I. FRONT AND CENTER
1. U.S. Information Security Law, Part 2
2. The Reality of Perception
3. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
1. PostNuke File Path Disclosure Vulnerability
2. Snort Evasion Echo Flag Port Scan Vulnerability
3. Alexandria / SourceForge Cross Site Scripting Vulnerability
4. Alexandria / SourceForge CRLF Injection Vulnerability
5. Alexandria / SourceForge File Disclosure Vulnerability
6. Multiple Vendor Web Browser LiveConnect JavaScript Denial Of...
7. Mutt IMAP Remote Folder Buffer Overflow Vulnerabilities...
8. Beanwebb Guestbook HTML Injection Vulnerability
9. Beanwebb Guestbook Unauthorized Administrative Access...
10. Justice Guestbook HTML Injection Vulnerability
11. Sendmail Address Prescan Memory Corruption Vulnerability
12. Justice Guestbook Path Disclosure Vulnerability
13. ScozBook HTML Injection Vulnerability
14. ScozBook Path Disclosure Vulnerability
15. CCGuestBook HTML Injection Vulnerability
16. CCLog HTTP Header HTML Injection Vulnerability
17. Solaris lpstat Buffer Overflow Vulnerability
18. Solaris dtsession HOME Buffer Overflow Vulnerability
19. Oracle JDBC Daylight Savings Time Timestamp Weakness
20. EZ Server Long Argument Local Denial Of Service Vulnerability
21. SAP DB RPM Install World Writable Binary Vulnerability
22. InstantServers MiniPortal SOHO Anonymous Users Privileges...
23. HP Instant TopTools Remote Denial Of Service Vulnerability
24. Kerio WinRoute Firewall Malformed HTTP GET Request Denial of...
25. Apple QuickTime Player Custom URL Vulnerability
26. PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability
27. Multiple HP Tru64 C Library Vulnerabilities
28. HP MPE/iX Unspecified FTP Privileged Data Access Vulnerability
29. PowerFTP FTP Command Buffer Overflow Denial Of Service...
30. Sun Solaris NewTask Local Privilege Elevation Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Fear of a Million Big Brothers
2. Report: Info sharing centers not sharing so much
3. Former hacker warns lawmakers about dangers to personal...
4. Cut software piracy and jumpstart 'stagnant' economies
IV. SECURITYFOCUS TOP 6 TOOLS
1. SRG v1.0b1
2. RainPortal v1.0
3. Trusted Debian v0.9.1
4. Async Blockreport v1.0
5. Socks Server 5 v1.3
6. bungmeter v1.0.2
V. SECURITYJOBS LIST SUMMARY
1. Deloitte & Touche: Security Architecture & Design Professionals...
2. Educational Relationship Representative - Contract Part Time...
3. Deloitte & Touce: Network Security Professionals Wanted (Thread)
4. Looking for Secuirty Specialists (Thread)
5. (job offered) Full-time salaried Security Consultants in WA...
6. Seeking employment in the UK - 20 years' experience (Thread)
7. Chief Security Officer (CSO) London, UK, Paris, France. (Thread)
8. QA Position at eEye Digital Security, Aliso Viejo, CA (Thread)
9. Looking for work in NYC. (Thread)
10. JOB POSTING: Mgr, Trending & Analysis (Thread)
11. Washington DC Opportunity (Thread)
12. New Position/Fayetteville, NC (Thread)
13. Resume: Network Security Candidate (Thread)
14. Symantec in Redwood City is hiring a Sr Security...
15. Network Security Analyst, Mechanicsburg, PA (Thread)
16. looking for a security postion (Thread)
17. new requirement (Thread)
18. JOB POSTING (Thread)
19. Engineers Pre and Post Sales (Thread)
20. Sr. Project Manager - Cleveland, Ohio (Thread)
21. FW: Security Sales Consultant for France (Thread)
22. Security Sales Consultant for Belgium (Thread)
VI. INCIDENTS LIST SUMMARY
1. RECAP: possible rootkit, maybe partial? (Thread)
2. Logon.dll? Possible root-kit? (Thread)
3. UDP traffic to net and broadcast addresses (Thread)
4. Increase in Source to Port 445 (Thread)
5. Logon/Logoff Failure Events (Thread)
6. UDP scans from AOL NS boxes? (Thread)
7. Field Report: New Worm (Thread)
8. possible rootkit, maybe partial? (Thread)
9. [0.5OT answer]possible rootkit, maybe partial? (Thread)
10. [CERT] possible rootkit, maybe partial? (Thread)
11. Increase of attempts on port 635 in last couple days (Thread)
12. SQL Slammer Variant? (Thread)
13. POP3 logon attempts (Thread)
14. Why alerts on ports 1025-1029, 1036 (Thread)
15. Educational Incident Data Comparison Pilot (X-Post) (Thread)
16. New Article: U.S. Information Security Law, Part 2 (Thread)
17. WebDAV Exploit Lab (Thread)
18. new attack tool combining SMB and WebDAV? (Thread)
19. [CERT] Why alerts on ports 1025-1029, 1036 (Thread)
20. strange DNS behavior over the last 2 days (Thread)
21. California State Bill SB1386 (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. IkonBoard v3.1.1: arbitrary command execution (Thread)
2. AOL 8.0 and discover.xml (Thread)
3. Generating Hex Numbers to brute force rs_iis.c (Thread)
4. @(#)Mordred Labs advisory - Integer overflow in PHP...
5. @(#)Mordred Labs advisory - Integer overflow in PHP...
6. Webserver CVS (In)Security (Thread)
7. webdav with sp0/1 (Thread)
8. Sendmail's prescan exploit thoughts (Thread)
9. WebDAV and SMB?!? (Thread)
10. Sambar Server "Buffer OverFlow" Vulnerabilities (Thread)
11. Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit...
12. WebDAV Exploit Lab (Thread)
13. Automatic discovery of shellcode address (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. LDAP V3 in Active Directory (Thread)
2. Article Announcement: U.S. Information Security Law, Part 2...
3. SecurityFocus Microsoft Newsletter #131 (Thread)
4. Honeynet Scan of the Month for April released (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NO NEW POSTS FOR THE WEEKENDING 04.04.03
X. LINUX FOCUS LIST SUMMARY
1. Live Upgrade for Linux (Thread)
2. Red Hat: To patch or to upgrade? (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. U.S. Information Security Law, Part 2
By Steven Robinson
This is the second part of a four-part series looking at U.S. information
security laws and the way those laws affect security professionals. In
this installment, we will look at the legal framework for security of an
enterprise's working environment from the perspective of information
security professionals, with particular emphasis on the protection of
communications.
http://www.securityfocus.com/infocus/1681
2. The Reality of Perception
By Tim Mullen
A new poll finds that seventy-seven percent of security professionals
believe Microsoft products are insecure. But a closer look at the survey
tells a far more interesting story.
http://www.securityfocus.com/columnists/152
3. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
II. BUGTRAQ SUMMARY
-------------------
1. PostNuke File Path Disclosure Vulnerability
BugTraq ID: 7218
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7218
Summary:
PHP-Nuke is a web based Portal system. Implemented in PHP, it is available
for a range of systems, including Unix, Linux, and Microsoft Windows.
Multiple path disclosure vulnerabilities have been reported in various PHP
scripts used by PHP-Nuke. The issue occurs when a request is made which
includes invalid URI 'file' parameters to the 'Stats' or 'Members_List'
pages.
The affected scripts do not provide sufficient error handling for this
circumstance and as such, may display an error page containing sensitive
information path information. Access to sensitive filesystem information
may aid an attacker in launching further attacks against a target system.
2. Snort Evasion Echo Flag Port Scan Vulnerability
BugTraq ID: 7220
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7220
Summary:
Snort is a freely available, open source intrusion detection system. It
is available for Unix, Linux, and Microsoft Windows platforms.
It has been reported that a vulnerability exists in the default
configuration of Snort. Due to this issue it is possible for a user to
evade detection while performing some types of scans.
The problem is in the detection of specifically crafted packets. When a
port scan is initiated with the TCP SYN, FIN, and ECN flags set, the
default configuration of snort will not register these packets as an IDS
event. This could permit an attacker to gather information on network
resources that could be used for more organized attack against systems.
This problem has been reported in version 1.9.1, though earlier versions
may be affected.
3. Alexandria / SourceForge Cross Site Scripting Vulnerability
BugTraq ID: 7223
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7223
Summary:
Alexandria is a freely available project management system. VA Software
SourceForge is a modified version of Alexandria.
Alexandria does not adequately filter some HTML code thus making it prone
to cross-site scripting attacks. It is possible for a remote attacker to
create a malicious link containing script code which will be executed in
the browser of a legitimate user.
It has been reported that sections of Alexandria that display a user's
resume are prone to cross site scripting attacks. Any attacker-supplied
code will be executed within the context of the website running
Alexandria.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for Alexandria 2.5 and 2.0.
Alexandria is a freely available project management system. VA Software
SourceForge is a modified version of Alexandria.
A vulnerability has been reported for Alexandria that may allow remote
attackers to use the Alexandria system for proxying of unsolicited e-mail.
The vulnerability exists in the 'sendmessage.php' script file.
There is no input validation performed on user-supplied data passed to
functions in the 'sendmessage.php' script file. As a result, malicious
users may embed CR/LF sequences to inject additional headers into outgoing
messages.
Attackers may exploit this weakness to manipulate the structure of
outgoing messages. For example, it may be possible for attackers to set
the recipient to an arbitrary value. This could be leveraged by
individuals to send mass unsolicited mail in a manner similar to how
"formmail" is actively exploited (BID 3955).
This vulnerability was reported for Alexandria 2.5 and 2.0.
Alexandria is a freely available project management system. VA Software
SourceForge is a modified version of Alexandria.
A vulnerability has been reported for Alexandria that may result in the
disclosure of sensitive files to remote attackers.
The vulnerability occurs in the 'docman/new.php' and 'patch/index.php'
script files which allow the uploading of files. Due to insufficient
checks performed by these scripts, it is possible for an attacker to
specify any web server readable files as the files that were recently
uploaded. This will result in the disclosure of the contents of these
files to remote attackers.
This vulnerability was reported for Alexandria 2.5 and 2.0.
6. Multiple Vendor Web Browser LiveConnect JavaScript Denial Of Service
Vulnerability
BugTraq ID: 7227
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7227
Summary:
A denial of service vulnerability has been reported for several browsers.
The vulnerability occurs when executing certain malformed JavaScript
enabled pages.
An attacker can exploit this vulnerability by creating a malicious
javascript page which makes a call to certain methods. When an affected
browser is used to view the malformed page, it will cause the Java Virtual
Machine to crash, resulting in a denial of service condition.
Mutt is a freely available, open source mail user agent. It is available
for the Unix and Linux operating systems.
Buffer overrun vulnerabilities have been reported for Mutt. These
vulnerabilities are similar to the issues described in BID 7120, Mutt
UTF-7 Internationalized Remote Folder Buffer Overrun Vulnerability.
Mutt provides functionality that allows a remote user to read e-mail from
folders through Internet Message Access Protocol (IMAP). A specially
crafted folder on an IMAP server may be able to trigger these overflow
conditions to cause the vulnerable mutt client to crash. Although
unconfirmed, it may be possible to execute attacker-supplied code with the
privileges of the mutt process.
Further details of this vulnerability are currently unknown. This BID will
be updated as more information becomes available.
These vulnerabilities were reported for Mutt 1.3.28 and earlier.
8. Beanwebb Guestbook HTML Injection Vulnerability
BugTraq ID: 7231
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7231
Summary:
Beanwebb Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
Guestbook does not adequately filter some HTML code thus making it prone
to HTML injection attacks.
It has been reported that Guestbook does not sufficiently filter
user-supplied values from the 'name', 'email' and 'comment' variables on
the 'add.php' page. As a result, attackers may embed malicious script code
or HTML into Guestbook posts. When a malicious post is viewed by another
user, the attacker-supplied code will be interpreted in their web browser
in the security context of the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for Guestbook 1.0.
Beanwebb Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
A vulnerability has been reported for Guestbook that may allow remote
attackers to obtain unauthorized access to administrative functions.
The vulnerability is likely due to insufficient permissions on the
'admin.php' script file. Typically, access to this script file should be
restricted to trustworthy individuals only.
This vulnerability has been reported for Guestbook 1.0.
10. Justice Guestbook HTML Injection Vulnerability
BugTraq ID: 7233
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7233
Summary:
Justice Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
It has been reported that Guestbook does not sufficiently filter
user-supplied values from the 'name', 'homepage', 'aim', 'yim' 'location'
and 'comment' variables on the 'jgb.php3' page. As a result, attackers may
embed malicious script code or HTML into Guestbook posts. When a malicious
post is viewed by another user, the attacker-supplied code will be
interpreted in their web browser in the security context of the site
hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for Guestbook 1.3.
It has been reported that Sendmail is affected by a memory corruption
condition that is likely remotely exploitable. The flaw is present in the
prescan() procedure, one that is used for processing e-mail addresses in
SMTP headers. This function is implemented in the source code file
"parseaddr.c". It is at least theoretically possible that this condition
may be exploited by remote attackers to execute instructions on target
systems. This vulnerability is due to a logic error in the conversion of
a char to an integer value.
The condition occurs when Sendmail converts an externally supplied
character byte to an integer type. It is possible for the byte to be
converted to a special control value (-1) that will result in disabling of
bounds checking. This is because the integer type is assigned to the
value of a signed char without casting it as unsigned:
c = *p++;
The char value 0xFF will cause c to be assigned to the integer
representation of -1, the 'NOCHAR' control value. Bounds checking is
disabled when the value of the current character (c) is 'NOCHAR'.
This leads to the potential for malicious data to be written beyond the
boundaries of the buffer allocated to store it. Attackers may exploit
this condition to overwrite potentially sensitive values on the stack with
some degree of control.
The discoverer of this condition has reported that it was successfully
exploited to execute code locally. It is likely that this vulnerability
can be exploited remotely as well.
This vulnerability is eliminated in Sendmail version 8.12.9.
Administrators are advised to upgrade as soon as possible.
Justice Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
A path disclosure vulnerability has been reported for Guestbook. The issue
occurs when a request is made to the cfooter.php3 PHP script page.
The affected script does not provide sufficient error handling for this
circumstance and as such, may display an error page containing sensitive
information path information. Access to sensitive filesystem information
may aid an attacker in launching further attacks against a target system.
This vulnerability was reported for Justice Guestbook 1.3.
13. ScozBook HTML Injection Vulnerability
BugTraq ID: 7235
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7235
Summary:
ScozBook is guestbook software implemented in PHP. It is available for a
variety of platforms including Linux and Unix variant operating
environments.
It has been reported that ScozBook does not sufficiently filter
user-supplied values from the 'username', 'useremail', 'aim', 'msn',
'sitename' and 'siteaddy' variables on the 'add.php' page. As a result,
attackers may embed malicious script code or HTML into ScozBook posts.
When a malicious post is viewed by another user, the attacker-supplied
code will be interpreted in their web browser in the security context of
the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for ScozBook 1.1 BETA.
14. ScozBook Path Disclosure Vulnerability
BugTraq ID: 7236
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7236
Summary:
ScozBook is guestbook software implemented in PHP. It is available for a
variety of platforms including Linux and Unix variant operating
environments.
A path disclosure vulnerability has been reported for ScozBook. The issue
occurs when a request is made to the view.php script page with an
arbitrary value for the 'PG' URI variable.
The affected script does not provide sufficient error handling for this
circumstance and as such, may display an error page containing sensitive
information path information. Access to sensitive filesystem information
may aid an attacker in launching further attacks against a target system.
This vulnerability was reported for ScozBook 1.1 BETA.
15. CCGuestBook HTML Injection Vulnerability
BugTraq ID: 7237
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7237
Summary:
It has been reported that CCGuestBook does not sufficiently filter
user-supplied values from the 'name' and 'webpage title' fields on the
'cc_guestbook.pl' page. As a result, attackers may embed malicious script
code or HTML into CCGuestBook posts. When a malicious post is viewed by
another user, the attacker-supplied code will be interpreted in their web
browser in the security context of the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
16. CCLog HTTP Header HTML Injection Vulnerability
BugTraq ID: 7238
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7238
Summary:
CCLog is a script that logs all hits to a certain web site.
It has been reported that CCLog does not sufficiently filter user-supplied
values for some HTTP headers. Specifically, the script, cc_log.pl, does
not sanitize the values for the 'User-Agent' and 'Referer' HTTP headers.
As a result, attackers may embed malicious script code or HTML into
specially crafted HTTP requests. When CCLog is used to assemble a HTML
version of web site hits and is viewed by another user, the
attacker-supplied code will be interpreted in their web browser in the
security context of the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
17. Solaris lpstat Buffer Overflow Vulnerability
BugTraq ID: 7239
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7239
Summary:
The lpstat utility is used to display the contents of the print queue.
It has been reported that the version of lpstat shipped with Sun Solaris
is vulnerable to a locally exploitable buffer overflow. As lpstat for
Solaris is configured setuid root, exploitation of this vulnerability
could result in elevation of privileges for a local attacker.
The condition occurs when lpstat is invoked as lpq, a symbolic link
pointing to the lpstat binary (for BSD compatability). The function
bsd_queue() attempts to append user-supplied data to a local buffer using
the C library function strcat(). As this function has no bounds checking,
a stack-based buffer overflow condition is present. Local attackers may
exploit this condition to overwrite the return address of the affected
procedure and execute instructions with effective root privileges.
18. Solaris dtsession HOME Buffer Overflow Vulnerability
BugTraq ID: 7240
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7240
Summary:
dtsession, included with Solaris and several other operating systems, is
the CDE session manager. It is installed setuid root by default.
It has been reported that dtsession is vulnerable to a locally exploitable
buffer overflow vulnerability. The vulnerability is related to handling
of the HOME environment variable. An overflow in heap memory allegedly
occurs when the environment variable is of excessive length. This
condition may be exploited by attackers to corrupt sensitive structures in
the heap. This may result in arbitrary addresses being overwritten when
free() is called, allowing an attacker to execute instructions with the
root privileges of the dtsession process.
While only Solaris is confirmed, other systems that include CDE are likely
vulnerable.
19. Oracle JDBC Daylight Savings Time Timestamp Weakness
BugTraq ID: 7241
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7241
Summary:
The JDBC thin driver is a component of the Oracle Database. Oracle is
available for Unix, Linux, and Microsoft operating systems.
A problem with the software may lead to log inconsistency.
It has been reported that the JDBC thin driver distributed with Oracle
databases does not sufficiently handle some timestamps. Because of this,
transaction times in Oracle logs and databases may be inaccurate.
The problem is in the handling of daylight savings time. It has been
reported that errors occur during the hour in which daylight savings time
occurs. Timestamps entered by the driver may be inaccurate, and could
thus lead to a loss of integrity of log files.
20. EZ Server Long Argument Local Denial Of Service Vulnerability
BugTraq ID: 7243
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7243
Summary:
EZ Server is a freely available FTP and HTTP server. It is available for
the Microsoft Operating System.
A problem with the software may make a denial of service possible.
It has been reported that the EZ Server software does not sufficiently
handle strings of excessive length in some circumstances. Because of
this, a remote attacker may be able to deny service to legitimate users of
the system.
The problem is in the handling of arguments to FTP commands. An argument
issued with an FTP command that is of excessive length may cause the
server to crash. This vulnerability was reportedly reproduced using a
minimum of 1994 bytes of data with FTP commands such as cd and ls.
This vulnerability may be a memory corruption issue, and potentially an
exploitable buffer overrun. If this is the case, it is possible for an
attacker with login access to the vulnerable FTP server to execute code
with the privileges of the server software.
21. SAP DB RPM Install World Writable Binary Vulnerability
BugTraq ID: 7242
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7242
Summary:
SAP DB is a free enterprise level database available for Microsoft
Windows, Linux, Solaris, AIX, Tru64, and HP-UX platforms.
When SAP DB is installed using RPM packages, insecure permissions are left
on two binaries.
After performing the installation, the lserver and dbmsrv binaries have
'777' permissions. This allows any user on the system to write to the
binaries.
It should be noted that this vulnerability only exists when SAP DB is
installed using RPM packages. Installing SAP DB from tgz packages will
leave these binaries with '755' permissions.
InstantServers MiniPortal is a web server package for Windows based
machines, based on the Apache project web server. It includes a web based
administrative interface, and a bundled FTP server.
An issue in MiniPortal may make it possible for remote users to perform
unauthorized actions.
It has been reported that MiniPortal SOHO does not sufficiently restrict
the anonymous user. Because of this, a default configuration may make
remote denial of service attacks possible.
The problem is in the permission scheme implemented with a default
installation. Reports indicate that the default does not restrict a user
from creating and deleting files on the deployed server. This could
potentially lead to denial of service attack, or local access to the
vulnerable host by an unauthorized user.
23. HP Instant TopTools Remote Denial Of Service Vulnerability
BugTraq ID: 7246
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7246
Summary:
Instant TopTools is a remote system monitoring software package
distributed by HP. Instant TopTools is available for Unix, Linux, and
Microsoft operating systems.
A problem with the software could make a denial of service possible.
It has been reported that Instant TopTools does not properly handle some
types of requests. Because of this, a remote user could potentially deny
service to a host using the vulnerable software.
The problem is in the handling of the Instant TopTools calling itself.
When a request is issued where the Instant TopTools hpnst.exe program
calls itself, the program enters a loop, and begins consuming resources.
Multiple requests will render the vulnerable host unusable, requiring a
reboot to resume normal function.
This problem has been reported to affect Instant TopTools on the Microsoft
Windows platform. Other platforms may also be affected.
24. Kerio WinRoute Firewall Malformed HTTP GET Request Denial of Service Vulnerability
BugTraq ID: 7245
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7245
Summary:
Kerio WinRoute Firewall is an enterprise level firewall that performs
stateful packet inspection. It runs on Windows NT/2000/XP.
The WinRoute Firewall is vulnerable to a denial of service when a
malformed HTTP GET request is sent to the Web Administration interface.
This results in the firewall consuming 100% of CPU resources on the
system.
If the GET request is missing the Host: parameter, the firewall will
consume 100% of CPU resources, resulting in a loss of more than half of
future connection requests.
The Web Administration interface is not enabled by default.
25. Apple QuickTime Player Custom URL Vulnerability
BugTraq ID: 7247
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7247
Summary:
QuickTime Player is the media player distributed by Apple for QuickTime
Media Files. This problem affects the player on the Microsoft Windows
platform.
A problem in the software may make remote code execution possible.
It has been reported that the QuickTime Player does not properly handle
some types of URLs. Because of this, a remote attacker may be able to
execute arbitrary commands on the vulnerable system.
Few technical details are available concerning this vulnerability. It is
known that for an attack to be successful, a user must load a
maliciously-crafted URL into the QuickTime Player. It is also known that
loading the URL results in the execution of arbitrary code as the
QuickTime user.
Initial reports indicate that this issue is a buffer overrun
vulnerability. If this is the case, it would be possible for the attacker
to place malicious instructions in the URL supplied to the target user.
When the URL is loaded into the player, the instructions contained in the
URL would be executed with the privileges of the user invoking QuickTime.
This vulnerability has been reported to affect QuickTime on only the
Microsoft Windows platform.
26. PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability
BugTraq ID: 7248
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7248
Summary:
PHP-Nuke is a web-based portal system. Implemented in PHP, it is available
for a range of systems, including Unix, Linux, and Microsoft Windows.
The PHP-Nuke 'block-Forums.php' script does not sufficiently sanitize data
supplied via form fields, making it prone to HTML injection attacks. In
particular, the subject field is not sanitized of HTML tags. This could
allow for execution of hostile HTML and script code in the web client of a
user who visits a web page that contains the malicious code. This would
occur in the security context of the site hosting the software.
Exploitation could allow for theft of cookie-based authentication
credentials or other attacks.
27. Multiple HP Tru64 C Library Vulnerabilities
BugTraq ID: 7249
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7249
Summary:
HP has recently issued fixes for numerous security vulnerabilities in the
implementation of the C library for Tru64. These vulnerabilities may
affect many programs with a variety of consequences including local
privilege escalation, denial of service and, remote root compromise.
This entry may be modified during analysis as some of the reported
vulnerabilities are already in the Symantec vulnerability database. The
reported vulnerabilities are:
- SSRT2322 Bind resolver exploit in ISC
- SSRT2384 TCP exploit denies all RPC service
- SSRT2341 calloc() potential overflow
- SSRT2439 xdrmem_getbytes() potential overflow
- SSRT2412 portmapper hang after port scan with C2 enabled
28. HP MPE/iX Unspecified FTP Privileged Data Access Vulnerability
BugTraq ID: 7250
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7250
Summary:
MPE/iX is an Internet-ready operating system for the HP e3000 class
servers.
A vulnerability has been reported for the ftp binary shipped with MPE/ix
systems. Exploitation of the vulnerability may result in remote attackers
obtaining access to sensitive data on vulnerable systems.
Further information about this vulnerability is currently unknown. This
BID will be updated as more information becomes available.
29. PowerFTP FTP Command Buffer Overflow Denial Of Service Vulnerability
BugTraq ID: 7251
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7251
Summary:
PowerFTP server is a shareware ftp server available for the Microsoft
Windows platform. It is distributed and maintained by Cooolsoft.
A buffer overflow vulnerability has been reported for PowerFTP. This
vulnerability occurs when overly long values are supplied for some FTP
commands. Specifically, the 'ls' and 'cd' commands are vulnerable to
exploitation.
An attacker can exploit this vulnerability by connecting to a vulnerable
system and sending an overly long value, consisting of at least 1994
characters, to either the 'ls' or 'cd' commands. This will trigger the
overflow condition and will cause PowerFTP to crash thereby resulting in a
denial of service.
Although unconfirmed, it may be possible to exploit this vulnerability to
run attacker-supplied code with the privileges of PowerFTP.
This vulnerability was reported for PowerFTP 2.25.
30. Sun Solaris NewTask Local Privilege Elevation Vulnerability
BugTraq ID: 7252
Remote: No
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7252
Summary:
Solaris is the freely available UNIX Operating System variant distributed
and maintained by Sun Microsystems.
A problem in the operating system could permit a local user to gain
unauthorized privileges.
It has been reported that a privilege elevation vulnerability exists in
the Solaris newtask program. Because of this, an attacker may be able to
gain elevated privileges, and potentially compromise the integrity of the
vulnerable host.
newtask is a task management program that can be used to either initiate a
new task owned by a specific project in the executing user's shell, or
change the task of an already running process. The program is installed
with setuid root privileges.
Few technical details concerning this vulnerability are available. It is
known that this issue could permit a local user to gain administrative
access. This may be due to either a boundary condition error, or an input
validation error. In either instance, commands executed through abuse of
the program will be executed with the privileges of the administrative
user.
31. Red Hat Linux 9 vsftpd Compiling Error Weakness
BugTraq ID: 7253
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7253
Summary:
vsftpd is a GPL licensed secure FTP server for UNIX and Linux platforms.
tcp_wrappers is an IP packet filtering facility for UNIX and Linux
platforms.
In Red Hat Linux 9, vsftpd was switched to a standalone service instead of
being run by xinetd. When this change was made, vsftpd was not compiled
against tcp_wrappers.
Because of this, the vsftpd user is unable to perform any IP packet
filtering on access to the FTP server.
This issue only affects Red Hat Linux 9 boxed sets that were manufactured
for sale in the United States. The affected part numbers are RHF0120US
and RHF0121US. Versions of Red Hat 9 that were downloaded or purchased
from international boxed sets are not affected.
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Fear of a Million Big Brothers
By Kevin Poulsen
The U.S. government's surveillance push isn't the only thing on the minds
of privacy advocates this year. Concern is growing about the trails
netizens leave in routine Web server logs, and who's seeing them. ... >>
http://www.securityfocus.com/news/3711
2. Report: Info sharing centers not sharing so much
By Kevin Poulsen
Critical infrastructure providers still keep some attacks secret from the
government, fearing public disclosure.
http://www.securityfocus.com/news/3690
3. Former hacker warns lawmakers about dangers to personal financial
information
By David Ho, The Associated Press Apr 3 2003 4:02PM
A convicted computer hacker told lawmakers Thursday that many attacks on
companies that hold consumer financial information go undetected because
of poor security.
http://www.securityfocus.com/news/3704
4. Cut software piracy and jumpstart 'stagnant' economies
By Tim Richardson, The Register
Clamping down on software piracy could help "jumpstart the world's
stagnant and struggling economies" by creating new jobs and business
opportunities.
http://www.securityfocus.com/news/3688
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. SRG v1.0b1
by Matt Brown
Relevant URL:
http://www.crc.net.nz/software/srg.php
Platforms: Linux
Summary:
SRG (Squid Report Generator) is a log file analyzer and report generator
for the Squid Web proxy. It was created to allow easy integration with
authentication systems such as those that are used for squid itself. It is
fast and flexible, and can report details down to the individual files
fetched.
2. RainPortal v1.0
by Florent DEFONTIS
Relevant URL:
http://www.securesphere.net/html/projects_rainp.php
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
RainPortal was designed to secure your private messages while talking on
IRC networks. As long as you have RainPortal running and the person you
are talking to also, all your private messages will be strongly encrypted
while passing on the server.
3. Trusted Debian v0.9.1
by Peter
Relevant URL:
http://www.trusteddebian.org/
Platforms: Linux
Summary:
The Trusted Debian project aims to create a highly secure but usable Linux
platform. It brings together security solutions including kernel patches,
compiler patches, security related programs, and techniques.
4. Async Blockreport v1.0
by Christian Reis
Relevant URL:
http://freshmeat.net/redir/blockreport/38774/url_tgz/blockreport
Platforms: Linux
Summary:
Async Blockreport processes sendmail logs and produces reports of the
messages blocked using DNSBLs for each system user. Blockreport can be set
up as a cron job to mail these reports to your users periodically,
providing them with an idea of how much spam they would be getting if the
spam filters didn't work, and also telling them if any false positives
occurred.
5. Socks Server 5 v1.3
by Matteo Ricchetti
Relevant URL:
http://digilander.iol.it/matteo.ricchetti/
Platforms: Linux
Summary:
Socks Server 5 is a socks server for the Linux platform which supports the
Socks protocol versions 4 and 5.
Bungmeter is fork of fnetload. It's a small network graph monitor. It
displays a graphical representation of the the data flowing in and out of
a given network interface. It's designed to be small and lightweight.
V. SECURITY JOBS SUMMARY
------------------------
1. Deloitte & Touche: Security Architecture & Design Professionals Wanted! (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317359
2. Educational Relationship Representative - Contract Part Time - Non Location Specific (Thread)
Relevant URL:
-----------------------------
I. FRONT AND CENTER
1. U.S. Information Security Law, Part 2
2. The Reality of Perception
3. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
1. PostNuke File Path Disclosure Vulnerability
2. Snort Evasion Echo Flag Port Scan Vulnerability
3. Alexandria / SourceForge Cross Site Scripting Vulnerability
4. Alexandria / SourceForge CRLF Injection Vulnerability
5. Alexandria / SourceForge File Disclosure Vulnerability
6. Multiple Vendor Web Browser LiveConnect JavaScript Denial Of...
7. Mutt IMAP Remote Folder Buffer Overflow Vulnerabilities...
8. Beanwebb Guestbook HTML Injection Vulnerability
9. Beanwebb Guestbook Unauthorized Administrative Access...
10. Justice Guestbook HTML Injection Vulnerability
11. Sendmail Address Prescan Memory Corruption Vulnerability
12. Justice Guestbook Path Disclosure Vulnerability
13. ScozBook HTML Injection Vulnerability
14. ScozBook Path Disclosure Vulnerability
15. CCGuestBook HTML Injection Vulnerability
16. CCLog HTTP Header HTML Injection Vulnerability
17. Solaris lpstat Buffer Overflow Vulnerability
18. Solaris dtsession HOME Buffer Overflow Vulnerability
19. Oracle JDBC Daylight Savings Time Timestamp Weakness
20. EZ Server Long Argument Local Denial Of Service Vulnerability
21. SAP DB RPM Install World Writable Binary Vulnerability
22. InstantServers MiniPortal SOHO Anonymous Users Privileges...
23. HP Instant TopTools Remote Denial Of Service Vulnerability
24. Kerio WinRoute Firewall Malformed HTTP GET Request Denial of...
25. Apple QuickTime Player Custom URL Vulnerability
26. PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability
27. Multiple HP Tru64 C Library Vulnerabilities
28. HP MPE/iX Unspecified FTP Privileged Data Access Vulnerability
29. PowerFTP FTP Command Buffer Overflow Denial Of Service...
30. Sun Solaris NewTask Local Privilege Elevation Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Fear of a Million Big Brothers
2. Report: Info sharing centers not sharing so much
3. Former hacker warns lawmakers about dangers to personal...
4. Cut software piracy and jumpstart 'stagnant' economies
IV. SECURITYFOCUS TOP 6 TOOLS
1. SRG v1.0b1
2. RainPortal v1.0
3. Trusted Debian v0.9.1
4. Async Blockreport v1.0
5. Socks Server 5 v1.3
6. bungmeter v1.0.2
V. SECURITYJOBS LIST SUMMARY
1. Deloitte & Touche: Security Architecture & Design Professionals...
2. Educational Relationship Representative - Contract Part Time...
3. Deloitte & Touce: Network Security Professionals Wanted (Thread)
4. Looking for Secuirty Specialists (Thread)
5. (job offered) Full-time salaried Security Consultants in WA...
6. Seeking employment in the UK - 20 years' experience (Thread)
7. Chief Security Officer (CSO) London, UK, Paris, France. (Thread)
8. QA Position at eEye Digital Security, Aliso Viejo, CA (Thread)
9. Looking for work in NYC. (Thread)
10. JOB POSTING: Mgr, Trending & Analysis (Thread)
11. Washington DC Opportunity (Thread)
12. New Position/Fayetteville, NC (Thread)
13. Resume: Network Security Candidate (Thread)
14. Symantec in Redwood City is hiring a Sr Security...
15. Network Security Analyst, Mechanicsburg, PA (Thread)
16. looking for a security postion (Thread)
17. new requirement (Thread)
18. JOB POSTING (Thread)
19. Engineers Pre and Post Sales (Thread)
20. Sr. Project Manager - Cleveland, Ohio (Thread)
21. FW: Security Sales Consultant for France (Thread)
22. Security Sales Consultant for Belgium (Thread)
VI. INCIDENTS LIST SUMMARY
1. RECAP: possible rootkit, maybe partial? (Thread)
2. Logon.dll? Possible root-kit? (Thread)
3. UDP traffic to net and broadcast addresses (Thread)
4. Increase in Source to Port 445 (Thread)
5. Logon/Logoff Failure Events (Thread)
6. UDP scans from AOL NS boxes? (Thread)
7. Field Report: New Worm (Thread)
8. possible rootkit, maybe partial? (Thread)
9. [0.5OT answer]possible rootkit, maybe partial? (Thread)
10. [CERT] possible rootkit, maybe partial? (Thread)
11. Increase of attempts on port 635 in last couple days (Thread)
12. SQL Slammer Variant? (Thread)
13. POP3 logon attempts (Thread)
14. Why alerts on ports 1025-1029, 1036 (Thread)
15. Educational Incident Data Comparison Pilot (X-Post) (Thread)
16. New Article: U.S. Information Security Law, Part 2 (Thread)
17. WebDAV Exploit Lab (Thread)
18. new attack tool combining SMB and WebDAV? (Thread)
19. [CERT] Why alerts on ports 1025-1029, 1036 (Thread)
20. strange DNS behavior over the last 2 days (Thread)
21. California State Bill SB1386 (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. IkonBoard v3.1.1: arbitrary command execution (Thread)
2. AOL 8.0 and discover.xml (Thread)
3. Generating Hex Numbers to brute force rs_iis.c (Thread)
4. @(#)Mordred Labs advisory - Integer overflow in PHP...
5. @(#)Mordred Labs advisory - Integer overflow in PHP...
6. Webserver CVS (In)Security (Thread)
7. webdav with sp0/1 (Thread)
8. Sendmail's prescan exploit thoughts (Thread)
9. WebDAV and SMB?!? (Thread)
10. Sambar Server "Buffer OverFlow" Vulnerabilities (Thread)
11. Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit...
12. WebDAV Exploit Lab (Thread)
13. Automatic discovery of shellcode address (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. LDAP V3 in Active Directory (Thread)
2. Article Announcement: U.S. Information Security Law, Part 2...
3. SecurityFocus Microsoft Newsletter #131 (Thread)
4. Honeynet Scan of the Month for April released (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NO NEW POSTS FOR THE WEEKENDING 04.04.03
X. LINUX FOCUS LIST SUMMARY
1. Live Upgrade for Linux (Thread)
2. Red Hat: To patch or to upgrade? (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. U.S. Information Security Law, Part 2
By Steven Robinson
This is the second part of a four-part series looking at U.S. information
security laws and the way those laws affect security professionals. In
this installment, we will look at the legal framework for security of an
enterprise's working environment from the perspective of information
security professionals, with particular emphasis on the protection of
communications.
http://www.securityfocus.com/infocus/1681
2. The Reality of Perception
By Tim Mullen
A new poll finds that seventy-seven percent of security professionals
believe Microsoft products are insecure. But a closer look at the survey
tells a far more interesting story.
http://www.securityfocus.com/columnists/152
3. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
II. BUGTRAQ SUMMARY
-------------------
1. PostNuke File Path Disclosure Vulnerability
BugTraq ID: 7218
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7218
Summary:
PHP-Nuke is a web based Portal system. Implemented in PHP, it is available
for a range of systems, including Unix, Linux, and Microsoft Windows.
Multiple path disclosure vulnerabilities have been reported in various PHP
scripts used by PHP-Nuke. The issue occurs when a request is made which
includes invalid URI 'file' parameters to the 'Stats' or 'Members_List'
pages.
The affected scripts do not provide sufficient error handling for this
circumstance and as such, may display an error page containing sensitive
information path information. Access to sensitive filesystem information
may aid an attacker in launching further attacks against a target system.
2. Snort Evasion Echo Flag Port Scan Vulnerability
BugTraq ID: 7220
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7220
Summary:
Snort is a freely available, open source intrusion detection system. It
is available for Unix, Linux, and Microsoft Windows platforms.
It has been reported that a vulnerability exists in the default
configuration of Snort. Due to this issue it is possible for a user to
evade detection while performing some types of scans.
The problem is in the detection of specifically crafted packets. When a
port scan is initiated with the TCP SYN, FIN, and ECN flags set, the
default configuration of snort will not register these packets as an IDS
event. This could permit an attacker to gather information on network
resources that could be used for more organized attack against systems.
This problem has been reported in version 1.9.1, though earlier versions
may be affected.
3. Alexandria / SourceForge Cross Site Scripting Vulnerability
BugTraq ID: 7223
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7223
Summary:
Alexandria is a freely available project management system. VA Software
SourceForge is a modified version of Alexandria.
Alexandria does not adequately filter some HTML code thus making it prone
to cross-site scripting attacks. It is possible for a remote attacker to
create a malicious link containing script code which will be executed in
the browser of a legitimate user.
It has been reported that sections of Alexandria that display a user's
resume are prone to cross site scripting attacks. Any attacker-supplied
code will be executed within the context of the website running
Alexandria.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for Alexandria 2.5 and 2.0.
4. Alexandria / SourceForge CRLF Injection Vulnerability
BugTraq ID: 7224
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7224
Summary:
Alexandria is a freely available project management system. VA Software
SourceForge is a modified version of Alexandria.
A vulnerability has been reported for Alexandria that may allow remote
attackers to use the Alexandria system for proxying of unsolicited e-mail.
The vulnerability exists in the 'sendmessage.php' script file.
There is no input validation performed on user-supplied data passed to
functions in the 'sendmessage.php' script file. As a result, malicious
users may embed CR/LF sequences to inject additional headers into outgoing
messages.
Attackers may exploit this weakness to manipulate the structure of
outgoing messages. For example, it may be possible for attackers to set
the recipient to an arbitrary value. This could be leveraged by
individuals to send mass unsolicited mail in a manner similar to how
"formmail" is actively exploited (BID 3955).
This vulnerability was reported for Alexandria 2.5 and 2.0.
5. Alexandria / SourceForge File Disclosure Vulnerability
BugTraq ID: 7225
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7225
Summary:
Alexandria is a freely available project management system. VA Software
SourceForge is a modified version of Alexandria.
A vulnerability has been reported for Alexandria that may result in the
disclosure of sensitive files to remote attackers.
The vulnerability occurs in the 'docman/new.php' and 'patch/index.php'
script files which allow the uploading of files. Due to insufficient
checks performed by these scripts, it is possible for an attacker to
specify any web server readable files as the files that were recently
uploaded. This will result in the disclosure of the contents of these
files to remote attackers.
This vulnerability was reported for Alexandria 2.5 and 2.0.
6. Multiple Vendor Web Browser LiveConnect JavaScript Denial Of Service
Vulnerability
BugTraq ID: 7227
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7227
Summary:
A denial of service vulnerability has been reported for several browsers.
The vulnerability occurs when executing certain malformed JavaScript
enabled pages.
An attacker can exploit this vulnerability by creating a malicious
javascript page which makes a call to certain methods. When an affected
browser is used to view the malformed page, it will cause the Java Virtual
Machine to crash, resulting in a denial of service condition.
7. Mutt IMAP Remote Folder Buffer Overflow Vulnerabilities
BugTraq ID: 7229
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7229
Summary:
Mutt is a freely available, open source mail user agent. It is available
for the Unix and Linux operating systems.
Buffer overrun vulnerabilities have been reported for Mutt. These
vulnerabilities are similar to the issues described in BID 7120, Mutt
UTF-7 Internationalized Remote Folder Buffer Overrun Vulnerability.
Mutt provides functionality that allows a remote user to read e-mail from
folders through Internet Message Access Protocol (IMAP). A specially
crafted folder on an IMAP server may be able to trigger these overflow
conditions to cause the vulnerable mutt client to crash. Although
unconfirmed, it may be possible to execute attacker-supplied code with the
privileges of the mutt process.
Further details of this vulnerability are currently unknown. This BID will
be updated as more information becomes available.
These vulnerabilities were reported for Mutt 1.3.28 and earlier.
8. Beanwebb Guestbook HTML Injection Vulnerability
BugTraq ID: 7231
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7231
Summary:
Beanwebb Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
Guestbook does not adequately filter some HTML code thus making it prone
to HTML injection attacks.
It has been reported that Guestbook does not sufficiently filter
user-supplied values from the 'name', 'email' and 'comment' variables on
the 'add.php' page. As a result, attackers may embed malicious script code
or HTML into Guestbook posts. When a malicious post is viewed by another
user, the attacker-supplied code will be interpreted in their web browser
in the security context of the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for Guestbook 1.0.
9. Beanwebb Guestbook Unauthorized Administrative Access Vulnerability
BugTraq ID: 7232
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7232
Summary:
Beanwebb Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
A vulnerability has been reported for Guestbook that may allow remote
attackers to obtain unauthorized access to administrative functions.
The vulnerability is likely due to insufficient permissions on the
'admin.php' script file. Typically, access to this script file should be
restricted to trustworthy individuals only.
This vulnerability has been reported for Guestbook 1.0.
10. Justice Guestbook HTML Injection Vulnerability
BugTraq ID: 7233
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7233
Summary:
Justice Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
It has been reported that Guestbook does not sufficiently filter
user-supplied values from the 'name', 'homepage', 'aim', 'yim' 'location'
and 'comment' variables on the 'jgb.php3' page. As a result, attackers may
embed malicious script code or HTML into Guestbook posts. When a malicious
post is viewed by another user, the attacker-supplied code will be
interpreted in their web browser in the security context of the site
hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for Guestbook 1.3.
11. Sendmail Address Prescan Memory Corruption Vulnerability
BugTraq ID: 7230
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7230
Summary:
It has been reported that Sendmail is affected by a memory corruption
condition that is likely remotely exploitable. The flaw is present in the
prescan() procedure, one that is used for processing e-mail addresses in
SMTP headers. This function is implemented in the source code file
"parseaddr.c". It is at least theoretically possible that this condition
may be exploited by remote attackers to execute instructions on target
systems. This vulnerability is due to a logic error in the conversion of
a char to an integer value.
The condition occurs when Sendmail converts an externally supplied
character byte to an integer type. It is possible for the byte to be
converted to a special control value (-1) that will result in disabling of
bounds checking. This is because the integer type is assigned to the
value of a signed char without casting it as unsigned:
c = *p++;
The char value 0xFF will cause c to be assigned to the integer
representation of -1, the 'NOCHAR' control value. Bounds checking is
disabled when the value of the current character (c) is 'NOCHAR'.
This leads to the potential for malicious data to be written beyond the
boundaries of the buffer allocated to store it. Attackers may exploit
this condition to overwrite potentially sensitive values on the stack with
some degree of control.
The discoverer of this condition has reported that it was successfully
exploited to execute code locally. It is likely that this vulnerability
can be exploited remotely as well.
This vulnerability is eliminated in Sendmail version 8.12.9.
Administrators are advised to upgrade as soon as possible.
12. Justice Guestbook Path Disclosure Vulnerability
BugTraq ID: 7234
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7234
Summary:
Justice Guestbook is guestbook software implemented in PHP. It is
available for a variety of platforms including Linux and Unix variant
operating environments.
A path disclosure vulnerability has been reported for Guestbook. The issue
occurs when a request is made to the cfooter.php3 PHP script page.
The affected script does not provide sufficient error handling for this
circumstance and as such, may display an error page containing sensitive
information path information. Access to sensitive filesystem information
may aid an attacker in launching further attacks against a target system.
This vulnerability was reported for Justice Guestbook 1.3.
13. ScozBook HTML Injection Vulnerability
BugTraq ID: 7235
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7235
Summary:
ScozBook is guestbook software implemented in PHP. It is available for a
variety of platforms including Linux and Unix variant operating
environments.
It has been reported that ScozBook does not sufficiently filter
user-supplied values from the 'username', 'useremail', 'aim', 'msn',
'sitename' and 'siteaddy' variables on the 'add.php' page. As a result,
attackers may embed malicious script code or HTML into ScozBook posts.
When a malicious post is viewed by another user, the attacker-supplied
code will be interpreted in their web browser in the security context of
the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
This vulnerability was reported for ScozBook 1.1 BETA.
14. ScozBook Path Disclosure Vulnerability
BugTraq ID: 7236
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7236
Summary:
ScozBook is guestbook software implemented in PHP. It is available for a
variety of platforms including Linux and Unix variant operating
environments.
A path disclosure vulnerability has been reported for ScozBook. The issue
occurs when a request is made to the view.php script page with an
arbitrary value for the 'PG' URI variable.
The affected script does not provide sufficient error handling for this
circumstance and as such, may display an error page containing sensitive
information path information. Access to sensitive filesystem information
may aid an attacker in launching further attacks against a target system.
This vulnerability was reported for ScozBook 1.1 BETA.
15. CCGuestBook HTML Injection Vulnerability
BugTraq ID: 7237
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7237
Summary:
It has been reported that CCGuestBook does not sufficiently filter
user-supplied values from the 'name' and 'webpage title' fields on the
'cc_guestbook.pl' page. As a result, attackers may embed malicious script
code or HTML into CCGuestBook posts. When a malicious post is viewed by
another user, the attacker-supplied code will be interpreted in their web
browser in the security context of the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
16. CCLog HTTP Header HTML Injection Vulnerability
BugTraq ID: 7238
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7238
Summary:
CCLog is a script that logs all hits to a certain web site.
It has been reported that CCLog does not sufficiently filter user-supplied
values for some HTTP headers. Specifically, the script, cc_log.pl, does
not sanitize the values for the 'User-Agent' and 'Referer' HTTP headers.
As a result, attackers may embed malicious script code or HTML into
specially crafted HTTP requests. When CCLog is used to assemble a HTML
version of web site hits and is viewed by another user, the
attacker-supplied code will be interpreted in their web browser in the
security context of the site hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
17. Solaris lpstat Buffer Overflow Vulnerability
BugTraq ID: 7239
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7239
Summary:
The lpstat utility is used to display the contents of the print queue.
It has been reported that the version of lpstat shipped with Sun Solaris
is vulnerable to a locally exploitable buffer overflow. As lpstat for
Solaris is configured setuid root, exploitation of this vulnerability
could result in elevation of privileges for a local attacker.
The condition occurs when lpstat is invoked as lpq, a symbolic link
pointing to the lpstat binary (for BSD compatability). The function
bsd_queue() attempts to append user-supplied data to a local buffer using
the C library function strcat(). As this function has no bounds checking,
a stack-based buffer overflow condition is present. Local attackers may
exploit this condition to overwrite the return address of the affected
procedure and execute instructions with effective root privileges.
18. Solaris dtsession HOME Buffer Overflow Vulnerability
BugTraq ID: 7240
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7240
Summary:
dtsession, included with Solaris and several other operating systems, is
the CDE session manager. It is installed setuid root by default.
It has been reported that dtsession is vulnerable to a locally exploitable
buffer overflow vulnerability. The vulnerability is related to handling
of the HOME environment variable. An overflow in heap memory allegedly
occurs when the environment variable is of excessive length. This
condition may be exploited by attackers to corrupt sensitive structures in
the heap. This may result in arbitrary addresses being overwritten when
free() is called, allowing an attacker to execute instructions with the
root privileges of the dtsession process.
While only Solaris is confirmed, other systems that include CDE are likely
vulnerable.
19. Oracle JDBC Daylight Savings Time Timestamp Weakness
BugTraq ID: 7241
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7241
Summary:
The JDBC thin driver is a component of the Oracle Database. Oracle is
available for Unix, Linux, and Microsoft operating systems.
A problem with the software may lead to log inconsistency.
It has been reported that the JDBC thin driver distributed with Oracle
databases does not sufficiently handle some timestamps. Because of this,
transaction times in Oracle logs and databases may be inaccurate.
The problem is in the handling of daylight savings time. It has been
reported that errors occur during the hour in which daylight savings time
occurs. Timestamps entered by the driver may be inaccurate, and could
thus lead to a loss of integrity of log files.
20. EZ Server Long Argument Local Denial Of Service Vulnerability
BugTraq ID: 7243
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7243
Summary:
EZ Server is a freely available FTP and HTTP server. It is available for
the Microsoft Operating System.
A problem with the software may make a denial of service possible.
It has been reported that the EZ Server software does not sufficiently
handle strings of excessive length in some circumstances. Because of
this, a remote attacker may be able to deny service to legitimate users of
the system.
The problem is in the handling of arguments to FTP commands. An argument
issued with an FTP command that is of excessive length may cause the
server to crash. This vulnerability was reportedly reproduced using a
minimum of 1994 bytes of data with FTP commands such as cd and ls.
This vulnerability may be a memory corruption issue, and potentially an
exploitable buffer overrun. If this is the case, it is possible for an
attacker with login access to the vulnerable FTP server to execute code
with the privileges of the server software.
21. SAP DB RPM Install World Writable Binary Vulnerability
BugTraq ID: 7242
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7242
Summary:
SAP DB is a free enterprise level database available for Microsoft
Windows, Linux, Solaris, AIX, Tru64, and HP-UX platforms.
When SAP DB is installed using RPM packages, insecure permissions are left
on two binaries.
After performing the installation, the lserver and dbmsrv binaries have
'777' permissions. This allows any user on the system to write to the
binaries.
It should be noted that this vulnerability only exists when SAP DB is
installed using RPM packages. Installing SAP DB from tgz packages will
leave these binaries with '755' permissions.
22. InstantServers MiniPortal SOHO Anonymous Users Privileges Vulnerability
BugTraq ID: 7244
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7244
Summary:
InstantServers MiniPortal is a web server package for Windows based
machines, based on the Apache project web server. It includes a web based
administrative interface, and a bundled FTP server.
An issue in MiniPortal may make it possible for remote users to perform
unauthorized actions.
It has been reported that MiniPortal SOHO does not sufficiently restrict
the anonymous user. Because of this, a default configuration may make
remote denial of service attacks possible.
The problem is in the permission scheme implemented with a default
installation. Reports indicate that the default does not restrict a user
from creating and deleting files on the deployed server. This could
potentially lead to denial of service attack, or local access to the
vulnerable host by an unauthorized user.
23. HP Instant TopTools Remote Denial Of Service Vulnerability
BugTraq ID: 7246
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7246
Summary:
Instant TopTools is a remote system monitoring software package
distributed by HP. Instant TopTools is available for Unix, Linux, and
Microsoft operating systems.
A problem with the software could make a denial of service possible.
It has been reported that Instant TopTools does not properly handle some
types of requests. Because of this, a remote user could potentially deny
service to a host using the vulnerable software.
The problem is in the handling of the Instant TopTools calling itself.
When a request is issued where the Instant TopTools hpnst.exe program
calls itself, the program enters a loop, and begins consuming resources.
Multiple requests will render the vulnerable host unusable, requiring a
reboot to resume normal function.
This problem has been reported to affect Instant TopTools on the Microsoft
Windows platform. Other platforms may also be affected.
24. Kerio WinRoute Firewall Malformed HTTP GET Request Denial of Service Vulnerability
BugTraq ID: 7245
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7245
Summary:
Kerio WinRoute Firewall is an enterprise level firewall that performs
stateful packet inspection. It runs on Windows NT/2000/XP.
The WinRoute Firewall is vulnerable to a denial of service when a
malformed HTTP GET request is sent to the Web Administration interface.
This results in the firewall consuming 100% of CPU resources on the
system.
If the GET request is missing the Host: parameter, the firewall will
consume 100% of CPU resources, resulting in a loss of more than half of
future connection requests.
The Web Administration interface is not enabled by default.
25. Apple QuickTime Player Custom URL Vulnerability
BugTraq ID: 7247
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7247
Summary:
QuickTime Player is the media player distributed by Apple for QuickTime
Media Files. This problem affects the player on the Microsoft Windows
platform.
A problem in the software may make remote code execution possible.
It has been reported that the QuickTime Player does not properly handle
some types of URLs. Because of this, a remote attacker may be able to
execute arbitrary commands on the vulnerable system.
Few technical details are available concerning this vulnerability. It is
known that for an attack to be successful, a user must load a
maliciously-crafted URL into the QuickTime Player. It is also known that
loading the URL results in the execution of arbitrary code as the
QuickTime user.
Initial reports indicate that this issue is a buffer overrun
vulnerability. If this is the case, it would be possible for the attacker
to place malicious instructions in the URL supplied to the target user.
When the URL is loaded into the player, the instructions contained in the
URL would be executed with the privileges of the user invoking QuickTime.
This vulnerability has been reported to affect QuickTime on only the
Microsoft Windows platform.
26. PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability
BugTraq ID: 7248
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7248
Summary:
PHP-Nuke is a web-based portal system. Implemented in PHP, it is available
for a range of systems, including Unix, Linux, and Microsoft Windows.
The PHP-Nuke 'block-Forums.php' script does not sufficiently sanitize data
supplied via form fields, making it prone to HTML injection attacks. In
particular, the subject field is not sanitized of HTML tags. This could
allow for execution of hostile HTML and script code in the web client of a
user who visits a web page that contains the malicious code. This would
occur in the security context of the site hosting the software.
Exploitation could allow for theft of cookie-based authentication
credentials or other attacks.
27. Multiple HP Tru64 C Library Vulnerabilities
BugTraq ID: 7249
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7249
Summary:
HP has recently issued fixes for numerous security vulnerabilities in the
implementation of the C library for Tru64. These vulnerabilities may
affect many programs with a variety of consequences including local
privilege escalation, denial of service and, remote root compromise.
This entry may be modified during analysis as some of the reported
vulnerabilities are already in the Symantec vulnerability database. The
reported vulnerabilities are:
- SSRT2322 Bind resolver exploit in ISC
- SSRT2384 TCP exploit denies all RPC service
- SSRT2341 calloc() potential overflow
- SSRT2439 xdrmem_getbytes() potential overflow
- SSRT2412 portmapper hang after port scan with C2 enabled
The list of affected executables are as follows:
/usr/bin/ypmatch
/usr/sbin/traceroute
/usr/sbin/lpc
/usr/bin/lprm
/usr/bin/lpq
/usr/bin/lpr
/usr/lbin/lpd
/usr/bin/binmail
/usr/bin/ipcs
/usr/sbin/quot
/usb/bin/at
/usr/bin/ps
/usr/bin/uux
/usr/bin/uucp
/usr/bin/csh
/usr/bin/rdist
/usr/bin/mh/inc
/usr/bin/mh/msgchk
/usr/sbin/imapd
/usr/bin/deliver
/sbin/.upd..loader
/usr/dt/bin/mailcv
/usr/dt/bin/dtterm
/usr/dt/bin/dtsession
/usr/dt/bin/rpc.ttdbserverd
/usr/bin/X11/dxterm
/usr/bin/X11/dxconsole
/usr/bin/X11/dxpause
/usr/bin/X11/dxsysinfo
/usr/sbin/telnetd
/usr/bin/su
/usr/bin/chsh
/usr/bin/passwd
/usr/bin/chfn
/usr/tcb/bin/dxchpwd
28. HP MPE/iX Unspecified FTP Privileged Data Access Vulnerability
BugTraq ID: 7250
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7250
Summary:
MPE/iX is an Internet-ready operating system for the HP e3000 class
servers.
A vulnerability has been reported for the ftp binary shipped with MPE/ix
systems. Exploitation of the vulnerability may result in remote attackers
obtaining access to sensitive data on vulnerable systems.
Further information about this vulnerability is currently unknown. This
BID will be updated as more information becomes available.
29. PowerFTP FTP Command Buffer Overflow Denial Of Service Vulnerability
BugTraq ID: 7251
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7251
Summary:
PowerFTP server is a shareware ftp server available for the Microsoft
Windows platform. It is distributed and maintained by Cooolsoft.
A buffer overflow vulnerability has been reported for PowerFTP. This
vulnerability occurs when overly long values are supplied for some FTP
commands. Specifically, the 'ls' and 'cd' commands are vulnerable to
exploitation.
An attacker can exploit this vulnerability by connecting to a vulnerable
system and sending an overly long value, consisting of at least 1994
characters, to either the 'ls' or 'cd' commands. This will trigger the
overflow condition and will cause PowerFTP to crash thereby resulting in a
denial of service.
Although unconfirmed, it may be possible to exploit this vulnerability to
run attacker-supplied code with the privileges of PowerFTP.
This vulnerability was reported for PowerFTP 2.25.
30. Sun Solaris NewTask Local Privilege Elevation Vulnerability
BugTraq ID: 7252
Remote: No
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7252
Summary:
Solaris is the freely available UNIX Operating System variant distributed
and maintained by Sun Microsystems.
A problem in the operating system could permit a local user to gain
unauthorized privileges.
It has been reported that a privilege elevation vulnerability exists in
the Solaris newtask program. Because of this, an attacker may be able to
gain elevated privileges, and potentially compromise the integrity of the
vulnerable host.
newtask is a task management program that can be used to either initiate a
new task owned by a specific project in the executing user's shell, or
change the task of an already running process. The program is installed
with setuid root privileges.
Few technical details concerning this vulnerability are available. It is
known that this issue could permit a local user to gain administrative
access. This may be due to either a boundary condition error, or an input
validation error. In either instance, commands executed through abuse of
the program will be executed with the privileges of the administrative
user.
31. Red Hat Linux 9 vsftpd Compiling Error Weakness
BugTraq ID: 7253
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7253
Summary:
vsftpd is a GPL licensed secure FTP server for UNIX and Linux platforms.
tcp_wrappers is an IP packet filtering facility for UNIX and Linux
platforms.
In Red Hat Linux 9, vsftpd was switched to a standalone service instead of
being run by xinetd. When this change was made, vsftpd was not compiled
against tcp_wrappers.
Because of this, the vsftpd user is unable to perform any IP packet
filtering on access to the FTP server.
This issue only affects Red Hat Linux 9 boxed sets that were manufactured
for sale in the United States. The affected part numbers are RHF0120US
and RHF0121US. Versions of Red Hat 9 that were downloaded or purchased
from international boxed sets are not affected.
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Fear of a Million Big Brothers
By Kevin Poulsen
The U.S. government's surveillance push isn't the only thing on the minds
of privacy advocates this year. Concern is growing about the trails
netizens leave in routine Web server logs, and who's seeing them. ... >>
http://www.securityfocus.com/news/3711
2. Report: Info sharing centers not sharing so much
By Kevin Poulsen
Critical infrastructure providers still keep some attacks secret from the
government, fearing public disclosure.
http://www.securityfocus.com/news/3690
3. Former hacker warns lawmakers about dangers to personal financial
information
By David Ho, The Associated Press Apr 3 2003 4:02PM
A convicted computer hacker told lawmakers Thursday that many attacks on
companies that hold consumer financial information go undetected because
of poor security.
http://www.securityfocus.com/news/3704
4. Cut software piracy and jumpstart 'stagnant' economies
By Tim Richardson, The Register
Clamping down on software piracy could help "jumpstart the world's
stagnant and struggling economies" by creating new jobs and business
opportunities.
http://www.securityfocus.com/news/3688
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. SRG v1.0b1
by Matt Brown
Relevant URL:
http://www.crc.net.nz/software/srg.php
Platforms: Linux
Summary:
SRG (Squid Report Generator) is a log file analyzer and report generator
for the Squid Web proxy. It was created to allow easy integration with
authentication systems such as those that are used for squid itself. It is
fast and flexible, and can report details down to the individual files
fetched.
2. RainPortal v1.0
by Florent DEFONTIS
Relevant URL:
http://www.securesphere.net/html/projects_rainp.php
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
RainPortal was designed to secure your private messages while talking on
IRC networks. As long as you have RainPortal running and the person you
are talking to also, all your private messages will be strongly encrypted
while passing on the server.
3. Trusted Debian v0.9.1
by Peter
Relevant URL:
http://www.trusteddebian.org/
Platforms: Linux
Summary:
The Trusted Debian project aims to create a highly secure but usable Linux
platform. It brings together security solutions including kernel patches,
compiler patches, security related programs, and techniques.
4. Async Blockreport v1.0
by Christian Reis
Relevant URL:
http://freshmeat.net/redir/blockreport/38774/url_tgz/blockreport
Platforms: Linux
Summary:
Async Blockreport processes sendmail logs and produces reports of the
messages blocked using DNSBLs for each system user. Blockreport can be set
up as a cron job to mail these reports to your users periodically,
providing them with an idea of how much spam they would be getting if the
spam filters didn't work, and also telling them if any false positives
occurred.
5. Socks Server 5 v1.3
by Matteo Ricchetti
Relevant URL:
http://digilander.iol.it/matteo.ricchetti/
Platforms: Linux
Summary:
Socks Server 5 is a socks server for the Linux platform which supports the
Socks protocol versions 4 and 5.
6. bungmeter v1.0.2
by gid
Relevant URL:
http://gid0ze.net/bungmeter/
Platforms: Linux, POSIX
Summary:
Bungmeter is fork of fnetload. It's a small network graph monitor. It
displays a graphical representation of the the data flowing in and out of
a given network interface. It's designed to be small and lightweight.
V. SECURITY JOBS SUMMARY
------------------------
1. Deloitte & Touche: Security Architecture & Design Professionals Wanted! (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317359
2. Educational Relationship Representative - Contract Part Time - Non Location Specific (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317357
3. Deloitte & Touce: Network Security Professionals Wanted (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317328
4. Looking for Secuirty Specialists (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317321
5. (job offered) Full-time salaried Security Consultants in WA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317297
6. Seeking employment in the UK - 20 years' experience (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317292
7. Chief Security Officer (CSO) London, UK, Paris, France. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317253
8. QA Position at eEye Digital Security, Aliso Viejo, CA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317159
9. Looking for work in NYC. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317160
10. JOB POSTING: Mgr, Trending & Analysis (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317060
11. Washington DC Opportunity (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317072
12. New Position/Fayetteville, NC (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317030
13. Resume: Network Security Candidate (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316914
14. Symantec in Redwood City is hiring a Sr Security Analyst/Software Engineer (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316915
15. Network Security Analyst, Mechanicsburg, PA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316962
16. looking for a security postion (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316916
17. new requirement (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316878
18. JOB POSTING (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316877
19. Engineers Pre and Post Sales (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316869
20. Sr. Project Manager - Cleveland, Ohio (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316687
21. FW: Security Sales Consultant for France (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316692
22. Security Sales Consultant for Belgium (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/316686
VI. INCIDENTS LIST SUMMARY
-------------------------
1. RECAP: possible rootkit, maybe partial? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317391
2. Logon.dll? Possible root-kit? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317388
3. UDP traffic to net and broadcast addresses (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317385
4. Increase in Source to Port 445 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317390
5. Logon/Logoff Failure Events (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317392
6. UDP scans from AOL NS boxes? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317387
7. Field Report: New Worm (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317383
8. possible rootkit, maybe partial? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317381
9. [0.5OT answer]possible rootkit, maybe partial? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317382
10. [CERT] possible rootkit, maybe partial? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317378
11. Increase of attempts on port 635 in last couple days (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317272
12. SQL Slammer Variant? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317269
13. POP3 logon attempts (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317267
14. Why alerts on ports 1025-1029, 1036 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317265
15. Educational Incident Data Comparison Pilot (X-Post) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317124
16. New Article: U.S. Information Security Law, Part 2 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317085
17. WebDAV Exploit Lab (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317259
18. new attack tool combining SMB and WebDAV? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317126
19. [CERT] Why alerts on ports 1025-1029, 1036 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/316986
20. strange DNS behavior over the last 2 days (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/316947
21. California State Bill SB1386 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/316657
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. IkonBoard v3.1.1: arbitrary command execution (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317316
2. AOL 8.0 and discover.xml (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317308
3. Generating Hex Numbers to brute force rs_iis.c (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317304
4. @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317301
5. @(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317302
6. Webserver CVS (In)Security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317318
7. webdav with sp0/1 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317303
8. Sendmail's prescan exploit thoughts (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317309
9. WebDAV and SMB?!? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317078
10. Sambar Server "Buffer OverFlow" Vulnerabilities (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317075
11. Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/316701
12. WebDAV Exploit Lab (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/316636
13. Automatic discovery of shellcode address (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/316637
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. LDAP V3 in Active Directory (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317367
2. Article Announcement: U.S. Information Security Law, Part 2 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317062
3. SecurityFocus Microsoft Newsletter #131 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316879
4. Honeynet Scan of the Month for April released (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317100
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. NO NEW POSTS FOR THE WEEK ENDING 04.04.03
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Live Upgrade for Linux (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317101
2. Red Hat: To patch or to upgrade? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317094
XI. SPONSOR INFORMATION
-----------------------
[ reply ]