlatinumFTPServer Information Disclosure Vulnerability
BugTraq ID: 6492
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6492
Summary:
PlatinumFTPserver is a FTP server available for Microsoft Windows
operating systems.
It has been reported that PlatinumFTPServer fails to properly sanitize
some FTP commands. An attacker is able to traverse outside of the
established FTP root by using dot-dot-slash (../) directory traversal
sequences in conjunction with some FTP commands. Specifically, the
attacker can use the DIR FTP command to obtain information about
potentially sensitive files located on a vulnerable system outside of the
FTP root directory.
Disclosure of sensitive system information may aid the attacker in
launching further attacks against the target system.
This vulnerability was reported for PlatinumFTPserver 1.0.6. It is not
known whether other versions are affected.
PlatinumFTPserver is a FTP server available for Microsoft Windows
operating systems.
It has been reported that PlatinumFTPServer fails to properly sanitize
some FTP commands. An attacker is able to traverse outside of the
established FTP root by using dot-dot-slash (../) directory traversal
sequences in conjunction with some FTP commands. Specifically, the
attacker can use the DELETE FTP command to delete arbitrary files outside
of the FTP root directory. This may be exploited by the attacker to render
a system completely unusable.
This vulnerability was reported for PlatinumFTPserver 1.0.6. It is not
known whether other versions are affected.
12. PlatinumFTPserver Denial Of Service Vulnerability
BugTraq ID: 6494
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6494
Summary:
PlatinumFTPserver is a FTP server available for Microsoft Windows
operating systems.
It has been reported that PlatinumFTPserver fails to properly sanitize FTP
commands. By sending a malicious request to the vulnerable server, using
directory traversal sequences, it is possible for a remote attacker to
cause a denial of service condition.
An attacker can exploit this vulnerability by using specially crafted
dot-dot-slash (../) directory traversal sequences in conjunction with the
CD FTP command to cause a denial of service.
Restarting the vulnerable service will be necessary to restore
functionality.
This vulnerability was reported for PlatinumFTPserver 1.0.6. It is not
known whether other versions are affected.
13. Microsoft Visual SourceSafe Client-Side Access Control Weakness
BugTraq ID: 6495
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6495
Summary:
Microsoft Visual SourceSafe is software to manage development projects in
any programming language.
Microsoft Visual SourceSafe performs validation of permissions for access
control for projects on the client side, instead of on the server side.
This poses a security threat because a malicious client user may
potentially circumvent these security measures to gain unauthorized access
to protected files within a project. The only way to restrict access on
the server side is to set NTFS permissions, but these permissions must
reportedly be applied to an entire project and not individual project
files or folders.
If an attacker can exploit this weakness, it will be possible to gain
unauthorized access to restricted files within projects that the attacker
has access to. As a consequence, it may be possible for a malicious user
to view or modify sensitive data in project files. This has the potential
to violate security policy for development projects.
14. PEEL Remote File Include Vulnerability
BugTraq ID: 6496
Remote: Yes
Date Published: Dec 31 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6496
Summary:
PEEL is a catalog management system implemented in PHP.
PEEL is prone to an issue which may allow remote attackers to include
arbitrary files located on remote servers. This issue is present in the
'modeles/haut.php' script included with PEEL.
An attacker may exploit this by supplying a path to a maliciously created
file, located on an attacker-controlled host as a value for the '$dirroot'
or '$SESSION' parameters.
If the remote file is a PHP script, this may allow for execution of
attacker-supplied PHP code with the privileges of the webserver.
Successful exploitation may provide local access to the attacker.
This vulnerability was reported for PEEL 1.0b. It is not known whether
earlier versions are affected.
15. Perl-HTTPd File Disclosure Vulnerability
BugTraq ID: 6497
Remote: Yes
Date Published: Dec 31 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6497
Summary:
Perl-HTTPd is a web server implemented in Perl.
It has been reported that Perl-HTTPd fails to properly sanitize some web
requests. By exploiting this issue, an attacker is able to traverse
outside of the established web root by using dot-dot-slash (../) directory
traversal sequences. An attacker may be able to obtain any web server
readable files from outside of the web root directory.
Disclosure of sensitive system files may aid the attacker in launching
further attacks against the target system.
This vulnerability was reported for Perl-HTTPd 1.0 and 1.0.1.
16. ShadowJAAS Command Line Password Disclosure Vulnerability
BugTraq ID: 6498
Remote: No
Date Published: Dec 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6498
Summary:
ShadowJAAS is authentication software that allows users to authenticate to
Java applications using a local Linux user account with a shadowed
password.
ShadowJAAS is prone to a design error that may cause user credentials to
be disclosed to other local users.
Vulnerable versions of ShadowJAAS require that username and password
credentials are passed via the command line instead of through standard
input when a user authenticates. As a result, this information may be
accessible to other local users through various means (such as the 'ps'
utility).
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Macro and script viruses dying off
By John Leyden, The Register
The end of standard mass mailing worms is nigh - maybe as soon as before
the end of 2003. But there replacements - Trojans and Spyware - are much,
much worse.
http://online.securityfocus.com/news/1962
2. US military medical records stolen in burglary
By John Leyden, The Register
The medical and social security records of more than 500,000 retired and
serving US military personnel were stolen in a break-in last month.
Sensitive information, including names, addresses, social security
numbers, and some claims information with diagnoses of US servicemen, was
obtained when thieves stole computers from the corporate offices of
TriWest Healthcare Alliance in Phoenix, Arizona on December 14.
http://online.securityfocus.com/news/1963
3. FBI Arrests Russian Student Accused of Stealing Secret DirecTV
Documents
By Ted Bridis, The Associated Press
The FBI arrested a Russian college student Thursday who was accused of
stealing and distributing hundreds of secret documents about new
anti-piracy technology from DirecTV Inc., the nation's leading satellite
television company.
http://online.securityfocus.com/news/1960
4. Unhappy new Yaha
By John Leyden, The Register
A new version of the Yaha mass mailing email worm has been released, ready
to trip up the unwary on their return to work next week.
http://online.securityfocus.com/news/1946
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. DumpWin v2.0
by Network Intelligence India Pvt. Ltd.
Relevant URL:
http://www.nii.co.in/tools.html
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Dumpwin is a windows data gathering tool, which includes the functionality
of the tool DumpACL. In addition, DumpWin also gathers information about
the system, users, groups, drives, shares, running processes, installed
software, installed hardware, services, open ports, etc. It also dumps the
ACLs of user-specified files/folders and registry keys. It is useful for
auditors to dump all relevant data from a Windows system.
2. pfstats v0.1
by George Hedfors george (at) sr-71 (dot) nu [email concealed]
Relevant URL:
http://www.sr-71.nu/pfstats/
Platforms: OpenBSD, POSIX
Summary:
pfstats is a simple external script to MRTG, which generates statistics
taken from the pfctl(8) logfile. The statistics represent the number of
blocked incoming connections.
3. Nate Kohari's regular expression pipe v1.32
by Nate Kohari
Relevant URL:
http://www.lagfactory.net/projects/re/
Platforms: Perl (any system supporting perl)
Summary:
RE is a simple utility designed to aid in the management of files. Given a
directory name, a regular expression, and a regular shell command, it will
parse the filenames in the specified directory, matching them against the
regular expression, and then execute the command once for each matched
file using the filename as a parameter. It was originally designed to
mass-rename MP3 files based on part of the original filenames.
4. HotSaNIC v0.5.0-pre3
by Bernd Pissny bernisys (at) prima (dot) de [email concealed]
Relevant URL:
http://www.sourceforge.net/projects/hotsanic/
Platforms: Linux, POSIX
Summary:
HotSaNIC is a Web-based information center for Unix-based systems. It
gives you a graphical overview about certain network- and system
statistics. HotSaNIC is programmed (mainly in Perl 5) in a modular way to
give you a great flexibility of which items you like to use, and it can be
extended with further modules written by yourself or others.
5. AlarmMon v0.35
by Konstantin N. Terskikh
Relevant URL:
http://sourceforge.net/projects/alarmmon/
Platforms: Os Independent
Summary:
AlarmMon is an alarm monitoring system for TCP/IP networks. It consists of
an "alarm" client, an "alarmsvr" server, and several agents that work with
a central registration database. It can track the status of verious
services, including BIND, Sendmail, and modems, and send notifications by
email, SMS, or pager.
Jay's Iptables Firewall is a script with support for multiple
(external/internal) interfaces, TCP/UDP/ICMP control, masquerading,
synflood control, spoofing control, port forwarding, upload limits
(experimental), VPNs, ToS, denying hosts, ZorbIPTraffic, Spyware list IP,
log options and more. It doesn't flush all your existing iptables rules.
V. SECURITY JOBS SUMMARY
------------------------
1. Seeking information security opportunity (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/305052
2. ISS Certified Expert. Contract role in Middle East. January start. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/305013
3. Dror shalev (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/305011
4. Malcode Analyst -- Sydney, Australia (Thread)
Relevant URL:
6. ArcSight in Sunnyvale, California - Open jobs (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/304728
VI. INCIDENTS LIST SUMMARY
-------------------------
1. What constitutes authorized server access? - was Re: RPAT -Realtime Proxy Abuse Triangulation (Thread)
Relevant URL:
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Account Management (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/305008
2. SecurityFocus Microsoft Newsletter #119 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/304736
3. MDAC 2.7 SP1 now available as a standalone install (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/304675
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. NO NEW POSTS FOR THE WEEK ENDING 01.03.03
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. User?s and Shells (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/304877
2. RE : quotas on Redhat 7.3 problem (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/304596
XI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by GuardedNet - Transforming Security
Data into Knowledge neuSECURE - a Threat Management Solution Your CFO Will
Appreciate
neuSECURE isa centralized monitoring system that correlates and analyzes
event data from firewalls, IDS, hosts and routers for real-time attack
detection and response. It's proven to reduce the time you spend
investigating attacks and improves the value of your security
infrastructure.
Sign up to receive a paper entitled "Calculating the ROI of a neuSECURE
implementation" at <http://www.guarded.net/secondary/calculating_roi.html>
------------------------------------------------------------------------
-------
SecurityFocus Newsletter #178
-----------------------------
This Issue is Sponsored by GuardedNet - Transforming Security
Data into Knowledge neuSECURE - a Threat Management Solution Your CFO Will
Appreciate
neuSECURE isa centralized monitoring system that correlates and analyzes
event data from firewalls, IDS, hosts and routers for real-time attack
detection and response. It's proven to reduce the time you spend
investigating attacks and improves the value of your security
infrastructure.
Sign up to receive a paper entitled "Calculating the ROI of a neuSECURE
implementation" at <http://www.guarded.net/secondary/calculating_roi.html>
------------------------------------------------------------------------
-------
I. FRONT AND CENTER
1. Exchange 2000 in the Enterprise: Tips and Tricks Part One
2. Windows Forensics: A Case Study, Part 1
3. The Briscoe Syndrome
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL)
II. BUGTRAQ SUMMARY
1. Microsoft Windows File Protection Signed File Replacement...
2. Sun Solaris RPC AUTH_DES Privilege Escalation Vulnerability
3. Typespeed Local Buffer Overflow Vulnerability
4. SkyStream Edge Media Router-5000 Local Buffer Overflow...
5. monopd Remote Buffer Overflow Vulnerability
6. PHP wordwrap() Heap Corruption Vulnerability
7. Gallery Remote Code Execution Vulnerability
8. Leafnode Resource Exhaustion Denial Of Service Vulnerability
9. Web-cyradm Remote Denial of Service Vulnerability
10. PlatinumFTPServer Information Disclosure Vulnerability
11. PlatinumFTPServer Arbitrary File Deletion Vulnerability
12. PlatinumFTPserver Denial Of Service Vulnerability
14. PEEL Remote File Include Vulnerability
15. Perl-HTTPd File Disclosure Vulnerability
16. ShadowJAAS Command Line Password Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Macro and script viruses dying off
2. US military medical records stolen in burglary
3. FBI Arrests Russian Student Accused of Stealing Secret DirecTV...
4. Unhappy new Yaha
IV. SECURITYFOCUS TOP 6 TOOLS
1. DumpWin v2.0
2. pfstats v0.1
3. Nate Kohari's regular expression pipe v1.32
4. HotSaNIC v0.5.0-pre3
5. AlarmMon v0.35
6. Jay's Iptables Firewall v0.8.1.1 (dev)
V. SECURITYJOBS LIST SUMMARY
1. Seeking information security opportunity (Thread)
2. ISS Certified Expert. Contract role in Middle East. January...
3. Dror shalev (Thread)
4. Malcode Analyst -- Sydney, Australia (Thread)
5. Resume Submit - relocation (Thread)
6. ArcSight in Sunnyvale, California - Open jobs (Thread)
VI. INCIDENTS LIST SUMMARY
1. What constitutes authorized server access? - was Re: RPAT...
2. RPAT - Realtime Proxy Abuse Triangulation (Thread)
3. Mysterious "Support" account created on Win2k server (Thread)
4. PDL anti-spam blacklist (Thread)
5. Abnormally high Sub-Seven attack rate increase (Thread)
6. What constitutes authorized server access? - was Re: RPAT...
7. MS IIS 5 server is hacked leaving undeletable folders and files...
8. NC_S_ISLCK? (Thread)
9. Virus? Trojan? (Thread)
10. NIMDA - ceased ? - (Thread)
11. Random unprivileged TCP ports below 5000 kind-of open for...
VII. VULN-DEV RESEARCH LIST SUMMARY
1. ASM OpenBSD (Thread)
2. Query: BID 6273: PortailPhp SQL Injection Vulnerability. (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Account Management (Thread)
2. SecurityFocus Microsoft Newsletter #119 (Thread)
3. MDAC 2.7 SP1 now available as a standalone install (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NO NEW POSTS FOR THE WEEK ENDING 01.03.03
X. LINUX FOCUS LIST SUMMARY
1. User's and Shells (Thread)
2. RE : quotas on Redhat 7.3 problem (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Exchange 2000 in the Enterprise: Tips and Tricks Part One
By Tim Mullen
In this two-part article we will discuss an alternate configuration in
which we will utilize Microsoft's Internet Security and Acceleration (ISA)
Server, a third party SMTP Gateway (Trend Micro's Internet Messaging
Security Suite) and Exchange 2000. This sort of configuration is flexible
enough to be used in smaller installations that do not use a DMZ, or as
part of the DMZ configuration itself.
http://online.securityfocus.com/infocus/1654
2. Windows Forensics: A Case Study, Part One
by Stephen Barish
It's a security person's worst nightmare. You've just inherited a large,
diverse enterprise with relatively few security controls when something
happens. We all try to detect malicious activity at the perimeter of the
network by monitoring our intrusion detection systems, and watching
attackers bang futilely on our firewall. Even those attackers tricky
enough to slip through the firewall bounce harmlessly off our highly
secured servers, and trip alarms off throughout the network as they
attempt to compromise it. Reality is usually somewhat different: most of
us simply don't have the tools, or at least we don't have expensive,
dedicated tools. But we do have ways to stop the pain.
http://online.securityfocus.com/infocus/1653
3. The Briscoe Syndrome
By Mark Rasch
Fear of terrorism and a desire to cooperate with law enforcement has led
many corporate insiders to pony up sensitive information on their
customers to anyone with a badge... with no court order required.
http://online.securityfocus.com/columnists/132
4. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today?s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Windows File Protection Signed File Replacement Vulnerability
BugTraq ID: 6483
Remote: No
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6483
Summary:
Microsoft Windows ships with a component to verify digital signatures that
have been applied to system files and third-party code called 'Windows
File Protection' (WFP). A vulnerability in Windows File Protection has
been reported that may result in the re-introduction of vulnerable files
after fixes/patches have replaced them.
According to the report, Security Catalogs containing the hashes of old
files are kept in %WinDir%\System32\CatRoot after patches/fixes which
replace them have been deployed. If these patched files are somehow
overwritten with the vulnerable old files, Windows File Protection will
not detect the old files as being invalid due to the existent catalog
containing their hash.
This may allow for attackers to re-introduce onto a system and then
exploit vulnerable executables/files.
2. Sun Solaris RPC AUTH_DES Privilege Escalation Vulnerability
BugTraq ID: 6484
Remote: Yes
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6484
Summary:
Sun has reported a privilege escalation vulnerability for some versions of
Solaris.
The vulnerability occurs when certain RPC requests are made. Specifically,
the vulnerability exists for some RPC requests that involve AUTH_DES
authentication.
This vulnerability can be exploited by local or remote attackers to obtain
access to systems with elevated privileges. In some cases it is possible
for attackers to obtain root privileges.
This vulnerability has been reported to affect Sun Solaris 2.5.1 to 7.
3. Typespeed Local Buffer Overflow Vulnerability
BugTraq ID: 6485
Remote: No
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6485
Summary:
Typespeed is a game designed to test typing skills. It is available for
the Linux operating system. Typespeed is installed setgid 'games' by
default on the Debian Linux distribution.
A vulnerability has been discovered in Typespeed. It is possible to
trigger a buffer overflow in Typespeed by passing excessive data as a
user-supplied parameter. By exploiting this issue to overwrite sensitive
locations in memory it may be possible for a local attacker to execute
commands with elevated privileges.
The precise technical details regarding this vulnerability are not yet
known. This BID will be updated as further information becomes available.
4. SkyStream Edge Media Router-5000 Local Buffer Overflow Vulnerability
BugTraq ID: 6486
Remote: No
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6486
Summary:
SkyStream Edge Media Router-5000 (EMR5000) is a satellite network
connection router. It provides remote administration capabilities through
telnet or optionally a web interface.
The EMR5000 is prone to a buffer overflow. This vulnerability may be
exploited from the client shell (accessible via telnet) by an
authenticated user.
It is possible to trigger this condition by supplying an overly long
string to the command line, which will cause sensitive regions of memory
(such as stack variables) to be corrupted with attacker-supplied data.
This issue may be leveraged to cause arbitrary code to be executed with
elevated privileges.
5. monopd Remote Buffer Overflow Vulnerability
BugTraq ID: 6487
Remote: Yes
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6487
Summary:
monopd is game server for Monopoly-like board games. It is designed for
use with Linux variant operating systems.
A buffer overflow vulnerability has been reported for monopd. The
vulnerability occurs due to improper use of the vsprintf() function.
An attacker can exploit this vulnerability by supplying an overly long
command to the monopd server. This will trigger the buffer overflow
condition and result in the process corrupting memory with attacker
supplied values.
This vulnerability was reported for monopd 0.6.1 and earlier.
6. PHP wordwrap() Heap Corruption Vulnerability
BugTraq ID: 6488
Remote: Yes
Date Published: Dec 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6488
Summary:
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been discovered in the wordwrap() function which is a
built-in PHP function. Under some circumstances it may be possible to
trigger a heap corruption bug when supplying input to a script which uses
the vulnerable wordwrap() function. This issue exists due to insufficient
allocation of memory used to store wrapped text. Memory corrupted through
the wordwrap() function may be later referenced by the web server calling
the vulnerable script.
A malicious attacker may be able to exploit this issue to overwrite a
malloc header stored in the heap. This may cause an arbitrary word in
memory to be overwritten when corrupted chunk is released with the free()
function. By replacing a Global Offset Table entry with an address pointed
to attacker-supplied data, it may be possible for the attacker to execute
malicious instructions. Any code executed will be run with the privileges
of the web server that ran the vulnerable script.
7. Gallery Remote Code Execution Vulnerability
BugTraq ID: 6489
Remote: Yes
Date Published: Dec 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6489
Summary:
Gallery is an open source web based photo album. It is written in PHP and
is available for Linux and Unix variant as well as Microsoft Windows
operating systems.
A new feature supporting the Windows XP publishing subsystem in Gallery
1.3.2 has introduced a security vulnerability nearly identical to that
described in BID 5375.
The PHP script 'publish_xp_docs.php' attempts to include a file,
'init.php', from a path constructed using an uninitiated PHP variable.
Malicious remote clients may pass a value for that variable, specifying a
remote server as the location of the include file. By doing so, attackers
may force a remote server to execute arbitrary PHP code with the
privileges of the webserver.
8. Leafnode Resource Exhaustion Denial Of Service Vulnerability
BugTraq ID: 6490
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6490
Summary:
Leafnode is a USENET proxy server intended for sites with a small number
of readers.
A denial of service vulnerability has been reported for Leafnode. The
vulnerability occurs when Leafnode tries to retrieve certain news
postings. Specifically, Leafnode will consume all available CPU resources
when it tries to retrieve messages that have been cross-posted to several
groups.
An attacker can exploit this vulnerability by cross-posting to several
newsgroups where some groups are prefixes of others. When leafnode
attempts to retrieve these news articles by the message-id, the leafnode
nntpd server will will go into an infinite loop and consume all CPU
resources thereby leading to a denial of service condition.
This vulnerability affects Leafnode 1.9.20 to 1.9.29. The default
installation of Leafnode is not affected by this vulnerabilty.
9. Web-cyradm Remote Denial of Service Vulnerability
BugTraq ID: 6491
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6491
Summary:
Web-cryadm is a management tool written in PHP. It is used with a
Mailsystem built on Cyrus IMAP and Postfix. It is available for the Unix
and Linux operating systems.
A vulnerability has been discovered in Web-cyradm. A denial of service may
be triggered when attempting to administrate a domain when the necessary
IMAP daemon is not running. If this situation occurs the Web-cyradm
process will enter an infinite loop, generating errors. This issue occurs
due to invalid checks for a running IMAP daemon by the browseaccounts.php,
deleteaccount.php, and newaccount.php PHP scripts.
By exploiting this vulnerability it may be possible to consume network
resources causing legitimate requests to be denied. Under some
circumstances it may also cause the system to crash due to excessive CPU
utilization.
10. PlatinumFTPServer Information Disclosure Vulnerability
BugTraq ID: 6492
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6492
Summary:
PlatinumFTPserver is a FTP server available for Microsoft Windows
operating systems.
It has been reported that PlatinumFTPServer fails to properly sanitize
some FTP commands. An attacker is able to traverse outside of the
established FTP root by using dot-dot-slash (../) directory traversal
sequences in conjunction with some FTP commands. Specifically, the
attacker can use the DIR FTP command to obtain information about
potentially sensitive files located on a vulnerable system outside of the
FTP root directory.
Disclosure of sensitive system information may aid the attacker in
launching further attacks against the target system.
This vulnerability was reported for PlatinumFTPserver 1.0.6. It is not
known whether other versions are affected.
11. PlatinumFTPServer Arbitrary File Deletion Vulnerability
BugTraq ID: 6493
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6493
Summary:
PlatinumFTPserver is a FTP server available for Microsoft Windows
operating systems.
It has been reported that PlatinumFTPServer fails to properly sanitize
some FTP commands. An attacker is able to traverse outside of the
established FTP root by using dot-dot-slash (../) directory traversal
sequences in conjunction with some FTP commands. Specifically, the
attacker can use the DELETE FTP command to delete arbitrary files outside
of the FTP root directory. This may be exploited by the attacker to render
a system completely unusable.
This vulnerability was reported for PlatinumFTPserver 1.0.6. It is not
known whether other versions are affected.
12. PlatinumFTPserver Denial Of Service Vulnerability
BugTraq ID: 6494
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6494
Summary:
PlatinumFTPserver is a FTP server available for Microsoft Windows
operating systems.
It has been reported that PlatinumFTPserver fails to properly sanitize FTP
commands. By sending a malicious request to the vulnerable server, using
directory traversal sequences, it is possible for a remote attacker to
cause a denial of service condition.
An attacker can exploit this vulnerability by using specially crafted
dot-dot-slash (../) directory traversal sequences in conjunction with the
CD FTP command to cause a denial of service.
Restarting the vulnerable service will be necessary to restore
functionality.
This vulnerability was reported for PlatinumFTPserver 1.0.6. It is not
known whether other versions are affected.
13. Microsoft Visual SourceSafe Client-Side Access Control Weakness
BugTraq ID: 6495
Remote: Yes
Date Published: Dec 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6495
Summary:
Microsoft Visual SourceSafe is software to manage development projects in
any programming language.
Microsoft Visual SourceSafe performs validation of permissions for access
control for projects on the client side, instead of on the server side.
This poses a security threat because a malicious client user may
potentially circumvent these security measures to gain unauthorized access
to protected files within a project. The only way to restrict access on
the server side is to set NTFS permissions, but these permissions must
reportedly be applied to an entire project and not individual project
files or folders.
If an attacker can exploit this weakness, it will be possible to gain
unauthorized access to restricted files within projects that the attacker
has access to. As a consequence, it may be possible for a malicious user
to view or modify sensitive data in project files. This has the potential
to violate security policy for development projects.
14. PEEL Remote File Include Vulnerability
BugTraq ID: 6496
Remote: Yes
Date Published: Dec 31 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6496
Summary:
PEEL is a catalog management system implemented in PHP.
PEEL is prone to an issue which may allow remote attackers to include
arbitrary files located on remote servers. This issue is present in the
'modeles/haut.php' script included with PEEL.
An attacker may exploit this by supplying a path to a maliciously created
file, located on an attacker-controlled host as a value for the '$dirroot'
or '$SESSION' parameters.
If the remote file is a PHP script, this may allow for execution of
attacker-supplied PHP code with the privileges of the webserver.
Successful exploitation may provide local access to the attacker.
This vulnerability was reported for PEEL 1.0b. It is not known whether
earlier versions are affected.
15. Perl-HTTPd File Disclosure Vulnerability
BugTraq ID: 6497
Remote: Yes
Date Published: Dec 31 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6497
Summary:
Perl-HTTPd is a web server implemented in Perl.
It has been reported that Perl-HTTPd fails to properly sanitize some web
requests. By exploiting this issue, an attacker is able to traverse
outside of the established web root by using dot-dot-slash (../) directory
traversal sequences. An attacker may be able to obtain any web server
readable files from outside of the web root directory.
Disclosure of sensitive system files may aid the attacker in launching
further attacks against the target system.
This vulnerability was reported for Perl-HTTPd 1.0 and 1.0.1.
16. ShadowJAAS Command Line Password Disclosure Vulnerability
BugTraq ID: 6498
Remote: No
Date Published: Dec 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6498
Summary:
ShadowJAAS is authentication software that allows users to authenticate to
Java applications using a local Linux user account with a shadowed
password.
ShadowJAAS is prone to a design error that may cause user credentials to
be disclosed to other local users.
Vulnerable versions of ShadowJAAS require that username and password
credentials are passed via the command line instead of through standard
input when a user authenticates. As a result, this information may be
accessible to other local users through various means (such as the 'ps'
utility).
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Macro and script viruses dying off
By John Leyden, The Register
The end of standard mass mailing worms is nigh - maybe as soon as before
the end of 2003. But there replacements - Trojans and Spyware - are much,
much worse.
http://online.securityfocus.com/news/1962
2. US military medical records stolen in burglary
By John Leyden, The Register
The medical and social security records of more than 500,000 retired and
serving US military personnel were stolen in a break-in last month.
Sensitive information, including names, addresses, social security
numbers, and some claims information with diagnoses of US servicemen, was
obtained when thieves stole computers from the corporate offices of
TriWest Healthcare Alliance in Phoenix, Arizona on December 14.
http://online.securityfocus.com/news/1963
3. FBI Arrests Russian Student Accused of Stealing Secret DirecTV
Documents
By Ted Bridis, The Associated Press
The FBI arrested a Russian college student Thursday who was accused of
stealing and distributing hundreds of secret documents about new
anti-piracy technology from DirecTV Inc., the nation's leading satellite
television company.
http://online.securityfocus.com/news/1960
4. Unhappy new Yaha
By John Leyden, The Register
A new version of the Yaha mass mailing email worm has been released, ready
to trip up the unwary on their return to work next week.
http://online.securityfocus.com/news/1946
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. DumpWin v2.0
by Network Intelligence India Pvt. Ltd.
Relevant URL:
http://www.nii.co.in/tools.html
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Dumpwin is a windows data gathering tool, which includes the functionality
of the tool DumpACL. In addition, DumpWin also gathers information about
the system, users, groups, drives, shares, running processes, installed
software, installed hardware, services, open ports, etc. It also dumps the
ACLs of user-specified files/folders and registry keys. It is useful for
auditors to dump all relevant data from a Windows system.
2. pfstats v0.1
by George Hedfors george (at) sr-71 (dot) nu [email concealed]
Relevant URL:
http://www.sr-71.nu/pfstats/
Platforms: OpenBSD, POSIX
Summary:
pfstats is a simple external script to MRTG, which generates statistics
taken from the pfctl(8) logfile. The statistics represent the number of
blocked incoming connections.
3. Nate Kohari's regular expression pipe v1.32
by Nate Kohari
Relevant URL:
http://www.lagfactory.net/projects/re/
Platforms: Perl (any system supporting perl)
Summary:
RE is a simple utility designed to aid in the management of files. Given a
directory name, a regular expression, and a regular shell command, it will
parse the filenames in the specified directory, matching them against the
regular expression, and then execute the command once for each matched
file using the filename as a parameter. It was originally designed to
mass-rename MP3 files based on part of the original filenames.
4. HotSaNIC v0.5.0-pre3
by Bernd Pissny bernisys (at) prima (dot) de [email concealed]
Relevant URL:
http://www.sourceforge.net/projects/hotsanic/
Platforms: Linux, POSIX
Summary:
HotSaNIC is a Web-based information center for Unix-based systems. It
gives you a graphical overview about certain network- and system
statistics. HotSaNIC is programmed (mainly in Perl 5) in a modular way to
give you a great flexibility of which items you like to use, and it can be
extended with further modules written by yourself or others.
5. AlarmMon v0.35
by Konstantin N. Terskikh
Relevant URL:
http://sourceforge.net/projects/alarmmon/
Platforms: Os Independent
Summary:
AlarmMon is an alarm monitoring system for TCP/IP networks. It consists of
an "alarm" client, an "alarmsvr" server, and several agents that work with
a central registration database. It can track the status of verious
services, including BIND, Sendmail, and modems, and send notifications by
email, SMS, or pager.
6. Jay's Iptables Firewall v0.8.1.1 (dev)
by Jerome Nokin
Relevant URL:
http://www.wallaby.be/firewall.php
Platforms: Linux, POSIX
Summary:
Jay's Iptables Firewall is a script with support for multiple
(external/internal) interfaces, TCP/UDP/ICMP control, masquerading,
synflood control, spoofing control, port forwarding, upload limits
(experimental), VPNs, ToS, denying hosts, ZorbIPTraffic, Spyware list IP,
log options and more. It doesn't flush all your existing iptables rules.
V. SECURITY JOBS SUMMARY
------------------------
1. Seeking information security opportunity (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/305052
2. ISS Certified Expert. Contract role in Middle East. January start. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/305013
3. Dror shalev (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/305011
4. Malcode Analyst -- Sydney, Australia (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/304794
5. Resume Submit - relocation (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/304741
6. ArcSight in Sunnyvale, California - Open jobs (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/304728
VI. INCIDENTS LIST SUMMARY
-------------------------
1. What constitutes authorized server access? - was Re: RPAT -Realtime Proxy Abuse Triangulation (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/305038
2. RPAT - Realtime Proxy Abuse Triangulation (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/305031
3. Mysterious "Support" account created on Win2k server (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/305016
4. PDL anti-spam blacklist (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/305005
5. Abnormally high Sub-Seven attack rate increase (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304997
6. What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304999
7. MS IIS 5 server is hacked leaving undeletable folders and files (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304998
8. NC_S_ISLCK? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304958
9. Virus? Trojan? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304966
10. NIMDA - ceased ? - (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304682
11. Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/304576
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. ASM OpenBSD (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/304604
2. Query: BID 6273: PortailPhp SQL Injection Vulnerability. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/304583
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Account Management (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/305008
2. SecurityFocus Microsoft Newsletter #119 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/304736
3. MDAC 2.7 SP1 now available as a standalone install (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/304675
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. NO NEW POSTS FOR THE WEEK ENDING 01.03.03
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. User?s and Shells (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/304877
2. RE : quotas on Redhat 7.3 problem (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/304596
XI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by GuardedNet - Transforming Security
Data into Knowledge neuSECURE - a Threat Management Solution Your CFO Will
Appreciate
neuSECURE isa centralized monitoring system that correlates and analyzes
event data from firewalls, IDS, hosts and routers for real-time attack
detection and response. It's proven to reduce the time you spend
investigating attacks and improves the value of your security
infrastructure.
Sign up to receive a paper entitled "Calculating the ROI of a neuSECURE
implementation" at <http://www.guarded.net/secondary/calculating_roi.html>
------------------------------------------------------------------------
-------
[ reply ]