Free Whitepaper: Spam Blocking for the Enterprise IT professionals are
faced with new challenges as spam grows exponentially. Ferris Research
ranks spam number one among priority issues for corporate e-mail.
This free whitepaper examines the impact of junk mail on the enterprise.
I. FRONT AND CENTER
1. Steganography Revealed
2. Specter: A Commercial Honeypot Solution for Windows
3. Cryptographic File Systems, Part Two: Implementation
4. Super-DMCA Not So Bad
5. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
1. Hyperion FTP Server MKDIR Buffer Overflow Vulnerability
2. Multiple Vendor I/O System Call File Existence Weakness
3. Buffalo WBRG54 Wireless Broadband Router Denial Of Service...
4. BRS WebWeaver Information Disclosure Vulnerability
5. BRS WebWeaver Long Request Remote Denial of Service Vulnerability
6. BRS WebWeaver User Password Encryption Weakness
7. PHPSysInfo Index.PHP LNG File Disclosure Vulnerability
8. Abyss Web Server Incomplete HTTP Request Denial Of Service...
9. CVSps Unfiltered Escape Sequence Vulnerability
10. SignHere Guestbook HTML Injection Vulnerability
11. Invision Board functions.php SQL Injection Vulnerability
12. Interbase External Table File Verification Vulnerability
13. SETI@home Client Program Remote Buffer Overflow Vulnerability
14. SETI@home Client Program Information Disclosure Vulnerability
15. Metrics Insecure Local File Creation Vulnerability
16. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability
17. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities
18. Vignette StoryServer Sensitive Stack Memory Information...
19. JPEGX Wizard Password Bypass Vulnerability
20. Coppermine Photo Gallery PHP Code Injection Vulnerability
21. Py-Membres Remote SQL Injection Vulnerability
22. MIRC DCC Get Dialog File Spoofing Weakness
23. Orplex Guest Book Addentry.ASP Code Injection Vulnerability
24. Amavis Header Parsing Mail Relaying Weakness
25. MollenSoft Hyperion FTP Server USER Command Buffer Overflow...
26. QuickFront File Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Sparks over Power Grid Cybersecurity
2. Smart credit on UK cards. Will it cut fraud?
3. Behind Patriotic Words, Same Old Spam
4. Hoaxster hacker discovers infinite-wealth algorithm
IV. SECURITYFOCUS TOP 6 TOOLS
1. Scapy v0.9.9
2. SecurID authentication for OpenSSH v3.6.1p1
3. wping v0.1a
4. NAT Monitor v0.7
5. dnotify 0.13.0 v0.13.0
6. JWall v0.65
V. SECURITYJOBS LIST SUMMARY
1. Information Security Analyst, Liverpool UK (Thread)
2. Looking for full time systems/network security position...
3. Summer Positions / Co-ops?? (Thread)
4. Seeking Employment - CISSP CCNA CCNP CCSA CCSE Perfer Colorado...
5. Security Practice Manager (Thread)
6. R&D Advisory Services Director/Team Lead - New England (Thread)
7. Sr. Database Manager - Reston, VA (Thread)
8. Information Assurance Network Engineer - PA (Thread)
9. Security Positions in Newington/Springfield, VA (Thread)
10. Security Program Lead (Thread)
11. Information Security Consultant - Cleveland, Oh (Thread)
12. Sr. Security Compliance and Reporting Project Manager -...
13. Sr. Product Manager - Redwood City CA (Thread)
14. Development Manager Needed - Symantec in Redwood City CA (Thread)
15. UNSUBSCRIBE !!! (Thread)
16. Job: Application Security Consultant (Thread)
17. Intrusion Detection Engineer (NFR) Job Opening (Thread)
18. data security Analyst needed in Richmond, VA (Thread)
19. Security Infrastructure - Analyst and Configuration Manager...
20. Security Consulting Job in SF Bay Area, CISSP certified (Thread)
21. Calgary - Security Focus,CAN Development (Thread)
22. Sr. Network Security R&D Engineer (Thread)
23. FL CISSP Seeking a Position (Thread)
24. Security Analyst needed (Thread)
25. Security Engineer Admin Inquiry (Thread)
26. MD - Sr. Security Analyst - RACF and Mainframe GURU (Thread)
27. Security Proffesional seeking work (Thread)
28. Manager or Senior Manager Security Services - Deloitte &...
29. WildList (Malicious Code) Analyst, Mechanicsburg, PA (Thread)
30. Deloitte & Touche - Application Security - JD Edwards (Thread)
31. Deloitte & Touche (New York) - Security Consultants at all...
VI. INCIDENTS LIST SUMMARY
1. New trojan? Old trojan with new characteristics? Anyone...
2. New SecurityFocus article: Steganography Revealed (Thread)
3. New SecurityFocus article: Specter: A Commercial Honeypot...
4. ATD OpenSSL Mass Exploiter Analysis (another "/sumthin...
5. Does anyone recognize the scanner that causes this pattern ?...
6. unknown rootkit found in the wild (Thread)
7. SMTP probes (Thread)
8. Logon.dll? Possible root-kit? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. connect-back win32 shellcode (Thread)
2. Buffer overflow in Dovecot or OpenSSL? (Thread)
3. Sendmail's prescan exploit thoughts (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. ISA Log file analysis software - suggestions? (Thread)
2. checking server status (Thread)
3. SUS server (Thread)
4. VPN and ISA server (Thread)
5. Federated Security Applications and Implications. (Thread)
6. Closed and Open Systems (was SUS Server) (Thread)
7. Isolating Windows Applications (Thread)
8. AW: SUS server (Thread)
IX. SUN FOCUS LIST SUMMARY
1. what to turn on for solaris auditing (Thread)
2. Solaris 9 sftp-server (Thread)
3. /.iiim/auth/passwd on Solaris 8 (Thread)
4. SecurityFocus Article Announcement (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Re Live Upgrade for Linux (Thread)
2. after ptrace patch. (Thread)
3. SecurityFocus Article Announcement (Thread)
4. Red Hat: To patch or to upgrade? (Thread)
5. Live Upgrade for Linux (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Steganography Revealed
By Kristy Westphal
Steganography is a means of protecting the confidentiality of data by
"hiding" it within a larger file of data. This technique can be used for
both legitimate and illegitimate purposes. This article will offer a brief
introductory discussion of steganography: what it is, how it can be used,
and the implications it can have for security.
http://www.securityfocus.com/infocus/1684
2. Specter: a Commercial Honeypot Solution for Windows
by Lance Spitzner
This is the third installment in an ongoing series of articles looking at
honeypots. In the first two papers, we discussed the OpenSource honeypot
Honeyd, how it works, and a deployment in the wild. In this paper we will
look at a different honeypot, the commercially supported solution Specter.
http://www.securityfocus.com/infocus/1683
3. Cryptographic File Systems, Part Two: Implementation
by Ido Dubrawsky
This is the second article in a two-part series looking at cryptographic
filesystems. The first article in this series covered the background on
cryptographic filesystems from the underlying concepts to some of the
mechanics of those systems. This article will cover implementation. The
focus will be on implementing the Microsoft's EFS under Windows 2000 and
the Linux CryptoAPI.
http://www.securityfocus.com/infocus/1685
4. Super-DMCA Not So Bad
By Mark Rasch
The latest version of the controversial law could be a valuable weapon
against thieves and pirates.
http://www.securityfocus.com/columnists/153
5. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
II. BUGTRAQ SUMMARY
-------------------
1. Hyperion FTP Server MKDIR Buffer Overflow Vulnerability
BugTraq ID: 7278
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7278
Summary:
Hyperion FTP Server is an FTP server for Microsoft Windows platforms.
Hyperion FTP Server is prone to a remotely exploitable buffer overflow
condition. This is due to insufficient bounds checking of FTP 'mkdir'
commands. It is possible to trigger the condition by submitting a
malformed 'mkdir' command with a directory string that is 251+ bytes in
length. This will permit an authenticated FTP user to corrupt sensitive
regions of memory with malicious values.
It may be possible to exploit this vulnerability to execute malicious
instructions in the context of the FTP server. The FTP server is
typically run with SYSTEM privileges.
This issue may be related to BID 6467.
2. Multiple Vendor I/O System Call File Existence Weakness
BugTraq ID: 7279
Remote: No
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7279
Summary:
A weakness has been discovered in the implementation of various I/O system
calls. The problem occurs due to varying error return times, when
accessing existent and non-existent files. This issue has been confirmed
to affect the open() system call, however it is likely that other similar
calls are also affected.
An attacker could exploit this vulnerability by calling the open() system
call on unreadable files. By making requests for various unreadable files,
it may be possible for an attacker to deduce a timing window that can be
used to verify the existence of the file.
It should be noted that a fix for this weakness might not be plausible, as
the kernel is meant to be as efficient as possible. However, the specific
problem may occur due to a differing sequence of events while attempting
to access non-existent files. A solution may be to have an identical
sequence of permission checking on directories, before checking for the
file.
It has been reported that this weakness has successfully been exploited on
various Linux and BSD releases. However, this weakness likely exists in
other operating systems including Sun Solaris and Microsoft Windows.
3. Buffalo WBRG54 Wireless Broadband Router Denial Of Service Vulnerability
BugTraq ID: 7282
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7282
Summary:
Buffalo Wireless Broadband Router WBRG54 is a network device for wireless
networks.
A vulnerability has been reported for the WBRG54 device that may result in
a denial of service. It should be noted that the device must be set to
'peer-to-peer' connection mode if exploitation is to be possible. This
mode allows for two devices to specifically communicate with each other.
The vulnerability occurs when a vulnerable device receives numerous ICMP
packets.
An attacker can exploit this vulnerability by sending ICMP (type 8)
packets to a vulnerable device. In some cases, this will result in the
device behaving unpredictably and denying service.
This vulnerability may also result in the device rebooting spontaneously.
The problem was reported for the WBRG54 with firmware revisions 1.11 and
1.13. Other versions may also be affected.
BRS WebWeaver is an FTP and web server from Blaine Southam.
A vulnerability has been reported for BRS WebWeaver that may result in the
disclosure of sensitive information. The sample CGI application,
script/testcgi.exe, when executed will return information about the
system.
Information obtained in this manner may be used to launch further attacks
against a vulnerable system.
This vulnerability was reported for BRS WebWeaver 1.01 to 1.03.
5. BRS WebWeaver Long Request Remote Denial of Service Vulnerability
BugTraq ID: 7280
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7280
Summary:
BRS WebWeaver is a small personal web server available for the Microsoft
Windows operating systems.
A denial of service vulnerability has been discovered BRS WebWeaver. The
problem occurs when a request is made for a URL containing excessive data.
Specifically, making a request containing 2499361 bytes of data will cause
the server to consume all available memory.
Exploitation of this vulnerability may allow an anonymous remote attacker
to crash a vulnerable service and possibly the entire system. This will
effectively deny service to other legitimate users.
BRS WebWeaver is an FTP and web server from Blaine Southam.
A weakness has been discovered in the BRS WebWeaver FTP server. The
problem lies in the encryption scheme used to store encoded passwords. It
has been discovered that the algorithm used to encode user passwords may
be trivially reversed by an attacker. Specifically, the encoding consists
of user passwords being mapped one to one against static characters.
All passwords are stored in the 'users.ini' file.
Access to user passwords may aid an attacker in launching further attacks
against target systems.
PHPSysInfo is a PHP Script that parses the '/proc' filesystem and displays
information about system information in a web browser.
PHPSysInfo has been reported to be vulnerable to a file disclosure issue.
Local users may possibly influence the path for PHPSysinfo language
include files.
An arbitrary file may be included outside of the web root. Using directory
traversal sequences (../) the file may be included as a language resource
for the 'index.php' page. If the malicious include file is symlinked to an
arbitrary web server readable file, such as '/etc/passwd', the contents of
the linked file may be disclosed to the attacker. The file may also
contain PHP code which may be executed in the context of the webserver.
This attack may lead to confidential or sensitive information disclosure,
which could be used to launch other attacks. It may also be exploited to
execute arbitrary attacker supplied PHP code.
8. Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability
BugTraq ID: 7287
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7287
Summary:
Abyss Web Server is a freely available personal web server. It is
maintained by Aprelium Technologies and runs on Microsoft Windows
operating systems, as well as Linux.
A denial of service vulnerability has been reported for Abyss Web Server.
The vulnerability exists when Abyss attempts to parse certain incomplete
HTTP headers. Specifically, if the 'Connection:' and 'Range:' HTTP headers
are blank, the web server will crash.
An attacker can exploit this vulnerability by connecting to a vulnerable
server and sending blank 'Connection:' and 'Range:' HTTP headers. This
will result in a denial of service condition.
This vulnerability was reported for Abyss Web Server 1.1.2.
CVSps is a program to generate a diff/patch set for CVS repositories. It
is available for Linux and Unix variant operating systems.
A vulnerability has been reported for CVSps where some characters were
improperly filtered prior to sending them to the command shell.
Specifically, escape sequences are not properly filtered from filenames
when generating a diff/patch set.
This issue can be exploited by a malicious CVS contributor who names a
file with malicious escape and shell metacharacters. When CVSps is used to
process the malicious file, it may be possible to execute commands on the
underlying shell of the host.
This vulnerability was reported for CVSps 2.0b9 and earlier.
SignHere Guestbook is guestbook software implemented in ASP and
distributed by Bitstrike Software. It is available for the Microsoft
Windows operating system.
It has been reported that SignHere does not sufficiently filter
user-supplied values from the 'email' field. As a result, attackers may
embed malicious script code or HTML into SignHere posts. When a malicious
post is viewed by another user, the attacker-supplied code will be
interpreted in their web browser in the security context of the site
hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
Invision Board is web forum software. It is implemented in PHP and is
available for Unix and Linux variants and Microsoft Windows operating
systems.
An input validation error has been reported in Invision Board which may
result in the manipulation of SQL queries. This vulnerability exists in
the load_skin() function of the functions.php script file. Specifically,
the value supplied for the 'skinid' variable is not properly cast as an
integer type.
An attacker may be able to exploit this vulnerability by manipulating
'skinid' URI parameter to include malicious SQL commands and queries which
may result in information disclosure, or database corruption. The
consequences depend on the nature of specific queries. This issue may
allow the attacker to exploit latent vulnerabilities in the underlying
database.
This vulnerability was reported for Invision Board 1.1.1.
Interbase is a database distributed and maintained by Borland. It is
available for Unix and Linux operating systems.
A vulnerability has been reported for Interbase that may result in the
corruption of arbitrary system files. The vulnerability exists due to
insufficient checks performed when creating or manipulating external
databases. Specifically, file existence checks are not made.
An attacker can exploit this vulnerability by creating an external table
pointing to an arbitrary system file. When the attacker attempts to modify
the external table, the system file will be corrupted with
attacker-supplied information. This may result in system instability.
This vulnerability is further exacerbated by the fact that the Interbase
service typically runs with root or SYSTEM level privileges.
Firebird is based on Borland/Inprise Interbase source code and is
therefore also prone to this issue.
SETI@home is a client program designed to run on a computer when it is not
in use. The client receives data from a central server, which it later
analyzes in search of various information. It is available for a variety
of platforms including Linux, Unix, and the Microsoft Windows operating
system.
A vulnerability has been discovered in the SETI@home client program. Due
to insufficient bounds checking when processing server data, it may be
possible for a remote attacker to trigger a buffer overflow.
This issue could be exploited by forging an HTTP request which mimics a
server response handler. When a vulnerable client attempts to process the
malicious server response, a buffer overflow will be triggered.
Successful exploitatation of this issue may allow an attacker to execute
arbitrary commands on a target system, with the privileges of the user
invoking the software.
This vulnerability affects SETI@home clients prior to 3.08.
14. SETI@home Client Program Information Disclosure Vulnerability
BugTraq ID: 7281
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7281
Summary:
SETI@home is a client program designed to run on a computer when it is not
in use. The client receives data from a central server, which it later
analyzes in search of various information. It is available for a variety
of platforms including Linux, Unix, and the Microsoft Windows operating
system.
A vulnerability has been reported in the SETI@home client program.
Specifically, sensitive information is transmitted from the client to the
server in plain text. As a result, sensitive operating system and
processor information may be disclosed to an attacker.
An attacker could exploit this system by sniffing network traffic
transmitted between the client and the server. Access to this type of
information may aid in launching attacks against the system running the
client.
This vulnerability was reported for SETI@home version 3.03.
15. Metrics Insecure Local File Creation Vulnerability
BugTraq ID: 7293
Remote: No
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7293
Summary:
Metrics is an application designed to measure various software metrics. It
is available for the Linux operating system and is included with the
Debian 2.2 distribution.
A vulnerability has been discovered in Metrics which could allow an
attacker to corrupt sensitive system files. The problem occurs in the
'halstead' and 'gather_stats' scripts, included in the Metrics package.
The vulnerability exists due to the two scripts failing to carry out
sufficient security precautions when attempting to create temporary files.
As a result, it may be possible for a malicious local user to corrupt
sensitive system files.
This vulnerability was discovered in Metrics version 1.0 however, earlier
versions may also be affected.
Samba is a freely available file and printer sharing application
maintained and developed by the Samba Development Team. Samba allows file
and printer sharing between operating systems on the Unix and Microsoft
platforms. The Samba daemon is typically run with super user privileges.
A buffer overflow vulnerability has been reported for Samba that could
allow an anonymous remote attacker to execute arbitrary code.
The vulnerability occurs in the 'call_trans2open()' function when copying
data into a 1024 byte static buffer. Sufficient bounds checking is not
performed when a call to the 'Strncpy()' function is invoked. The length
argument supplied to 'Strncpy()' is exactly the length of the
user-supplied data. As a result, an attacker could exploit this
vulnerability by sending data in excess of 1024 bytes.
Successful exploitation of this vulnerability could allow an anonymous
attacker to overwrite sensitive stack variables, including the
'open_trans2open()' functions' saved return address. The ability to
influence sensitive memory could be leveraged by the attacker to execute
arbitrary code with the privileges of the Samba server process.
Samba is a freely available file and printer sharing application
maintained and developed by the Samba Development Team. Samba allows file
and printer sharing between operating systems on the Unix and Microsoft
platforms. The Samba daemon is typically run with super user privileges.
Multiple remote buffer overflow vulnerabilities have been reported for
Samba and Samba-TNG. The overflows are reported to occur in both stack and
heap-based memory. This issue occurs due to insufficient bounds checking
when copying user-supplied data to internal buffers.
Although it has not been confirmed, it is likely that these issues can be
exploited to execute arbitrary code, with the privileges of Samba (which
typically runs as root).
These issues are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1.
The precise technical details regarding these vulnerabilities is currently
unknown. This BID will be updated as further information is made
available.
It should be noted that these vulnerabilities may be similar to the issue
described in BID 7294.
Vignette StoryServer is a dynamic content management system. It allows the
use of TCL code to perform a wide range of functions. For example database
interaction and cookie creation.
It has been reported that Vignette StoryServer, under certain
circumstances, may reveal the contents of stack memory.
Specifically, a specially crafted HTTPS request containing '<' and '"'
characters passed as URI parameters to any page that accepts user-supplied
data will trigger an error state.
An error message containing the current contents of stack memory will be
returned to the attackers browser.
It should be noted that this vulnerability might be exploited in a
continuous manner without an impact on the Vignette StoryServer service
state. The attacker may use this condition to provide reconnaissance over
a period of time until sufficient information has been gathered to aid in
further activity against the vulnerable host.
JPEGX is steganography software for Microsoft Windows, it is designed to
embed encrypted data into JPEG files.
JpegX has been reported prone to a password bypass vulnerability.
It has been reported that when no password credentials are supplied if
using the JpegX wizard to decrypt data contained in JpegX JPEG files,
JpegX will decipher the file regardless.
This vulnerability may lead to sensitive information disclosure.
Coppermine Photo Gallery is a web based picture gallery script that allows
users to upload pictures with a web browser, add comments, send e-cards
and view statistics about the pictures.
Coppermine Photo Gallery has been reported prone to PHP code injection
attacks.
Due to a lack of sufficient sanitization performed on user-supplied
filenames that are uploaded into the Photo Gallery, an attacker may upload
a malicious JPEG. The attacker may craft the file in such a way that PHP
code execution will occur when the image is viewed.
Specifically, the attacker may embed PHP code as a signature to a valid
JPEG image and name it 'Filename.jpg.php'. The attacker may then upload
the file to a vulnerable server. If the image is still considered a valid
JPEG file by the Coppermine photo gallery, when the JPEG image is viewed
the code contained within the JPEG file will be executed in the context of
the web server hosting the vulnerable application. The attacker may use
'shell_exec()' or similar functions as a conduit to execute arbitrary
shell commands remotely.
This attack may result in arbitrary PHP code execution in the security
context of the web server that is hosting the vulnerable application.
A vulnerability has been reported for Py-Membres 4.0 that allows remote
attackers to modify the logic of SQL queries.
It has been reported that an input validation error exists in the
login.php file included with Py-Membres. Because of this issue, remote
attackers may launch SQL injection attacks through the software.
This problem requires that the PHP configuration directive
'magic_quotes_gpc' be disabled, although it may also be present with
limited impact when the directive is enabled. Exploitation of this issue
will allow an attacker to inject SQL syntax into database queries via the
'login' variable for the login.php script. This may allow for a variety of
attacks.
mIRC is a chat client for the IRC protocol, designed for Microsoft Windows
based operating systems.
It has been reported that it is possible to spoof file extensions in
mIRC's DCC Get dialog. A malicious IRC user could construct a filename
with a "safe" extension such as .jpg or .txt, followed by a number of
"alt+0160" characters to create whitespace, followed by the real
extension. When this file is displayed in the DCC GET dialog, the real
extension will not be displayed. The issue occurs because the DCC GET
dialog will truncate filenames if they are too long. This will only work
if the real extension is not on an ignore list.
This could be exploited to trick a user into thinking a malicious file is
safe, which may create a false sense of security and cause the user to
open the file.
Orplex Guest Book is a free web based guest book script that generates
dynamic content using user-supplied input.
Orplex Guest Book has been reported vulnerable to code injection attacks.
It has been reported that, due to a lack of sufficient sanitization
performed on user-supplied data, specifically the 'Name' and 'Message'
fields, an attacker may inject arbitrary script code into dynamic pages
generated by the Orplex Guest Book.
All script code will be executed in the browser of visitors, within the
context of the affected site.
This may potentially be exploited to hijack web content or steal
cookie-based authentication credentials from legitimate users. Other
attacks are also possible.
Amavis is a freely available, open source virus scanning software package.
It is available for the UNIX and Linux operating systems.
A problem with the software may make it possible to perform unauthorized
actions in vulnerable configurations.
It has been reported that some versions of Amavis-ng do not properly
interact with Postfix. Because of this, an attacker may be able to
circumvent relay restrictions.
The problem is in the handling of headers. Due to improper e-mail header
processing, Amavis may send e-mails to addresses specified in a To: field
in the message body rather than the RCPT TO: field specified via SMTP.
This could make it possible to relay e-mails through some configurations.
25. MollenSoft Hyperion FTP Server USER Command Buffer Overflow Vulnerability
BugTraq ID: 7307
Remote: Yes
Date Published: Apr 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7307
Summary:
MollenSoft Hyperion FTP Server is a server that supports basic FTP
functionality and more. It is available for the Microsoft Windows
operating systems.
MollenSoft Hyperion FTP Server reported prone to a buffer overflow
vulnerability.
Reportedly the buffer overflow results from a lack of sufficient bounds
checking performed on arguments passed to the FTP 'USER' command. If an
excessive quantity of data (> 931 bytes) is passed to the affected
command, an internal memory buffer may be overrun. This could result in
the memory adjacent to the buffer being corrupted with attacker-supplied
data.
If the adjacent memory contains values that are crucial to program
execution, the attacker may redirect execution flow, and cause the
vulnerable application to execute attacker-supplied instructions.
This vulnerability has been reported to be exploitable to trigger a DoS
condition and in some cases bypass the Hyperion FTP server authentication
mechanism.
Although unconfirmed arbitrary code execution may also be possible.
It should be noted that this vulnerability was discovered in version 3.0.0
of Hyperion FTP Server. It is not yet known whether this issue affects
earlier versions.
QuickFront is a tool that is a tool that allows e-mail searches using a
web browser. It is marketed as a Microsoft Exchange add-on product.
A vulnerability has been reported for QuickFront that will result in the
disclosure of sensitive system resources to remote attackers.
QuickFront does not properly sanitize user-supplied input. Specifically,
directory traversal sequences such as '../' to HTTP requests are not
removed.
A remote attacker is able to exploit this vulnerability by issuing a HTTP
request which includes directory traversal sequences. Upon receiving such
a request, the QuickFront web server will return the requested resource.
Information gathered in such a way may be used to launch further attacks
against the webserver.
This vulnerability was reported for QuickFront 1.0.0.189.
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Sparks over Power Grid Cybersecurity
By Kevin Poulsen
A new measure aims to protect the networks that control electric power
distribution throughout North America. But not everyone is juiced over
plans to hold utilities accountable to tight security practices.
http://www.securityfocus.com/news/3871
2. Smart credit on UK cards. Will it cut fraud?
By John Leyden, The Register
UK banks, building societies and retailers are to introduce a more secure
method of authorising credit card payments.
http://www.securityfocus.com/news/3884
3. Behind Patriotic Words, Same Old Spam
By Jonathan Krim, Washington Post
"Spam" e-mail, already a costly and frustrating bane of computer users and
corporations, has surged as spammers invoke the war in Iraq as a way to
lure customers.
http://www.securityfocus.com/news/3855
4. Hoaxster hacker discovers infinite-wealth algorithm
By Thomas C. Greene, The Register
Hacker stunt-double and convicted financial fraudster Kim Schmitz (aka
Kimble) is up to his old tricks, this time with a package of techno
trickery for making a killing in the stock market. To satisfy the dreams
of instant fortune common to those who believe in fairy tales, he's
devised an "AI-based decision system" for share trading which
scientifically "selects the optimal combination of trading strategies for
current market conditions".
http://www.securityfocus.com/news/3853
IV. SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. Scapy v0.9.9
by Philippe Biondi
Relevant URL:
http://www.cartel-securite.fr/pbiondi/scapy.html
Platforms: Linux, POSIX
Summary:
Scapy is a powerful interactive packet manipulation tool, packet
generator, network scanner, network discovery tool, and packet sniffer. It
provides classes to interactively create packets or sets of packets,
manipulate them, send them over the wire, sniff other packets from the
wire, match answers and replies, and more. Interaction is provided by the
Python interpreter, so Python programming structures can be used (such as
variables, loops, and functions). Report modules are possible and easy to
make. It is intended to do about the same things as ttlscan, nmap, hping,
queso, p0f, xprobe, arping, arp-sk/arpspoof, firewalk, irpas, tethereal,
and tcpdump.
2. SecurID authentication for OpenSSH v3.6.1p1
by Vaclav Tomec
Relevant URL:
http://sweb.cz/v_t_m/
Platforms: UNIX
Summary:
SecurID authentication for OpenSSH is done as a patch for the official
portable release of OpenSSH. It is done as keyboard-interactive
authentication and securid-1 (at) ssh (dot) com [email concealed] authentication (a non-standard
solution provided in commercial implementations from F-Secure and SSH).
All SecurID token states are covered (Next token code and New PIN).
3. wping v0.1a
by x-router
Relevant URL:
http://www.x-router.com
Platforms: Perl (any system supporting perl)
Summary:
wping is a Web-based graphical ping log. It logs ping response times to a
user-defined list of hosts and produces a Web page that contains a current
ping graph and a historic ping graph over a specified time period. Ping
response times are averaged in order to give a smooth reading.
NAT Monitor is a graphical monitor to keep tracks of hosts' bandwidth
usage in a Linux-NAT local network. NAT Monitor draws a stacked graph with
a different color for every LAN host. It autodetects hosts and has a nice
summary statistic.
5. dnotify 0.13.0 v0.13.0
by Oskar Liljeblad
Relevant URL:
http://www.student.lu.se/~nbi98oli/dnotify.html
Platforms: Linux, POSIX
Summary:
dnotify is a simple program that makes it possible to execute a command
every time the contents of a specific directory change in Linux. It is run
from the command line and takes two arguments: one or more directories to
monitor and a command to execute whenever a directory has changed. Options
control what events to trigger on: when a file was read in the directory,
when one was created/deleted, etc.
6. JWall v0.65
by Zack Link zack (at) the-links (dot) net [email concealed]
Relevant URL:
http://sourceforge.net/projects/jwall/
Platforms: Linux, POSIX
Summary:
JWall is a Java-based application for graphically building and installing
rules for one or more firewalls, local or remote.
V. SECURITY JOBS SUMMARY
------------------------
1. Information Security Analyst, Liverpool UK (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/318095
2. Looking for full time systems/network security position - software development (Thread)
Relevant URL:
4. Red Hat: To patch or to upgrade? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317881
5. Live Upgrade for Linux (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317880
XI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Mail Frontier
Free Whitepaper: Spam Blocking for the Enterprise IT professionals are
faced with new challenges as spam grows exponentially. Ferris Research
ranks spam number one among priority issues for corporate e-mail.
This free whitepaper examines the impact of junk mail on the enterprise.
SecurityFocus Newsletter #192
-----------------------------
This Issue is Sponsored by: Mail Frontier
Free Whitepaper: Spam Blocking for the Enterprise IT professionals are
faced with new challenges as spam grows exponentially. Ferris Research
ranks spam number one among priority issues for corporate e-mail.
This free whitepaper examines the impact of junk mail on the enterprise.
http://altfarm.mediaplex.com/ad/ck/2848-12288-6929-0
------------------------------------------------------------------------
-------
I. FRONT AND CENTER
1. Steganography Revealed
2. Specter: A Commercial Honeypot Solution for Windows
3. Cryptographic File Systems, Part Two: Implementation
4. Super-DMCA Not So Bad
5. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
1. Hyperion FTP Server MKDIR Buffer Overflow Vulnerability
2. Multiple Vendor I/O System Call File Existence Weakness
3. Buffalo WBRG54 Wireless Broadband Router Denial Of Service...
4. BRS WebWeaver Information Disclosure Vulnerability
5. BRS WebWeaver Long Request Remote Denial of Service Vulnerability
6. BRS WebWeaver User Password Encryption Weakness
7. PHPSysInfo Index.PHP LNG File Disclosure Vulnerability
8. Abyss Web Server Incomplete HTTP Request Denial Of Service...
9. CVSps Unfiltered Escape Sequence Vulnerability
10. SignHere Guestbook HTML Injection Vulnerability
11. Invision Board functions.php SQL Injection Vulnerability
12. Interbase External Table File Verification Vulnerability
13. SETI@home Client Program Remote Buffer Overflow Vulnerability
14. SETI@home Client Program Information Disclosure Vulnerability
15. Metrics Insecure Local File Creation Vulnerability
16. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability
17. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities
18. Vignette StoryServer Sensitive Stack Memory Information...
19. JPEGX Wizard Password Bypass Vulnerability
20. Coppermine Photo Gallery PHP Code Injection Vulnerability
21. Py-Membres Remote SQL Injection Vulnerability
22. MIRC DCC Get Dialog File Spoofing Weakness
23. Orplex Guest Book Addentry.ASP Code Injection Vulnerability
24. Amavis Header Parsing Mail Relaying Weakness
25. MollenSoft Hyperion FTP Server USER Command Buffer Overflow...
26. QuickFront File Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Sparks over Power Grid Cybersecurity
2. Smart credit on UK cards. Will it cut fraud?
3. Behind Patriotic Words, Same Old Spam
4. Hoaxster hacker discovers infinite-wealth algorithm
IV. SECURITYFOCUS TOP 6 TOOLS
1. Scapy v0.9.9
2. SecurID authentication for OpenSSH v3.6.1p1
3. wping v0.1a
4. NAT Monitor v0.7
5. dnotify 0.13.0 v0.13.0
6. JWall v0.65
V. SECURITYJOBS LIST SUMMARY
1. Information Security Analyst, Liverpool UK (Thread)
2. Looking for full time systems/network security position...
3. Summer Positions / Co-ops?? (Thread)
4. Seeking Employment - CISSP CCNA CCNP CCSA CCSE Perfer Colorado...
5. Security Practice Manager (Thread)
6. R&D Advisory Services Director/Team Lead - New England (Thread)
7. Sr. Database Manager - Reston, VA (Thread)
8. Information Assurance Network Engineer - PA (Thread)
9. Security Positions in Newington/Springfield, VA (Thread)
10. Security Program Lead (Thread)
11. Information Security Consultant - Cleveland, Oh (Thread)
12. Sr. Security Compliance and Reporting Project Manager -...
13. Sr. Product Manager - Redwood City CA (Thread)
14. Development Manager Needed - Symantec in Redwood City CA (Thread)
15. UNSUBSCRIBE !!! (Thread)
16. Job: Application Security Consultant (Thread)
17. Intrusion Detection Engineer (NFR) Job Opening (Thread)
18. data security Analyst needed in Richmond, VA (Thread)
19. Security Infrastructure - Analyst and Configuration Manager...
20. Security Consulting Job in SF Bay Area, CISSP certified (Thread)
21. Calgary - Security Focus,CAN Development (Thread)
22. Sr. Network Security R&D Engineer (Thread)
23. FL CISSP Seeking a Position (Thread)
24. Security Analyst needed (Thread)
25. Security Engineer Admin Inquiry (Thread)
26. MD - Sr. Security Analyst - RACF and Mainframe GURU (Thread)
27. Security Proffesional seeking work (Thread)
28. Manager or Senior Manager Security Services - Deloitte &...
29. WildList (Malicious Code) Analyst, Mechanicsburg, PA (Thread)
30. Deloitte & Touche - Application Security - JD Edwards (Thread)
31. Deloitte & Touche (New York) - Security Consultants at all...
VI. INCIDENTS LIST SUMMARY
1. New trojan? Old trojan with new characteristics? Anyone...
2. New SecurityFocus article: Steganography Revealed (Thread)
3. New SecurityFocus article: Specter: A Commercial Honeypot...
4. ATD OpenSSL Mass Exploiter Analysis (another "/sumthin...
5. Does anyone recognize the scanner that causes this pattern ?...
6. unknown rootkit found in the wild (Thread)
7. SMTP probes (Thread)
8. Logon.dll? Possible root-kit? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. connect-back win32 shellcode (Thread)
2. Buffer overflow in Dovecot or OpenSSL? (Thread)
3. Sendmail's prescan exploit thoughts (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. ISA Log file analysis software - suggestions? (Thread)
2. checking server status (Thread)
3. SUS server (Thread)
4. VPN and ISA server (Thread)
5. Federated Security Applications and Implications. (Thread)
6. Closed and Open Systems (was SUS Server) (Thread)
7. Isolating Windows Applications (Thread)
8. AW: SUS server (Thread)
IX. SUN FOCUS LIST SUMMARY
1. what to turn on for solaris auditing (Thread)
2. Solaris 9 sftp-server (Thread)
3. /.iiim/auth/passwd on Solaris 8 (Thread)
4. SecurityFocus Article Announcement (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Re Live Upgrade for Linux (Thread)
2. after ptrace patch. (Thread)
3. SecurityFocus Article Announcement (Thread)
4. Red Hat: To patch or to upgrade? (Thread)
5. Live Upgrade for Linux (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Steganography Revealed
By Kristy Westphal
Steganography is a means of protecting the confidentiality of data by
"hiding" it within a larger file of data. This technique can be used for
both legitimate and illegitimate purposes. This article will offer a brief
introductory discussion of steganography: what it is, how it can be used,
and the implications it can have for security.
http://www.securityfocus.com/infocus/1684
2. Specter: a Commercial Honeypot Solution for Windows
by Lance Spitzner
This is the third installment in an ongoing series of articles looking at
honeypots. In the first two papers, we discussed the OpenSource honeypot
Honeyd, how it works, and a deployment in the wild. In this paper we will
look at a different honeypot, the commercially supported solution Specter.
http://www.securityfocus.com/infocus/1683
3. Cryptographic File Systems, Part Two: Implementation
by Ido Dubrawsky
This is the second article in a two-part series looking at cryptographic
filesystems. The first article in this series covered the background on
cryptographic filesystems from the underlying concepts to some of the
mechanics of those systems. This article will cover implementation. The
focus will be on implementing the Microsoft's EFS under Windows 2000 and
the Linux CryptoAPI.
http://www.securityfocus.com/infocus/1685
4. Super-DMCA Not So Bad
By Mark Rasch
The latest version of the controversial law could be a valuable weapon
against thieves and pirates.
http://www.securityfocus.com/columnists/153
5. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
II. BUGTRAQ SUMMARY
-------------------
1. Hyperion FTP Server MKDIR Buffer Overflow Vulnerability
BugTraq ID: 7278
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7278
Summary:
Hyperion FTP Server is an FTP server for Microsoft Windows platforms.
Hyperion FTP Server is prone to a remotely exploitable buffer overflow
condition. This is due to insufficient bounds checking of FTP 'mkdir'
commands. It is possible to trigger the condition by submitting a
malformed 'mkdir' command with a directory string that is 251+ bytes in
length. This will permit an authenticated FTP user to corrupt sensitive
regions of memory with malicious values.
It may be possible to exploit this vulnerability to execute malicious
instructions in the context of the FTP server. The FTP server is
typically run with SYSTEM privileges.
This issue may be related to BID 6467.
2. Multiple Vendor I/O System Call File Existence Weakness
BugTraq ID: 7279
Remote: No
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7279
Summary:
A weakness has been discovered in the implementation of various I/O system
calls. The problem occurs due to varying error return times, when
accessing existent and non-existent files. This issue has been confirmed
to affect the open() system call, however it is likely that other similar
calls are also affected.
An attacker could exploit this vulnerability by calling the open() system
call on unreadable files. By making requests for various unreadable files,
it may be possible for an attacker to deduce a timing window that can be
used to verify the existence of the file.
It should be noted that a fix for this weakness might not be plausible, as
the kernel is meant to be as efficient as possible. However, the specific
problem may occur due to a differing sequence of events while attempting
to access non-existent files. A solution may be to have an identical
sequence of permission checking on directories, before checking for the
file.
It has been reported that this weakness has successfully been exploited on
various Linux and BSD releases. However, this weakness likely exists in
other operating systems including Sun Solaris and Microsoft Windows.
3. Buffalo WBRG54 Wireless Broadband Router Denial Of Service Vulnerability
BugTraq ID: 7282
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7282
Summary:
Buffalo Wireless Broadband Router WBRG54 is a network device for wireless
networks.
A vulnerability has been reported for the WBRG54 device that may result in
a denial of service. It should be noted that the device must be set to
'peer-to-peer' connection mode if exploitation is to be possible. This
mode allows for two devices to specifically communicate with each other.
The vulnerability occurs when a vulnerable device receives numerous ICMP
packets.
An attacker can exploit this vulnerability by sending ICMP (type 8)
packets to a vulnerable device. In some cases, this will result in the
device behaving unpredictably and denying service.
This vulnerability may also result in the device rebooting spontaneously.
The problem was reported for the WBRG54 with firmware revisions 1.11 and
1.13. Other versions may also be affected.
4. BRS WebWeaver Information Disclosure Vulnerability
BugTraq ID: 7283
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7283
Summary:
BRS WebWeaver is an FTP and web server from Blaine Southam.
A vulnerability has been reported for BRS WebWeaver that may result in the
disclosure of sensitive information. The sample CGI application,
script/testcgi.exe, when executed will return information about the
system.
Information obtained in this manner may be used to launch further attacks
against a vulnerable system.
This vulnerability was reported for BRS WebWeaver 1.01 to 1.03.
5. BRS WebWeaver Long Request Remote Denial of Service Vulnerability
BugTraq ID: 7280
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7280
Summary:
BRS WebWeaver is a small personal web server available for the Microsoft
Windows operating systems.
A denial of service vulnerability has been discovered BRS WebWeaver. The
problem occurs when a request is made for a URL containing excessive data.
Specifically, making a request containing 2499361 bytes of data will cause
the server to consume all available memory.
Exploitation of this vulnerability may allow an anonymous remote attacker
to crash a vulnerable service and possibly the entire system. This will
effectively deny service to other legitimate users.
6. BRS WebWeaver User Password Encryption Weakness
BugTraq ID: 7285
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7285
Summary:
BRS WebWeaver is an FTP and web server from Blaine Southam.
A weakness has been discovered in the BRS WebWeaver FTP server. The
problem lies in the encryption scheme used to store encoded passwords. It
has been discovered that the algorithm used to encode user passwords may
be trivially reversed by an attacker. Specifically, the encoding consists
of user passwords being mapped one to one against static characters.
All passwords are stored in the 'users.ini' file.
Access to user passwords may aid an attacker in launching further attacks
against target systems.
7. PHPSysInfo Index.PHP LNG File Disclosure Vulnerability
BugTraq ID: 7286
Remote: No
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7286
Summary:
PHPSysInfo is a PHP Script that parses the '/proc' filesystem and displays
information about system information in a web browser.
PHPSysInfo has been reported to be vulnerable to a file disclosure issue.
Local users may possibly influence the path for PHPSysinfo language
include files.
An arbitrary file may be included outside of the web root. Using directory
traversal sequences (../) the file may be included as a language resource
for the 'index.php' page. If the malicious include file is symlinked to an
arbitrary web server readable file, such as '/etc/passwd', the contents of
the linked file may be disclosed to the attacker. The file may also
contain PHP code which may be executed in the context of the webserver.
This attack may lead to confidential or sensitive information disclosure,
which could be used to launch other attacks. It may also be exploited to
execute arbitrary attacker supplied PHP code.
8. Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability
BugTraq ID: 7287
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7287
Summary:
Abyss Web Server is a freely available personal web server. It is
maintained by Aprelium Technologies and runs on Microsoft Windows
operating systems, as well as Linux.
A denial of service vulnerability has been reported for Abyss Web Server.
The vulnerability exists when Abyss attempts to parse certain incomplete
HTTP headers. Specifically, if the 'Connection:' and 'Range:' HTTP headers
are blank, the web server will crash.
An attacker can exploit this vulnerability by connecting to a vulnerable
server and sending blank 'Connection:' and 'Range:' HTTP headers. This
will result in a denial of service condition.
This vulnerability was reported for Abyss Web Server 1.1.2.
9. CVSps Unfiltered Escape Sequence Vulnerability
BugTraq ID: 7288
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7288
Summary:
CVSps is a program to generate a diff/patch set for CVS repositories. It
is available for Linux and Unix variant operating systems.
A vulnerability has been reported for CVSps where some characters were
improperly filtered prior to sending them to the command shell.
Specifically, escape sequences are not properly filtered from filenames
when generating a diff/patch set.
This issue can be exploited by a malicious CVS contributor who names a
file with malicious escape and shell metacharacters. When CVSps is used to
process the malicious file, it may be possible to execute commands on the
underlying shell of the host.
This vulnerability was reported for CVSps 2.0b9 and earlier.
10. SignHere Guestbook HTML Injection Vulnerability
BugTraq ID: 7289
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7289
Summary:
SignHere Guestbook is guestbook software implemented in ASP and
distributed by Bitstrike Software. It is available for the Microsoft
Windows operating system.
It has been reported that SignHere does not sufficiently filter
user-supplied values from the 'email' field. As a result, attackers may
embed malicious script code or HTML into SignHere posts. When a malicious
post is viewed by another user, the attacker-supplied code will be
interpreted in their web browser in the security context of the site
hosting the software.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
11. Invision Board functions.php SQL Injection Vulnerability
BugTraq ID: 7290
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7290
Summary:
Invision Board is web forum software. It is implemented in PHP and is
available for Unix and Linux variants and Microsoft Windows operating
systems.
An input validation error has been reported in Invision Board which may
result in the manipulation of SQL queries. This vulnerability exists in
the load_skin() function of the functions.php script file. Specifically,
the value supplied for the 'skinid' variable is not properly cast as an
integer type.
An attacker may be able to exploit this vulnerability by manipulating
'skinid' URI parameter to include malicious SQL commands and queries which
may result in information disclosure, or database corruption. The
consequences depend on the nature of specific queries. This issue may
allow the attacker to exploit latent vulnerabilities in the underlying
database.
This vulnerability was reported for Invision Board 1.1.1.
12. Interbase External Table File Verification Vulnerability
BugTraq ID: 7291
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7291
Summary:
Interbase is a database distributed and maintained by Borland. It is
available for Unix and Linux operating systems.
A vulnerability has been reported for Interbase that may result in the
corruption of arbitrary system files. The vulnerability exists due to
insufficient checks performed when creating or manipulating external
databases. Specifically, file existence checks are not made.
An attacker can exploit this vulnerability by creating an external table
pointing to an arbitrary system file. When the attacker attempts to modify
the external table, the system file will be corrupted with
attacker-supplied information. This may result in system instability.
This vulnerability is further exacerbated by the fact that the Interbase
service typically runs with root or SYSTEM level privileges.
Firebird is based on Borland/Inprise Interbase source code and is
therefore also prone to this issue.
13. SETI@home Client Program Remote Buffer Overflow Vulnerability
BugTraq ID: 7292
Remote: Yes
Date Published: Apr 06 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7292
Summary:
SETI@home is a client program designed to run on a computer when it is not
in use. The client receives data from a central server, which it later
analyzes in search of various information. It is available for a variety
of platforms including Linux, Unix, and the Microsoft Windows operating
system.
A vulnerability has been discovered in the SETI@home client program. Due
to insufficient bounds checking when processing server data, it may be
possible for a remote attacker to trigger a buffer overflow.
This issue could be exploited by forging an HTTP request which mimics a
server response handler. When a vulnerable client attempts to process the
malicious server response, a buffer overflow will be triggered.
Successful exploitatation of this issue may allow an attacker to execute
arbitrary commands on a target system, with the privileges of the user
invoking the software.
This vulnerability affects SETI@home clients prior to 3.08.
14. SETI@home Client Program Information Disclosure Vulnerability
BugTraq ID: 7281
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7281
Summary:
SETI@home is a client program designed to run on a computer when it is not
in use. The client receives data from a central server, which it later
analyzes in search of various information. It is available for a variety
of platforms including Linux, Unix, and the Microsoft Windows operating
system.
A vulnerability has been reported in the SETI@home client program.
Specifically, sensitive information is transmitted from the client to the
server in plain text. As a result, sensitive operating system and
processor information may be disclosed to an attacker.
An attacker could exploit this system by sniffing network traffic
transmitted between the client and the server. Access to this type of
information may aid in launching attacks against the system running the
client.
This vulnerability was reported for SETI@home version 3.03.
15. Metrics Insecure Local File Creation Vulnerability
BugTraq ID: 7293
Remote: No
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7293
Summary:
Metrics is an application designed to measure various software metrics. It
is available for the Linux operating system and is included with the
Debian 2.2 distribution.
A vulnerability has been discovered in Metrics which could allow an
attacker to corrupt sensitive system files. The problem occurs in the
'halstead' and 'gather_stats' scripts, included in the Metrics package.
The vulnerability exists due to the two scripts failing to carry out
sufficient security precautions when attempting to create temporary files.
As a result, it may be possible for a malicious local user to corrupt
sensitive system files.
This vulnerability was discovered in Metrics version 1.0 however, earlier
versions may also be affected.
16. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability
BugTraq ID: 7294
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7294
Summary:
Samba is a freely available file and printer sharing application
maintained and developed by the Samba Development Team. Samba allows file
and printer sharing between operating systems on the Unix and Microsoft
platforms. The Samba daemon is typically run with super user privileges.
A buffer overflow vulnerability has been reported for Samba that could
allow an anonymous remote attacker to execute arbitrary code.
The vulnerability occurs in the 'call_trans2open()' function when copying
data into a 1024 byte static buffer. Sufficient bounds checking is not
performed when a call to the 'Strncpy()' function is invoked. The length
argument supplied to 'Strncpy()' is exactly the length of the
user-supplied data. As a result, an attacker could exploit this
vulnerability by sending data in excess of 1024 bytes.
Successful exploitation of this vulnerability could allow an anonymous
attacker to overwrite sensitive stack variables, including the
'open_trans2open()' functions' saved return address. The ability to
influence sensitive memory could be leveraged by the attacker to execute
arbitrary code with the privileges of the Samba server process.
17. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 7295
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7295
Summary:
Samba is a freely available file and printer sharing application
maintained and developed by the Samba Development Team. Samba allows file
and printer sharing between operating systems on the Unix and Microsoft
platforms. The Samba daemon is typically run with super user privileges.
Multiple remote buffer overflow vulnerabilities have been reported for
Samba and Samba-TNG. The overflows are reported to occur in both stack and
heap-based memory. This issue occurs due to insufficient bounds checking
when copying user-supplied data to internal buffers.
Although it has not been confirmed, it is likely that these issues can be
exploited to execute arbitrary code, with the privileges of Samba (which
typically runs as root).
These issues are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1.
The precise technical details regarding these vulnerabilities is currently
unknown. This BID will be updated as further information is made
available.
It should be noted that these vulnerabilities may be similar to the issue
described in BID 7294.
18. Vignette StoryServer Sensitive Stack Memory Information Disclosure
Vulnerability
BugTraq ID: 7296
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7296
Summary:
Vignette StoryServer is a dynamic content management system. It allows the
use of TCL code to perform a wide range of functions. For example database
interaction and cookie creation.
It has been reported that Vignette StoryServer, under certain
circumstances, may reveal the contents of stack memory.
Specifically, a specially crafted HTTPS request containing '<' and '"'
characters passed as URI parameters to any page that accepts user-supplied
data will trigger an error state.
An error message containing the current contents of stack memory will be
returned to the attackers browser.
It should be noted that this vulnerability might be exploited in a
continuous manner without an impact on the Vignette StoryServer service
state. The attacker may use this condition to provide reconnaissance over
a period of time until sufficient information has been gathered to aid in
further activity against the vulnerable host.
19. JPEGX Wizard Password Bypass Vulnerability
BugTraq ID: 7298
Remote: No
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7298
Summary:
JPEGX is steganography software for Microsoft Windows, it is designed to
embed encrypted data into JPEG files.
JpegX has been reported prone to a password bypass vulnerability.
It has been reported that when no password credentials are supplied if
using the JpegX wizard to decrypt data contained in JpegX JPEG files,
JpegX will decipher the file regardless.
This vulnerability may lead to sensitive information disclosure.
20. Coppermine Photo Gallery PHP Code Injection Vulnerability
BugTraq ID: 7300
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7300
Summary:
Coppermine Photo Gallery is a web based picture gallery script that allows
users to upload pictures with a web browser, add comments, send e-cards
and view statistics about the pictures.
Coppermine Photo Gallery has been reported prone to PHP code injection
attacks.
Due to a lack of sufficient sanitization performed on user-supplied
filenames that are uploaded into the Photo Gallery, an attacker may upload
a malicious JPEG. The attacker may craft the file in such a way that PHP
code execution will occur when the image is viewed.
Specifically, the attacker may embed PHP code as a signature to a valid
JPEG image and name it 'Filename.jpg.php'. The attacker may then upload
the file to a vulnerable server. If the image is still considered a valid
JPEG file by the Coppermine photo gallery, when the JPEG image is viewed
the code contained within the JPEG file will be executed in the context of
the web server hosting the vulnerable application. The attacker may use
'shell_exec()' or similar functions as a conduit to execute arbitrary
shell commands remotely.
This attack may result in arbitrary PHP code execution in the security
context of the web server that is hosting the vulnerable application.
21. Py-Membres Remote SQL Injection Vulnerability
BugTraq ID: 7301
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7301
Summary:
A vulnerability has been reported for Py-Membres 4.0 that allows remote
attackers to modify the logic of SQL queries.
It has been reported that an input validation error exists in the
login.php file included with Py-Membres. Because of this issue, remote
attackers may launch SQL injection attacks through the software.
This problem requires that the PHP configuration directive
'magic_quotes_gpc' be disabled, although it may also be present with
limited impact when the directive is enabled. Exploitation of this issue
will allow an attacker to inject SQL syntax into database queries via the
'login' variable for the login.php script. This may allow for a variety of
attacks.
22. MIRC DCC Get Dialog File Spoofing Weakness
BugTraq ID: 7304
Remote: Yes
Date Published: Apr 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7304
Summary:
mIRC is a chat client for the IRC protocol, designed for Microsoft Windows
based operating systems.
It has been reported that it is possible to spoof file extensions in
mIRC's DCC Get dialog. A malicious IRC user could construct a filename
with a "safe" extension such as .jpg or .txt, followed by a number of
"alt+0160" characters to create whitespace, followed by the real
extension. When this file is displayed in the DCC GET dialog, the real
extension will not be displayed. The issue occurs because the DCC GET
dialog will truncate filenames if they are too long. This will only work
if the real extension is not on an ignore list.
This could be exploited to trick a user into thinking a malicious file is
safe, which may create a false sense of security and cause the user to
open the file.
23. Orplex Guest Book Addentry.ASP Code Injection Vulnerability
BugTraq ID: 7305
Remote: Yes
Date Published: Apr 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7305
Summary:
Orplex Guest Book is a free web based guest book script that generates
dynamic content using user-supplied input.
Orplex Guest Book has been reported vulnerable to code injection attacks.
It has been reported that, due to a lack of sufficient sanitization
performed on user-supplied data, specifically the 'Name' and 'Message'
fields, an attacker may inject arbitrary script code into dynamic pages
generated by the Orplex Guest Book.
All script code will be executed in the browser of visitors, within the
context of the affected site.
This may potentially be exploited to hijack web content or steal
cookie-based authentication credentials from legitimate users. Other
attacks are also possible.
24. Amavis Header Parsing Mail Relaying Weakness
BugTraq ID: 7306
Remote: Yes
Date Published: Apr 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7306
Summary:
Amavis is a freely available, open source virus scanning software package.
It is available for the UNIX and Linux operating systems.
A problem with the software may make it possible to perform unauthorized
actions in vulnerable configurations.
It has been reported that some versions of Amavis-ng do not properly
interact with Postfix. Because of this, an attacker may be able to
circumvent relay restrictions.
The problem is in the handling of headers. Due to improper e-mail header
processing, Amavis may send e-mails to addresses specified in a To: field
in the message body rather than the RCPT TO: field specified via SMTP.
This could make it possible to relay e-mails through some configurations.
25. MollenSoft Hyperion FTP Server USER Command Buffer Overflow Vulnerability
BugTraq ID: 7307
Remote: Yes
Date Published: Apr 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7307
Summary:
MollenSoft Hyperion FTP Server is a server that supports basic FTP
functionality and more. It is available for the Microsoft Windows
operating systems.
MollenSoft Hyperion FTP Server reported prone to a buffer overflow
vulnerability.
Reportedly the buffer overflow results from a lack of sufficient bounds
checking performed on arguments passed to the FTP 'USER' command. If an
excessive quantity of data (> 931 bytes) is passed to the affected
command, an internal memory buffer may be overrun. This could result in
the memory adjacent to the buffer being corrupted with attacker-supplied
data.
If the adjacent memory contains values that are crucial to program
execution, the attacker may redirect execution flow, and cause the
vulnerable application to execute attacker-supplied instructions.
This vulnerability has been reported to be exploitable to trigger a DoS
condition and in some cases bypass the Hyperion FTP server authentication
mechanism.
Although unconfirmed arbitrary code execution may also be possible.
It should be noted that this vulnerability was discovered in version 3.0.0
of Hyperion FTP Server. It is not yet known whether this issue affects
earlier versions.
26. QuickFront File Disclosure Vulnerability
BugTraq ID: 7308
Remote: Yes
Date Published: Apr 09 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7308
Summary:
QuickFront is a tool that is a tool that allows e-mail searches using a
web browser. It is marketed as a Microsoft Exchange add-on product.
A vulnerability has been reported for QuickFront that will result in the
disclosure of sensitive system resources to remote attackers.
QuickFront does not properly sanitize user-supplied input. Specifically,
directory traversal sequences such as '../' to HTTP requests are not
removed.
A remote attacker is able to exploit this vulnerability by issuing a HTTP
request which includes directory traversal sequences. Upon receiving such
a request, the QuickFront web server will return the requested resource.
Information gathered in such a way may be used to launch further attacks
against the webserver.
This vulnerability was reported for QuickFront 1.0.0.189.
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Sparks over Power Grid Cybersecurity
By Kevin Poulsen
A new measure aims to protect the networks that control electric power
distribution throughout North America. But not everyone is juiced over
plans to hold utilities accountable to tight security practices.
http://www.securityfocus.com/news/3871
2. Smart credit on UK cards. Will it cut fraud?
By John Leyden, The Register
UK banks, building societies and retailers are to introduce a more secure
method of authorising credit card payments.
http://www.securityfocus.com/news/3884
3. Behind Patriotic Words, Same Old Spam
By Jonathan Krim, Washington Post
"Spam" e-mail, already a costly and frustrating bane of computer users and
corporations, has surged as spammers invoke the war in Iraq as a way to
lure customers.
http://www.securityfocus.com/news/3855
4. Hoaxster hacker discovers infinite-wealth algorithm
By Thomas C. Greene, The Register
Hacker stunt-double and convicted financial fraudster Kim Schmitz (aka
Kimble) is up to his old tricks, this time with a package of techno
trickery for making a killing in the stock market. To satisfy the dreams
of instant fortune common to those who believe in fairy tales, he's
devised an "AI-based decision system" for share trading which
scientifically "selects the optimal combination of trading strategies for
current market conditions".
http://www.securityfocus.com/news/3853
IV. SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. Scapy v0.9.9
by Philippe Biondi
Relevant URL:
http://www.cartel-securite.fr/pbiondi/scapy.html
Platforms: Linux, POSIX
Summary:
Scapy is a powerful interactive packet manipulation tool, packet
generator, network scanner, network discovery tool, and packet sniffer. It
provides classes to interactively create packets or sets of packets,
manipulate them, send them over the wire, sniff other packets from the
wire, match answers and replies, and more. Interaction is provided by the
Python interpreter, so Python programming structures can be used (such as
variables, loops, and functions). Report modules are possible and easy to
make. It is intended to do about the same things as ttlscan, nmap, hping,
queso, p0f, xprobe, arping, arp-sk/arpspoof, firewalk, irpas, tethereal,
and tcpdump.
2. SecurID authentication for OpenSSH v3.6.1p1
by Vaclav Tomec
Relevant URL:
http://sweb.cz/v_t_m/
Platforms: UNIX
Summary:
SecurID authentication for OpenSSH is done as a patch for the official
portable release of OpenSSH. It is done as keyboard-interactive
authentication and securid-1 (at) ssh (dot) com [email concealed] authentication (a non-standard
solution provided in commercial implementations from F-Secure and SSH).
All SecurID token states are covered (Next token code and New PIN).
3. wping v0.1a
by x-router
Relevant URL:
http://www.x-router.com
Platforms: Perl (any system supporting perl)
Summary:
wping is a Web-based graphical ping log. It logs ping response times to a
user-defined list of hosts and produces a Web page that contains a current
ping graph and a historic ping graph over a specified time period. Ping
response times are averaged in order to give a smooth reading.
4. NAT Monitor v0.7
by thedayofcondor
Relevant URL:
http://natmonitor.sourceforge.net/
Platforms: Linux, POSIX
Summary:
NAT Monitor is a graphical monitor to keep tracks of hosts' bandwidth
usage in a Linux-NAT local network. NAT Monitor draws a stacked graph with
a different color for every LAN host. It autodetects hosts and has a nice
summary statistic.
5. dnotify 0.13.0 v0.13.0
by Oskar Liljeblad
Relevant URL:
http://www.student.lu.se/~nbi98oli/dnotify.html
Platforms: Linux, POSIX
Summary:
dnotify is a simple program that makes it possible to execute a command
every time the contents of a specific directory change in Linux. It is run
from the command line and takes two arguments: one or more directories to
monitor and a command to execute whenever a directory has changed. Options
control what events to trigger on: when a file was read in the directory,
when one was created/deleted, etc.
6. JWall v0.65
by Zack Link zack (at) the-links (dot) net [email concealed]
Relevant URL:
http://sourceforge.net/projects/jwall/
Platforms: Linux, POSIX
Summary:
JWall is a Java-based application for graphically building and installing
rules for one or more firewalls, local or remote.
V. SECURITY JOBS SUMMARY
------------------------
1. Information Security Analyst, Liverpool UK (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/318095
2. Looking for full time systems/network security position - software development (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/318096
3. Summer Positions / Co-ops?? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317974
4. Seeking Employment - CISSP CCNA CCNP CCSA CCSE Perfer Colorado but willing to relo (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317978
5. Security Practice Manager (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317973
6. R&D Advisory Services Director/Team Lead - New England (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317977
7. Sr. Database Manager - Reston, VA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317976
8. Information Assurance Network Engineer - PA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317972
9. Security Positions in Newington/Springfield, VA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317971
10. Security Program Lead (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317970
11. Information Security Consultant - Cleveland, Oh (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317804
12. Sr. Security Compliance and Reporting Project Manager - Cleveland, Oh (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317803
13. Sr. Product Manager - Redwood City CA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317802
14. Development Manager Needed - Symantec in Redwood City CA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317778
15. UNSUBSCRIBE !!! (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317780
16. Job: Application Security Consultant (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317755
17. Intrusion Detection Engineer (NFR) Job Opening (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317693
18. data security Analyst needed in Richmond, VA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317696
19. Security Infrastructure - Analyst and Configuration Manager needed in DC (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317695
20. Security Consulting Job in SF Bay Area, CISSP certified (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317694
21. Calgary - Security Focus,CAN Development (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317662
22. Sr. Network Security R&D Engineer (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317658
23. FL CISSP Seeking a Position (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317645
24. Security Analyst needed (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317623
25. Security Engineer Admin Inquiry (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317617
26. MD - Sr. Security Analyst - RACF and Mainframe GURU (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317622
27. Security Proffesional seeking work (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317621
28. Manager or Senior Manager Security Services - Deloitte & Touche - Detroit, Atlanta (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317530
29. WildList (Malicious Code) Analyst, Mechanicsburg, PA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317485
30. Deloitte & Touche - Application Security - JD Edwards (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317432
31. Deloitte & Touche (New York) - Security Consultants at all levels needed!! (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/317433
VI. INCIDENTS LIST SUMMARY
-------------------------
1. New trojan? Old trojan with new characteristics? Anyone seenthis? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/318064
2. New SecurityFocus article: Steganography Revealed (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317948
3. New SecurityFocus article: Specter: A Commercial Honeypot Solution for Windows (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317947
4. ATD OpenSSL Mass Exploiter Analysis (another "/sumthin" scan tool) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317718
5. Does anyone recognize the scanner that causes this pattern ? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317716
6. unknown rootkit found in the wild (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317715
7. SMTP probes (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317719
8. Logon.dll? Possible root-kit? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/317522
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. connect-back win32 shellcode (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/318062
2. Buffer overflow in Dovecot or OpenSSL? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317866
3. Sendmail's prescan exploit thoughts (Thread)
Relevant URL:
http://online.securityfocus.com/archive/82/317495
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. ISA Log file analysis software - suggestions? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/318102
2. checking server status (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/318076
3. SUS server (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/318068
4. VPN and ISA server (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317934
5. Federated Security Applications and Implications. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317927
6. Closed and Open Systems (was SUS Server) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317810
7. Isolating Windows Applications (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317744
8. AW: SUS server (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/317543
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. what to turn on for solaris auditing (Thread)
Relevant URL:
http://online.securityfocus.com/archive/92/318025
2. Solaris 9 sftp-server (Thread)
Relevant URL:
http://online.securityfocus.com/archive/92/317964
3. /.iiim/auth/passwd on Solaris 8 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/92/317962
4. SecurityFocus Article Announcement (Thread)
Relevant URL:
http://online.securityfocus.com/archive/92/317886
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Re Live Upgrade for Linux (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/318023
2. after ptrace patch. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317959
3. SecurityFocus Article Announcement (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317882
4. Red Hat: To patch or to upgrade? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317881
5. Live Upgrade for Linux (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/317880
XI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Mail Frontier
Free Whitepaper: Spam Blocking for the Enterprise IT professionals are
faced with new challenges as spam grows exponentially. Ferris Research
ranks spam number one among priority issues for corporate e-mail.
This free whitepaper examines the impact of junk mail on the enterprise.
http://altfarm.mediaplex.com/ad/ck/2848-12288-6929-0
------------------------------------------------------------------------
-------
[ reply ]