SecurityFocus Newsletter #195
-----------------------------
This issue is sponsored by: Vigilar
FREE Linksys Wireless Access Point When You Register for ANY Vigilar
Security Course!
Why Train With Anyone Other Than Security Experts When Seeking Certification?
** Courses Offered Nationwide with 100% Satisfaction Guarantee.
** 30% Discount off select CISSP and Check Point Courses!
** Courses: CISSP, Security+, Ethical Hacking, CWP® (Certified Wireless
Professional), CISCO Security & more!
Take Advantage of Vigilar's Pass Rate (95%) Today- The Highest in the
Industry!
Visit us at: http://www.securityfocus.com/Vigilar-sf-news
------------------------------------------------------------------------
------
I. FRONT AND CENTER
1. Honeypots: Simple, Cost-Effective Detection
2. Introduction to Simple Oracle Auditing
3. Madonna's Borderline MP3 Tactics
4. Auditing Web Site Authentication, Part Two
II. BUGTRAQ SUMMARY
1. Truegalerie Unauthorized Administrative Access Vulnerability
2. SonicWALL Pro Large HTTP POST Denial of Service Vulnerability
3. Kerio Personal Firewall Firewall Filter Bypass Vulnerability
4. Xoops MyTextSanitizer HTML Injection Vulnerability
5. Linux-ATM LES Command Line Argument Buffer Overflow Vulnerability
6. Alt-N WebAdmin Remote File Viewing Vulnerability
7. Alt-N WebAdmin Remote File Disclosure Vulnerability
8. Invision Board Restricted Forum Plaintext Password Vulnerability
9. Onecenter Forum IMG Tag Script Injection Vulnerability
10. SGI IRIX Name Service Daemon LDAP UserPassword Bypass...
11. Macromedia ColdFusion MX Error Message Path Disclosure...
12. Mike Bobbit Album.PL Remote Command Execution Vulnerability
13. Alt-N MDaemon POP Server DELE Command Buffer Overflow...
14. Alt-N MDaemon IMAP Server Folder Creation Buffer Overflow...
15. Qualcomm Qpopper Poppassd Local Arbitrary Command Execution...
16. Apache Mod_Auth_Any Remote Command Execution Vulnerability
17. Opera JavaScript Console Single Quote Attribute Injection...
18. Opera 6/7 Remote Heap Corruption Vulnerability
19. 3D-FTP Client Buffer Overflow Vulnerability
20. HP Tru64 Installation Software Insecure File Creation...
21. Sun Solaris Lofiadm Kernel Memory Leak Denial Of Service...
22. Oracle Net Services Link Buffer Overflow Vulnerability
23. Netscape Navigator Directory Cross-Domain Scripting Vulnerability
24. Sun Solaris RPCbind Unspecified Denial of Service Vulnerability
25. Sun Ray Smart Card Removal Session Logout Failure Vulnerability
26. Auerswald COMsuite CTI Application Weak Default Password...
27. HP-UX RExec Remote Username Flag Local Buffer Overrun...
28. Worker Filemanager Directory Creation Race Condition...
III. SECURITYFOCUS NEWS ARTICLES
1. RIAA messaging gambit faces countermeasures
2. Rise of the Spam Zombies
3. RIAA cashes in on file-swapping students
4. Computer crime sentences are 'not good enough'
IV.SECURITYFOCUS TOP 6 TOOLS
1. SSHVnc v0.0.1 Alpha
2. msulogin v0.9
3. Jeb Perl Ping Stats v1.4.4
4. Prelude Library v0.8.5
5. dnsreflector v1.02
6. Epylog v0.9.0
V. SECURITYJOBS LIST SUMMARY
1. Newtork Security Engineers (Thread)
2. Security Officer (Thread)
3. Security Manager (Thread)
4. Senior Account Executive (Thread)
5. Inside Sales Reps Needed - Security Software (Thread)
6. RESUME - CSO / CTO / Sr. Security Eng. (Thread)
7. Manager, Development - Enterprise Security (Thread)
8. Security Manager Germany 200k Euros (Thread)
9. Information Security Consultant Needed Immediately - SF Bay...
10. Forensics Specialist (Thread)
11. Information Sytems Manager (3DP002) - Information Security...
12. Senior Associate - Secure Network Solutions Team (Thread)
13. Saleperson Needed in Maryland (Thread)
14. Job Offering: Singapore (Thread)
15. Senior Network Security Engineers - Amherst, NY (Thread)
16. searching for a junior computer security engineer position...
17. Seeking Security Archiect role in Toronto Canada (Repost)...
18. Position: IT Security Officer - Baltimore, MD (Thread)
19. Illinois- $90K-$110K - Script Kiddies..... (Thread)
20. Director of QA (Thread)
21. Security Consultant Available (Thread)
22. Information Security Technician - Richmond, VA (Thread)
23. Information Security Evangelist (Paris, France) (Thread)
24. bay area vulnerability researcher available (Thread)
25. Consultant available (Thread)
26. Security Training and Awareness Manager vacancy (Thread)
VI. INCIDENTS LIST SUMMARY
1. Logs showing GET /.hash=... (Thread)
2. UDP packets towards port 38293 (NAV) (Thread)
3. New attack or old Vulnerability Scanner? (Thread)
4. Administrivia: SPAM control, vacation messages, and the like....
5. Odd IIS log entries (Thread)
6. New CodeRed strain? -- UPDATE (Thread)
7. undetected DDOS (Thread)
8. Anyone seen this UDP source port 7001 traffic? (Thread)
9. lots of port 0 scannings (Thread)
10. SMTP Scans (Thread)
11. New CodeRed strain? (Thread)
12. Scans on TCP port 9631 + other unknown ports (Thread)
13. msamba (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Buffer overflow in Microsoft ftp.exe (Thread)
2. shellcode not executing if optimizations are on. (Thread)
3. Windows XP mmc.exe Crash (Thread)
4. smallftpd's version 1.0.2 Directory Transversal Vulnerability...
5. Latest MS SQL Server vulnerabilities revealed. (Thread)
6. Administrivia: Local Windows Overflows (Thread)
7. heap overflow under solaris sparc (Thread)
8. s0h: Remote/Local exploit and patch for regedit.exe. (Thread)
9. defacement stats (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Outlook Security Settings removed (Thread)
2. AD Question (Thread)
3. SecurityFocus Microsoft Newsletter #135 (Thread)
4. Windows 2003 Security Guides (Thread)
IX. SUN FOCUS LIST SUMMARY
1. .exrc file security risks (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Martian Source (Thread)
2. SUMMARY: Linux Security Courses (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Honeypots: Simple, Cost-Effective Detection
By Lance Spitzner
This is the fourth article in an ongoing series on honeypots. This article
will examine the role of honeypots in detection.
http://www.securityfocus.com/infocus/1690
2. Introduction to Simple Oracle Auditing
by Pete Finnigan
This article will introduce the reader to the basics of auditing an Oracle
database. Oracle's RDBMS is a functionally rich product and there are a
number of auditing alternatives available to the reader. Because auditing
Oracle is such a huge subject, doing all of it justice would take an
entire book, so this paper will cover the basics of why, when and how to
conduct an audit. It will also use a couple of good example cases to
illustrate how useful Oracle audit can be to an organization.
http://www.securityfocus.com/infocus/1689
3. Madonna's Borderline MP3 Tactics
By Mark Rasch
The material girl's foul-mouthed revenge on music traders could be
interpreted as a deceptive trade practice, or even outright fraud.
http://www.securityfocus.com/columnists/158
4. Auditing Web Site Authentication, Part Two
By Mark Burnett
This is the second part of a two-part series addressing both of those
issues by establishing a standard audit procedure by which to measure your
own security. This article will explore issues surrounding user privacy,
session authentication, user security, and cookies.
Truegalerie is web-based photo album software implemented in PHP and is
available for a variety of platforms including Microsoft Windows and Linux
variant systems.
A vulnerability has been reported for Truegalerie that may result in
unauthorized administrative access. The vulnerability exists due to
insufficient sanitization of some URI values. Specifically, the values for
the URI parameter 'loggedin' are not properly verified.
An attacker can exploit this vulnerability by manipulating the 'loggedin'
URI parameter to obtain administrative access to the site hosting
Truegalerie.
This vulnerability was reported for Truegalerie 1.0.
2. SonicWALL Pro Large HTTP POST Denial of Service Vulnerability
BugTraq ID: 7435
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7435
Summary:
SonicWALL Pro is a hardware firewall that performs stateful packet
inspection. The device can also provide VPN service and NAT. It is
primarily for use in small office/home office (SOHO) environments.
SonicWALL Pro is reported to be prone to a denial of service condition.
This can be triggered by sending an unusually large HTTP POST to the
device's internal interface. The device will reportedly enter a reset
cycle approximately 20 seconds after receiving the POST data, resulting in
a loss of device availability during this period.
This condition may be the result of a buffer in the device's firmware
being overrun, however, this has not been confirmed.
This vulnerability was reported to affect SonicWALL Pro devices running
firmware version 6.4.0.1 and ROM version 5.0.1.0.
It is important to note that a similar vulnerability was previously
reported on SonicWALL devices (BID 2013). It is not known if this is the
same issue that has been reintroduced into the firmware or a separate
issue.
Kerio Personal Firewall (KPF) is a desktop firewall solution that performs
stateful packet inspection. It runs on Windows NT/2000/XP.
Reportedly KPF suffers from a vulnerability whereby the existing firewall
filters may be bypassed. This vulnerability exists due to the fact that
UDP traffic to and from port 53 (DNS) is allowed. It should be noted that
DNS traffic is enabled so that name resolution will occur.
Allegedly, an attacker may craft a special packet with a source port of 53
and send this packet to a vulnerable system. KPF will allow this packet to
proceed thus bypassing the firewall filters.
KPF implements stateful packet filtering for its firewall and as such,
unsolicited traffic, as described above, is unlikely to get through the
firewall.
This vulnerability has not been confirmed by the vendor.
Xoops is open-source, freely available web portal software written in
object-oriented PHP. It is back-ended by a MySQL database and will run on
most Unix and Linux distributions.
The MyTextSanitizer script is used by Xoops to filter unsupported and
malicious characters. It is also capable of filtering malicious scripts.
A script code injection vulnerability has been discovered in the
MyTextSanitizer script. The problem occurs due to insufficient filtering
of script code embedded within HTML 'img' tags. As a result, an attacker
may be capable of placing malicious HTML or script code within 'newbb'
posts, private messages, and news posts.
Successful exploitation of this vulnerability may allow a malicious Xoops
user to execute arbitrary HTML or script code within the browser of a
legitimate user. This may allow for the theft of cookie-based
authentication credentials that may escalate to session hijacking. Other
attacks are also possible.
This vulnerability affects Xoops releases prior to 1.3.10 and 2.0.1.
5. Linux-ATM LES Command Line Argument Buffer Overflow Vulnerability
BugTraq ID: 7437
Remote: No
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7437
Summary:
Linux-atm is a set of drivers and tools designed to support ATM networking
under Linux.
The linux-atm 'les' executable has been reported prone to a buffer
overflow vulnerability.
This issue is due to a lack of sufficient bounds checking performed on
data supplied via the '-f' command line argument to the 'les' executable.
Excessive supplied data may overrun the bounds of an internal memory
buffer (of approximately 244 bytes in size) and corrupt adjacent memory.
Because adjacent memory may contain values that are crucial to the control
of execution flow, arbitrary code execution is possible.
Although this vulnerability reportedly affects linux-atm 2.4.0, previous
versions may also be affected.
It should be noted that it is not currently known whether this application
requires elevated privileges to run. No distributions are currently known
which install LES setuid.
Alt-N WebAdmin is an optional component for MDaemon and RelayFax that
allows remote administration.
It has been reported that a remote user is able to view files on the
underlying system by submitting an HTTP request to the WebAdmin server.
The user must have administrative privileges in WebAdmin in order to
exploit this vulnerability.
If WebAdmin is installed under IIS, the attacker would only be able to
access files to which the IWAM_MACHINENAME account has access. The path
and name of the file to be viewed must also be known.
Alt-N WebAdmin is an optional component for MDaemon and RelayFax that
allows remote administration.
It has been reported that a remote user is able to discover the
installation directory of certain software on the underlying system by
submitting an HTTP request to the WebAdmin server. The user must have
administrative privileges in WebAdmin in order to exploit this
vulnerability.
The software affected is the MDaemon and RelayFax software. This could
lead to an attacker gaining sensitive information about a vulnerable
system, and potentially launching more organized attack against system
resources.
8. Invision Board Restricted Forum Plaintext Password Vulnerability
BugTraq ID: 7440
Remote: No
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7440
Summary:
Invision Board is an online bulletin board designed to facilitate
forum-based conversation.
Invision Board has been reported to store restricted forum credentials as
plain text embedded in cookie data.
If the Invision Board admin 'pass protected' option is activated for a
specific forum, on attempted access to the controlled area, the restricted
forum password is reportedly stored as plaintext in a local cookie. The
plaintext password may be recovered from the local cookie and used to
bypass the authentication method used to restrict the private areas of the
board.
It should be noted that although unconfirmed this vulnerability was
reported to affect all versions of Invision Power Board.
9. Onecenter Forum IMG Tag Script Injection Vulnerability
BugTraq ID: 7441
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7441
Summary:
OneCenter ForumOne 4.0 is a full-featured, web-based group discussion
forum.
A problem with Onecenter ForumOne could allow remote users to execute
arbitrary code in the context of the web site hosting ForumOne. The
problem occurs due to the lack of sanitization performed on data embedded
within HTML tags.
Specifically, Onecenter ForumOne does not sanitize code embedded within
HTML IMG tags. As a result, a malicious user may be able to submit a post
to the site containing embedded script code. This code would be executed
by a user's browser in the context of the site.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
Altough this vulnerability was reported to affect OneCenter ForumOne
version 4.0, previous version may also be affected.
10. SGI IRIX Name Service Daemon LDAP UserPassword Bypass Vulnerability
BugTraq ID: 7442
Remote: No
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7442
Summary:
IRIX is a UNIX operating system variant distributed and maintained by SGI.
A problem in the software may make unauthorized access to systems
possible.
It has been reported that the SGI IRIX implementation of LDAP does not
properly handle some attributes from LDAP Servers. Because of this, it
may be possible for a user to gain unauthorized access.
The problem is in the checking of the USERPASSWORD attribute. When the
name service daemon (nsd) is enabled and using LDAP for authentication of
users, it does not properly check the password database for the
USERPASSWORD attribute. Although it is unclear how this problem may allow
an attacker to gain access to the system, it has been reported that this
issue could result in an unauthorized access.
ColdFusion MX is the application server for developing and hosting
infrastructure distributed by Macromedia. It is available as a standalone
product for Unix, Linux, and Microsoft Operating Systems.
A vulnerability has been reported for Macromedia ColdFusion MX that may
reveal the physical path information to attackers.
When certain malformed URL requests are received by the server, an error
message is returned containing the full path of the ColdFusion
installation. Specifically, when a request for the /CFIDE/probe.cfm page
is made on the server process on port 8500, an error message is returned
which contains path information.
Information obtained in this manner may be used by an attacker to launch
further attacks against a vulnerable system.
Mike Bobbit Album.pl is a web-based photo album implemented in Perl. It is
available for a variety of platforms including Windows and Linux variant
operating systems.
A remote command execution vulnerability has been reported for Album.pl.
The vulnerability reportedly exists when alternate configuration files are
used. Thus, it may be possible for a remote attacker to execute arbitrary
commands in the context of the web server process.
A remote attacker may exploit this condition to gain local, interactive
access to the underlying host.
The precise technical details of this vulnerability are currently unknown.
This BID will be updated as further information is available.
13. Alt-N MDaemon POP Server DELE Command Buffer Overflow Vulnerability
BugTraq ID: 7445
Remote: Yes
Date Published: Apr 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7445
Summary:
Alt-N MDaemon is a Microsoft Windows based mail server product.
A buffer overflow vulnerability has been reported for MDaemon. The
vulnerability is due to inadequate bounds checking on the 'DELE' POP
server command.
An attacker can exploit this vulnerability by submitting a very large
value for the DELE command to the POP server. When the POP server receives
this command, it will trigger the overflow condition and will cause
MDaemon to crash.
Although unconfirmed, it may be possible for a remote attacker to exploit
this issue to execute arbitrary system commands with the privileges of the
MDaemon process.
This vulnerability was reported for MDaemon versions 6.0.7 and later.
This issue is very similar to the issue described in BID 6053.
Alt-N MDaemon is a Microsoft Windows based mail server product.
A buffer overflow vulnerability has been reported for the MDaemon IMAP
server. The vulnerability exists when IMAP folders are created.
Specifically, MDaemon does not perform adequate bounds checks when
processing the the CREATE command.
A malicious IMAP user is able to issue a CREATE command with an overly
long value, consisting of greater than 2000 characters, to the vulnerable
MDaemon server. Upon processing this malicious user-input, the buffer
overflow condition will be triggered which may result in code execution
with elevated privileges.
This vulnerability was reported to affect MDaemon 6.7.5 and later.
15. Qualcomm Qpopper Poppassd Local Arbitrary Command Execution Vulnerability
BugTraq ID: 7447
Remote: No
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7447
Summary:
Qualcomm Qpopper poppassd is a daemon that facilitates the modification of
email account passwords.
Qualcomm Qpopper poppassd has been reported prone to a local arbitrary
command execution vulnerability.
poppassd is installed with setUID root permissions set by default and is
executable by all local system users. There has been an issue reported in
poppassd that may allow a local user to execute arbitrary commands in the
context of the root user. An attacker may specify a path to the
'smbpasswd' executable via the '-s' poppassd command line switch. A
malicious executable may be supplied via the path to 'smbpasswd' option,
for example '-s /tmp/smbpasswd' and the executable will be called as
poppassd is run.
An attacker may exploit this condition to elevate privileges on the local
system. Because poppassd is by default setUID root, privileges attained
may be root.
mod_auth_any is an Apache module designed to carry out user authentication
using any program via the command-line.
A vulnerability has been discovered in the mod_auth_any Apache module.
When running commands which require user-supplied arguments, mod_auth_any
fails to sufficiently escape various user-supplied data. As a result, it
may be possible for a remote attacker to embed malicious shell
metacharacters, such as (`) or (;) within command-line arguments. These
metacharacters may result in the authentication procedure prematurely
ending and may cause attacker-supplied commands to be executed.
Successful exploitation of this vulnerability could allow an attacker to
gain access to a host using the vulnerable software with the privileges of
the Apache HTTPD server.
17. Opera JavaScript Console Single Quote Attribute Injection Vulnerability
BugTraq ID: 7449
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7449
Summary:
Opera is a web client available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
A vulnerability has been reported for Opera 7 browsers for Microsoft
Windows operating systems. The vulnerability exists in Opera's JavaScript
console program. The console program consists of three HTML files, one of
which is 'console.html'. Any unhandled exceptions thrown by any JavaScript
are listed in the console and are converted into clickable links.
The vulnerability is present in the regular expressions used by
'console.html' to format exception messages. Specifically, exception
messages are not parsed for quote characters. It is possible, by inserting
of single quote (') characters, to add additional attributes to URIs that
may make it possible to execute arbitrary attacker-supplied script code
through the file:// URI handler. This may lead to disclosure of local
file contents to remote attackers.
This issue is a variant of the vulnerability described in BID 6755, using
single quote characters instead of double quotes. It is reported that
this variant also affects patched versions of the browser. Opera 7.10
attempts to address this issue by sanitizing single quote characters, but
is still prone to the issue if the hexadecimal code for the single quote
HTML entity is used.
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
A vulnerability has been reported for Opera versions 7.10 and earlier, on
the Microsoft Windows platform. The problem is said to occur due to
insufficient bounds checking on filename extensions. As a result, it may
be possible for an attacker to corrupt heap-based memory. This may allow
for the execution of arbitrary code or a prolonged denial of service.
If this issue were exploited, Opera may continuously crash until the
'dcache4.url' file has been deleted. This is due to the malicious filename
being stored within the cache-index.
3D-FTP is a lightweight FTP client application for Microsoft Windows.
It has been reported that 3D-FTP client may be prone to a buffer overflow
condition. This issue is due to the client not implementing sufficient
bounds checking on banner data copied into local memory buffers.
When the FTP client receives a FTP banner that contains an excessive
amount of data it becomes unstable. It has been reported that this
vulnerability can be reproduced by sending an FTP banner of 8192 bytes or
more to a vulnerable client. When the client reads in the banner,
sensitive regions of memory may be corrupted with attacker-supplied
values.
It may be possible for attackers to leverage this vulnerability to execute
instructions. Any code executed would be in the security context of the
FTP client process.
20. HP Tru64 Installation Software Insecure File Creation Vulnerability
BugTraq ID: 7452
Remote: No
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7452
Summary:
HP has reported a vulnerability in various Tru64 installation and updating
software. The problem occurs in the 'dupatch' and 'setld' utilities and
may allow an attacker to trigger a denial of service or possibly execute
commands with elevated privileges.
The vulnerability lies in the method that the utilities use to create
files, likely temporary files used during installation procedures. It is
not currently known whether the problem is a result of a race condition
during file creation, or the use of predictable temporary file names.
However, it is known that a symbolic attack can be carried out against
this vulnerability, making a variety of potential outcomes possible.
21. Sun Solaris Lofiadm Kernel Memory Leak Denial Of Service Vulnerability
BugTraq ID: 7454
Remote: No
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7454
Summary:
lofiadm is an application used to administer 'lofi', the loopback file
driver. lofi allows a file to be associated with a block device. That file
can then be accessed through the block device.
lofiadm has been reported prone to a DoS vulnerability. An unprivileged
user may reportedly employ the lofiadm application to induce a kernel
memory leak on Solaris 8. The kernel memory leak may consume system
resources and result, over time, in system performance degradation or a
critical exception. Requiring a server reboot.
An attacker may exploit this vulnerability to trigger a persistent denial
of service condition on an affected server.
Further details of this vulnerability are currently unknown. This BID will
be updated as further information becomes available.
22. Oracle Net Services Link Buffer Overflow Vulnerability
BugTraq ID: 7453
Remote: Yes
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7453
Summary:
Oracle has announced a buffer overflow vulnerability in Oracle Net
Services for the Oracle Database Server.
The vulnerability exists due to insufficient boundary checks performed by
the Oracle server for values supplied to the 'CREATE DATABASE LINK' query.
The 'CREATE DATABASE LINK' privileges are assigned to the CONNECT role
thus low privileged accounts are able to create database links.
A malicious attacker with CONNECT privileges can exploit this
vulnerability to create a specially crafted database link and then
executing a select query from the link. Once the link is selected the
buffer overflow condition will be triggered resulting in the corruption of
sensitive stack memory. Successful exploitation will result in the
execution of attacker-supplied code with the privileges of the database
server. On Windows systems, the Oracle Database Server is executed with
SYSTEM privileges and on Unix and Linux systems, the Database Server runs
as the 'oracle' user.
Netscape is a web browser which is available for a number of platforms,
including Microsoft Windows and Unix and Linux variants.
A vulnerability has been reported that could allow an attacker to fool
Netscape into running script in a foreign domain. If a dot (.) is
appended to the end of the hostname in a URI, Netscape may accept the
directory name as the actual domain. This could permit a malicious web
page to access the DOM (Document Object Model) of another foreign domain.
An attacker could exploit this by enticing a user to visit a malicious URI
and then running malicious script code which can access the properties of
a foreign domain. This could lead to theft of cookie-based authentication
credentials, information disclosure or other attacks.
This issue was reported for Netscape Navigator 7.02. It is likely that
other versions of Netscape are vulnerable to this issue. As well, browsers
based on Mozilla may be vulnerable too.
24. Sun Solaris RPCbind Unspecified Denial of Service Vulnerability
BugTraq ID: 7455
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7455
Summary:
rpcbind is a server that converts RPC program numbers into universal
addresses. It must be running on the host to be able to make RPC calls on
a server on that machine.
Sun Solaris rpcbind has been reported prone to an unspecified denial of
service vulnerability.
The vulnerability has been reported to affect Solaris rpcbind
implementations and could make it possible for remote users to deny
service to legitimate users of RPC dependent services.
An attacker may exploit this vulnerability to remotely trigger a
persistent denial of service condition on the affected rpcbind service.
Further details of this vulnerability are currently unknown. This BID will
be updated as further information becomes available.
25. Sun Ray Smart Card Removal Session Logout Failure Vulnerability
BugTraq ID: 7457
Remote: No
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7457
Summary:
Sun Ray is a thin-client appliance meant to process all input and output
for a user and to manage communication with the shared Sun Ray server. Sun
Ray Server Software (SRSS) versions 1.3 and 2.0 are prone to an issue
where a session may be left open after a Smart Card is quickly removed.
Sun Ray clients have a smart card reader that facilitates authentication
against a Sun Ray server. A situation where a smart card is quickly
removed, reinserted, and removed again will not log a user out of the Sun
Ray client.
This vulnerability may cause a situation where an unauthorized individual
may have access to a victim user's Sun Ray session.
Auerswald COMsuite is an application suite intended to integrate Telephone
functionality into the Windows environment. The COMsuite CTI (Computer
Telephony Integration) application is designed to automate many manual
telephone functions.
Auerswald COMsuite CTI application has been reported prone to weak default
password vulnerability.
It has been reported that, when installed, the CTI control center creates
a user "runasositron" to enable operating system interaction. A problem
exists in a low entropy password used to control access to the account.
The password is easily guessed using readily available tools.
Once the password is retrieved the "runasositron" account can be used
locally and remotely to access the Windows PC on which COMsuite is
installed.
27. HP-UX RExec Remote Username Flag Local Buffer Overrun Vulnerability
BugTraq ID: 7459
Remote: No
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7459
Summary:
HP-UX is the Unix operating system variant maintained and distributed by
HP.
It has been reported that a problem in the rexec program included with
some versions of HP-UX may be vulnerable to a boundary condition error.
It may be possible for a local user to exploit this vulnerability to gain
elevated privileges on the system.
The rexec program does not properly check bounds in the remote username
flag (-l). This results in a stack overrun that may be exploited by a
malicious local user to execute arbitrary instructions. As the rexec
program is typically a setuid program, exploitation could result in
compromise of the administrative account on a vulnerable system.
This problem has been reported in version 10.20 of HP-UX, but may also
affect other versions.
Worker is a file management utility for the Unix X windowing system. It is
modeled after the Directory Opus 4 application and is available for
Unix-based operating systems.
A vulnerability has been discovered in Worker Filemanager 2.7. The problem
lies in a destination directory that is given world-readable and
executable permissions during data transfer. As a result, during a
specific time window, an attacker may be capable of modifying or accessing
sensitive files located in the directory. Permissions are changed to a
secure setting after the data transfer has completed.
Files located in this directory may contain sensitive data, which may aid
an attacker in launching further attacks against a target system. Though
unconfirmed, if these temporarily accessible files are writeable and later
used by a user or some application to carry out an operation, an attacker
may be capable of corrupting data or executing malicious commands. All
actions carried out would be done with the privileges of the user running
Worker Filemanager, possibly root.
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. RIAA messaging gambit faces countermeasures
By Kevin Poulsen
Peer-to-peer techies use IP blacklists and specialty software to deal with
copyright police.
http://www.securityfocus.com/news/4359
2. Rise of the Spam Zombies
By Kevin Poulsen
Spammers are breaking into home computers and turning them into e-mail
laundering machines.
http://www.securityfocus.com/news/4217
3. RIAA cashes in on file-swapping students
By Ashlee Vance, The Register
The RIAA has tacked on $59,500 to the amount four college students must
pay in addition to their student loans.
http://www.securityfocus.com/news/4403
4. Computer crime sentences are 'not good enough'
By John Leyden, The Register May 2 2003 6:15AM
A senior policeman has called for higher sentences to combat hi-tech
crime. Detective Superintendent Mick Deats, second in command of Britain's
National High Tech Crime Unit, said that computer crime sentences are "not
good enough".
http://www.securityfocus.com/news/4401
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. SSHVnc v0.0.1 Alpha
by Lee David Painter
Relevant URL:
http://www.sshtools.com
Platforms: Os Independent
Summary:
SSHVnc is a standalone Java VNC viewer that secures VNC a ccess by
integrating the popular TightVNC viewer with the SSH Tools Java SSH API.
It features a clean and easy to use interf ace.
2. msulogin v0.9
by Solar Designer
Relevant URL:
http://www.openwall.com/msulogin/
Platforms: Linux, POSIX, UNIX
Summary:
msulogin is the single-user mode login program used to force the console
user to login under a root account before a shell is started. Unlike other
implementations of sulogin, this one supports having multiple root
accounts on a system. msulogin has been developed as a part of Openwall
GNU/*/Linux and is being made available separately primarily for use by
other distributions. Currently, msulogin supports only systems with shadow
passwords and getspnam(3).
3. Jeb Perl Ping Stats v1.4.4
by Jean-Edouard BABIN Jeb (at) jeb.com (dot) fr [email concealed]
Relevant URL:
http://www.jeb.be/codingstuff/
Platforms: N/A
Summary:
JPPS (Jeb Perl Ping Stats) is a Perl script which extracts statistics from
the output generated by the 'ping' command.
The Prelude Library is a collection of generic functions providing
communication between the Prelude Hybrid IDS suite's components. It
provides a convenient interface for sending alerts to Prelude Manager with
transparent SSL, failover and replication support, asynchronous events and
timer interfaces, an abstracted configuration API (hooking at the
commandline, the configuration line, or wide configuration, available from
the Manager), and a generic plugin API. It allows you to easily turn your
favorite security program into a Prelude sensor.
The dnsreflector daemon listens for DNS queries on a local UDP port and
answers with records pointing back to localhost. Combined with OpenBSD's
packet filter pf(4), this works as a bandwidth efficient spamtrap.
6. Epylog v0.9.0
by Konstantin Riabitsev
Relevant URL:
http://linux.duke.edu/projects/epylog/
Platforms: UNIX
Summary:
Epylog is a log notifier and parser that periodically tails system logs on
Unix systems, parses the output in order to present it in an easily
readable format (parsing modules currently exist only for Linux), and
mails the final report to the administrator. It can run daily or hourly.
Epylog is written specifically for large clusters where many systems log
to a single loghost using syslog or syslog-ng. Although Epylog can be used
on standalone systems, other packages (like logwatch) are probably better
suited for such purposes.
V. SECURITY JOBS SUMMARY
------------------------
1. Newtork Security Engineers (Thread)
Relevant URL:
SecurityFocus Newsletter #195
-----------------------------
This issue is sponsored by: Vigilar
FREE Linksys Wireless Access Point When You Register for ANY Vigilar
Security Course!
Why Train With Anyone Other Than Security Experts When Seeking Certification?
** Courses Offered Nationwide with 100% Satisfaction Guarantee.
** 30% Discount off select CISSP and Check Point Courses!
** Courses: CISSP, Security+, Ethical Hacking, CWP® (Certified Wireless
Professional), CISCO Security & more!
Take Advantage of Vigilar's Pass Rate (95%) Today- The Highest in the
Industry!
Visit us at: http://www.securityfocus.com/Vigilar-sf-news
------------------------------------------------------------------------
------
I. FRONT AND CENTER
1. Honeypots: Simple, Cost-Effective Detection
2. Introduction to Simple Oracle Auditing
3. Madonna's Borderline MP3 Tactics
4. Auditing Web Site Authentication, Part Two
II. BUGTRAQ SUMMARY
1. Truegalerie Unauthorized Administrative Access Vulnerability
2. SonicWALL Pro Large HTTP POST Denial of Service Vulnerability
3. Kerio Personal Firewall Firewall Filter Bypass Vulnerability
4. Xoops MyTextSanitizer HTML Injection Vulnerability
5. Linux-ATM LES Command Line Argument Buffer Overflow Vulnerability
6. Alt-N WebAdmin Remote File Viewing Vulnerability
7. Alt-N WebAdmin Remote File Disclosure Vulnerability
8. Invision Board Restricted Forum Plaintext Password Vulnerability
9. Onecenter Forum IMG Tag Script Injection Vulnerability
10. SGI IRIX Name Service Daemon LDAP UserPassword Bypass...
11. Macromedia ColdFusion MX Error Message Path Disclosure...
12. Mike Bobbit Album.PL Remote Command Execution Vulnerability
13. Alt-N MDaemon POP Server DELE Command Buffer Overflow...
14. Alt-N MDaemon IMAP Server Folder Creation Buffer Overflow...
15. Qualcomm Qpopper Poppassd Local Arbitrary Command Execution...
16. Apache Mod_Auth_Any Remote Command Execution Vulnerability
17. Opera JavaScript Console Single Quote Attribute Injection...
18. Opera 6/7 Remote Heap Corruption Vulnerability
19. 3D-FTP Client Buffer Overflow Vulnerability
20. HP Tru64 Installation Software Insecure File Creation...
21. Sun Solaris Lofiadm Kernel Memory Leak Denial Of Service...
22. Oracle Net Services Link Buffer Overflow Vulnerability
23. Netscape Navigator Directory Cross-Domain Scripting Vulnerability
24. Sun Solaris RPCbind Unspecified Denial of Service Vulnerability
25. Sun Ray Smart Card Removal Session Logout Failure Vulnerability
26. Auerswald COMsuite CTI Application Weak Default Password...
27. HP-UX RExec Remote Username Flag Local Buffer Overrun...
28. Worker Filemanager Directory Creation Race Condition...
III. SECURITYFOCUS NEWS ARTICLES
1. RIAA messaging gambit faces countermeasures
2. Rise of the Spam Zombies
3. RIAA cashes in on file-swapping students
4. Computer crime sentences are 'not good enough'
IV.SECURITYFOCUS TOP 6 TOOLS
1. SSHVnc v0.0.1 Alpha
2. msulogin v0.9
3. Jeb Perl Ping Stats v1.4.4
4. Prelude Library v0.8.5
5. dnsreflector v1.02
6. Epylog v0.9.0
V. SECURITYJOBS LIST SUMMARY
1. Newtork Security Engineers (Thread)
2. Security Officer (Thread)
3. Security Manager (Thread)
4. Senior Account Executive (Thread)
5. Inside Sales Reps Needed - Security Software (Thread)
6. RESUME - CSO / CTO / Sr. Security Eng. (Thread)
7. Manager, Development - Enterprise Security (Thread)
8. Security Manager Germany 200k Euros (Thread)
9. Information Security Consultant Needed Immediately - SF Bay...
10. Forensics Specialist (Thread)
11. Information Sytems Manager (3DP002) - Information Security...
12. Senior Associate - Secure Network Solutions Team (Thread)
13. Saleperson Needed in Maryland (Thread)
14. Job Offering: Singapore (Thread)
15. Senior Network Security Engineers - Amherst, NY (Thread)
16. searching for a junior computer security engineer position...
17. Seeking Security Archiect role in Toronto Canada (Repost)...
18. Position: IT Security Officer - Baltimore, MD (Thread)
19. Illinois- $90K-$110K - Script Kiddies..... (Thread)
20. Director of QA (Thread)
21. Security Consultant Available (Thread)
22. Information Security Technician - Richmond, VA (Thread)
23. Information Security Evangelist (Paris, France) (Thread)
24. bay area vulnerability researcher available (Thread)
25. Consultant available (Thread)
26. Security Training and Awareness Manager vacancy (Thread)
VI. INCIDENTS LIST SUMMARY
1. Logs showing GET /.hash=... (Thread)
2. UDP packets towards port 38293 (NAV) (Thread)
3. New attack or old Vulnerability Scanner? (Thread)
4. Administrivia: SPAM control, vacation messages, and the like....
5. Odd IIS log entries (Thread)
6. New CodeRed strain? -- UPDATE (Thread)
7. undetected DDOS (Thread)
8. Anyone seen this UDP source port 7001 traffic? (Thread)
9. lots of port 0 scannings (Thread)
10. SMTP Scans (Thread)
11. New CodeRed strain? (Thread)
12. Scans on TCP port 9631 + other unknown ports (Thread)
13. msamba (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Buffer overflow in Microsoft ftp.exe (Thread)
2. shellcode not executing if optimizations are on. (Thread)
3. Windows XP mmc.exe Crash (Thread)
4. smallftpd's version 1.0.2 Directory Transversal Vulnerability...
5. Latest MS SQL Server vulnerabilities revealed. (Thread)
6. Administrivia: Local Windows Overflows (Thread)
7. heap overflow under solaris sparc (Thread)
8. s0h: Remote/Local exploit and patch for regedit.exe. (Thread)
9. defacement stats (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Outlook Security Settings removed (Thread)
2. AD Question (Thread)
3. SecurityFocus Microsoft Newsletter #135 (Thread)
4. Windows 2003 Security Guides (Thread)
IX. SUN FOCUS LIST SUMMARY
1. .exrc file security risks (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Martian Source (Thread)
2. SUMMARY: Linux Security Courses (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Honeypots: Simple, Cost-Effective Detection
By Lance Spitzner
This is the fourth article in an ongoing series on honeypots. This article
will examine the role of honeypots in detection.
http://www.securityfocus.com/infocus/1690
2. Introduction to Simple Oracle Auditing
by Pete Finnigan
This article will introduce the reader to the basics of auditing an Oracle
database. Oracle's RDBMS is a functionally rich product and there are a
number of auditing alternatives available to the reader. Because auditing
Oracle is such a huge subject, doing all of it justice would take an
entire book, so this paper will cover the basics of why, when and how to
conduct an audit. It will also use a couple of good example cases to
illustrate how useful Oracle audit can be to an organization.
http://www.securityfocus.com/infocus/1689
3. Madonna's Borderline MP3 Tactics
By Mark Rasch
The material girl's foul-mouthed revenge on music traders could be
interpreted as a deceptive trade practice, or even outright fraud.
http://www.securityfocus.com/columnists/158
4. Auditing Web Site Authentication, Part Two
By Mark Burnett
This is the second part of a two-part series addressing both of those
issues by establishing a standard audit procedure by which to measure your
own security. This article will explore issues surrounding user privacy,
session authentication, user security, and cookies.
http://www.securityfocus.com/infocus/1691
II. BUGTRAQ SUMMARY
-------------------
1. Truegalerie Unauthorized Administrative Access Vulnerability
BugTraq ID: 7427
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7427
Summary:
Truegalerie is web-based photo album software implemented in PHP and is
available for a variety of platforms including Microsoft Windows and Linux
variant systems.
A vulnerability has been reported for Truegalerie that may result in
unauthorized administrative access. The vulnerability exists due to
insufficient sanitization of some URI values. Specifically, the values for
the URI parameter 'loggedin' are not properly verified.
An attacker can exploit this vulnerability by manipulating the 'loggedin'
URI parameter to obtain administrative access to the site hosting
Truegalerie.
This vulnerability was reported for Truegalerie 1.0.
2. SonicWALL Pro Large HTTP POST Denial of Service Vulnerability
BugTraq ID: 7435
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7435
Summary:
SonicWALL Pro is a hardware firewall that performs stateful packet
inspection. The device can also provide VPN service and NAT. It is
primarily for use in small office/home office (SOHO) environments.
SonicWALL Pro is reported to be prone to a denial of service condition.
This can be triggered by sending an unusually large HTTP POST to the
device's internal interface. The device will reportedly enter a reset
cycle approximately 20 seconds after receiving the POST data, resulting in
a loss of device availability during this period.
This condition may be the result of a buffer in the device's firmware
being overrun, however, this has not been confirmed.
This vulnerability was reported to affect SonicWALL Pro devices running
firmware version 6.4.0.1 and ROM version 5.0.1.0.
It is important to note that a similar vulnerability was previously
reported on SonicWALL devices (BID 2013). It is not known if this is the
same issue that has been reintroduced into the firmware or a separate
issue.
3. Kerio Personal Firewall Firewall Filter Bypass Vulnerability
BugTraq ID: 7436
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7436
Summary:
Kerio Personal Firewall (KPF) is a desktop firewall solution that performs
stateful packet inspection. It runs on Windows NT/2000/XP.
Reportedly KPF suffers from a vulnerability whereby the existing firewall
filters may be bypassed. This vulnerability exists due to the fact that
UDP traffic to and from port 53 (DNS) is allowed. It should be noted that
DNS traffic is enabled so that name resolution will occur.
Allegedly, an attacker may craft a special packet with a source port of 53
and send this packet to a vulnerable system. KPF will allow this packet to
proceed thus bypassing the firewall filters.
KPF implements stateful packet filtering for its firewall and as such,
unsolicited traffic, as described above, is unlikely to get through the
firewall.
This vulnerability has not been confirmed by the vendor.
4. Xoops MyTextSanitizer HTML Injection Vulnerability
BugTraq ID: 7434
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7434
Summary:
Xoops is open-source, freely available web portal software written in
object-oriented PHP. It is back-ended by a MySQL database and will run on
most Unix and Linux distributions.
The MyTextSanitizer script is used by Xoops to filter unsupported and
malicious characters. It is also capable of filtering malicious scripts.
A script code injection vulnerability has been discovered in the
MyTextSanitizer script. The problem occurs due to insufficient filtering
of script code embedded within HTML 'img' tags. As a result, an attacker
may be capable of placing malicious HTML or script code within 'newbb'
posts, private messages, and news posts.
Successful exploitation of this vulnerability may allow a malicious Xoops
user to execute arbitrary HTML or script code within the browser of a
legitimate user. This may allow for the theft of cookie-based
authentication credentials that may escalate to session hijacking. Other
attacks are also possible.
This vulnerability affects Xoops releases prior to 1.3.10 and 2.0.1.
5. Linux-ATM LES Command Line Argument Buffer Overflow Vulnerability
BugTraq ID: 7437
Remote: No
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7437
Summary:
Linux-atm is a set of drivers and tools designed to support ATM networking
under Linux.
The linux-atm 'les' executable has been reported prone to a buffer
overflow vulnerability.
This issue is due to a lack of sufficient bounds checking performed on
data supplied via the '-f' command line argument to the 'les' executable.
Excessive supplied data may overrun the bounds of an internal memory
buffer (of approximately 244 bytes in size) and corrupt adjacent memory.
Because adjacent memory may contain values that are crucial to the control
of execution flow, arbitrary code execution is possible.
Although this vulnerability reportedly affects linux-atm 2.4.0, previous
versions may also be affected.
It should be noted that it is not currently known whether this application
requires elevated privileges to run. No distributions are currently known
which install LES setuid.
6. Alt-N WebAdmin Remote File Viewing Vulnerability
BugTraq ID: 7438
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7438
Summary:
Alt-N WebAdmin is an optional component for MDaemon and RelayFax that
allows remote administration.
It has been reported that a remote user is able to view files on the
underlying system by submitting an HTTP request to the WebAdmin server.
The user must have administrative privileges in WebAdmin in order to
exploit this vulnerability.
If WebAdmin is installed under IIS, the attacker would only be able to
access files to which the IWAM_MACHINENAME account has access. The path
and name of the file to be viewed must also be known.
7. Alt-N WebAdmin Remote File Disclosure Vulnerability
BugTraq ID: 7439
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7439
Summary:
Alt-N WebAdmin is an optional component for MDaemon and RelayFax that
allows remote administration.
It has been reported that a remote user is able to discover the
installation directory of certain software on the underlying system by
submitting an HTTP request to the WebAdmin server. The user must have
administrative privileges in WebAdmin in order to exploit this
vulnerability.
The software affected is the MDaemon and RelayFax software. This could
lead to an attacker gaining sensitive information about a vulnerable
system, and potentially launching more organized attack against system
resources.
8. Invision Board Restricted Forum Plaintext Password Vulnerability
BugTraq ID: 7440
Remote: No
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7440
Summary:
Invision Board is an online bulletin board designed to facilitate
forum-based conversation.
Invision Board has been reported to store restricted forum credentials as
plain text embedded in cookie data.
If the Invision Board admin 'pass protected' option is activated for a
specific forum, on attempted access to the controlled area, the restricted
forum password is reportedly stored as plaintext in a local cookie. The
plaintext password may be recovered from the local cookie and used to
bypass the authentication method used to restrict the private areas of the
board.
It should be noted that although unconfirmed this vulnerability was
reported to affect all versions of Invision Power Board.
9. Onecenter Forum IMG Tag Script Injection Vulnerability
BugTraq ID: 7441
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7441
Summary:
OneCenter ForumOne 4.0 is a full-featured, web-based group discussion
forum.
A problem with Onecenter ForumOne could allow remote users to execute
arbitrary code in the context of the web site hosting ForumOne. The
problem occurs due to the lack of sanitization performed on data embedded
within HTML tags.
Specifically, Onecenter ForumOne does not sanitize code embedded within
HTML IMG tags. As a result, a malicious user may be able to submit a post
to the site containing embedded script code. This code would be executed
by a user's browser in the context of the site.
This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. The attacker may hijack the session of the legitimate by using
cookie-based authentication credentials. Other attacks are also possible.
Altough this vulnerability was reported to affect OneCenter ForumOne
version 4.0, previous version may also be affected.
10. SGI IRIX Name Service Daemon LDAP UserPassword Bypass Vulnerability
BugTraq ID: 7442
Remote: No
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7442
Summary:
IRIX is a UNIX operating system variant distributed and maintained by SGI.
A problem in the software may make unauthorized access to systems
possible.
It has been reported that the SGI IRIX implementation of LDAP does not
properly handle some attributes from LDAP Servers. Because of this, it
may be possible for a user to gain unauthorized access.
The problem is in the checking of the USERPASSWORD attribute. When the
name service daemon (nsd) is enabled and using LDAP for authentication of
users, it does not properly check the password database for the
USERPASSWORD attribute. Although it is unclear how this problem may allow
an attacker to gain access to the system, it has been reported that this
issue could result in an unauthorized access.
11. Macromedia ColdFusion MX Error Message Path Disclosure Vulnerability
BugTraq ID: 7443
Remote: Yes
Date Published: Apr 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7443
Summary:
ColdFusion MX is the application server for developing and hosting
infrastructure distributed by Macromedia. It is available as a standalone
product for Unix, Linux, and Microsoft Operating Systems.
A vulnerability has been reported for Macromedia ColdFusion MX that may
reveal the physical path information to attackers.
When certain malformed URL requests are received by the server, an error
message is returned containing the full path of the ColdFusion
installation. Specifically, when a request for the /CFIDE/probe.cfm page
is made on the server process on port 8500, an error message is returned
which contains path information.
Information obtained in this manner may be used by an attacker to launch
further attacks against a vulnerable system.
12. Mike Bobbit Album.PL Remote Command Execution Vulnerability
BugTraq ID: 7444
Remote: Yes
Date Published: Apr 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7444
Summary:
Mike Bobbit Album.pl is a web-based photo album implemented in Perl. It is
available for a variety of platforms including Windows and Linux variant
operating systems.
A remote command execution vulnerability has been reported for Album.pl.
The vulnerability reportedly exists when alternate configuration files are
used. Thus, it may be possible for a remote attacker to execute arbitrary
commands in the context of the web server process.
A remote attacker may exploit this condition to gain local, interactive
access to the underlying host.
The precise technical details of this vulnerability are currently unknown.
This BID will be updated as further information is available.
13. Alt-N MDaemon POP Server DELE Command Buffer Overflow Vulnerability
BugTraq ID: 7445
Remote: Yes
Date Published: Apr 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7445
Summary:
Alt-N MDaemon is a Microsoft Windows based mail server product.
A buffer overflow vulnerability has been reported for MDaemon. The
vulnerability is due to inadequate bounds checking on the 'DELE' POP
server command.
An attacker can exploit this vulnerability by submitting a very large
value for the DELE command to the POP server. When the POP server receives
this command, it will trigger the overflow condition and will cause
MDaemon to crash.
Although unconfirmed, it may be possible for a remote attacker to exploit
this issue to execute arbitrary system commands with the privileges of the
MDaemon process.
This vulnerability was reported for MDaemon versions 6.0.7 and later.
This issue is very similar to the issue described in BID 6053.
14. Alt-N MDaemon IMAP Server Folder Creation Buffer Overflow Vulnerability
BugTraq ID: 7446
Remote: Yes
Date Published: Apr 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7446
Summary:
Alt-N MDaemon is a Microsoft Windows based mail server product.
A buffer overflow vulnerability has been reported for the MDaemon IMAP
server. The vulnerability exists when IMAP folders are created.
Specifically, MDaemon does not perform adequate bounds checks when
processing the the CREATE command.
A malicious IMAP user is able to issue a CREATE command with an overly
long value, consisting of greater than 2000 characters, to the vulnerable
MDaemon server. Upon processing this malicious user-input, the buffer
overflow condition will be triggered which may result in code execution
with elevated privileges.
This vulnerability was reported to affect MDaemon 6.7.5 and later.
15. Qualcomm Qpopper Poppassd Local Arbitrary Command Execution Vulnerability
BugTraq ID: 7447
Remote: No
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7447
Summary:
Qualcomm Qpopper poppassd is a daemon that facilitates the modification of
email account passwords.
Qualcomm Qpopper poppassd has been reported prone to a local arbitrary
command execution vulnerability.
poppassd is installed with setUID root permissions set by default and is
executable by all local system users. There has been an issue reported in
poppassd that may allow a local user to execute arbitrary commands in the
context of the root user. An attacker may specify a path to the
'smbpasswd' executable via the '-s' poppassd command line switch. A
malicious executable may be supplied via the path to 'smbpasswd' option,
for example '-s /tmp/smbpasswd' and the executable will be called as
poppassd is run.
An attacker may exploit this condition to elevate privileges on the local
system. Because poppassd is by default setUID root, privileges attained
may be root.
16. Apache Mod_Auth_Any Remote Command Execution Vulnerability
BugTraq ID: 7448
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7448
Summary:
mod_auth_any is an Apache module designed to carry out user authentication
using any program via the command-line.
A vulnerability has been discovered in the mod_auth_any Apache module.
When running commands which require user-supplied arguments, mod_auth_any
fails to sufficiently escape various user-supplied data. As a result, it
may be possible for a remote attacker to embed malicious shell
metacharacters, such as (`) or (;) within command-line arguments. These
metacharacters may result in the authentication procedure prematurely
ending and may cause attacker-supplied commands to be executed.
Successful exploitation of this vulnerability could allow an attacker to
gain access to a host using the vulnerable software with the privileges of
the Apache HTTPD server.
17. Opera JavaScript Console Single Quote Attribute Injection Vulnerability
BugTraq ID: 7449
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7449
Summary:
Opera is a web client available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
A vulnerability has been reported for Opera 7 browsers for Microsoft
Windows operating systems. The vulnerability exists in Opera's JavaScript
console program. The console program consists of three HTML files, one of
which is 'console.html'. Any unhandled exceptions thrown by any JavaScript
are listed in the console and are converted into clickable links.
The vulnerability is present in the regular expressions used by
'console.html' to format exception messages. Specifically, exception
messages are not parsed for quote characters. It is possible, by inserting
of single quote (') characters, to add additional attributes to URIs that
may make it possible to execute arbitrary attacker-supplied script code
through the file:// URI handler. This may lead to disclosure of local
file contents to remote attackers.
This issue is a variant of the vulnerability described in BID 6755, using
single quote characters instead of double quotes. It is reported that
this variant also affects patched versions of the browser. Opera 7.10
attempts to address this issue by sanitizing single quote characters, but
is still prone to the issue if the hexadecimal code for the single quote
HTML entity is used.
18. Opera 6/7 Remote Heap Corruption Vulnerability
BugTraq ID: 7450
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7450
Summary:
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
A vulnerability has been reported for Opera versions 7.10 and earlier, on
the Microsoft Windows platform. The problem is said to occur due to
insufficient bounds checking on filename extensions. As a result, it may
be possible for an attacker to corrupt heap-based memory. This may allow
for the execution of arbitrary code or a prolonged denial of service.
If this issue were exploited, Opera may continuously crash until the
'dcache4.url' file has been deleted. This is due to the malicious filename
being stored within the cache-index.
19. 3D-FTP Client Buffer Overflow Vulnerability
BugTraq ID: 7451
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7451
Summary:
3D-FTP is a lightweight FTP client application for Microsoft Windows.
It has been reported that 3D-FTP client may be prone to a buffer overflow
condition. This issue is due to the client not implementing sufficient
bounds checking on banner data copied into local memory buffers.
When the FTP client receives a FTP banner that contains an excessive
amount of data it becomes unstable. It has been reported that this
vulnerability can be reproduced by sending an FTP banner of 8192 bytes or
more to a vulnerable client. When the client reads in the banner,
sensitive regions of memory may be corrupted with attacker-supplied
values.
It may be possible for attackers to leverage this vulnerability to execute
instructions. Any code executed would be in the security context of the
FTP client process.
20. HP Tru64 Installation Software Insecure File Creation Vulnerability
BugTraq ID: 7452
Remote: No
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7452
Summary:
HP has reported a vulnerability in various Tru64 installation and updating
software. The problem occurs in the 'dupatch' and 'setld' utilities and
may allow an attacker to trigger a denial of service or possibly execute
commands with elevated privileges.
The vulnerability lies in the method that the utilities use to create
files, likely temporary files used during installation procedures. It is
not currently known whether the problem is a result of a race condition
during file creation, or the use of predictable temporary file names.
However, it is known that a symbolic attack can be carried out against
this vulnerability, making a variety of potential outcomes possible.
21. Sun Solaris Lofiadm Kernel Memory Leak Denial Of Service Vulnerability
BugTraq ID: 7454
Remote: No
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7454
Summary:
lofiadm is an application used to administer 'lofi', the loopback file
driver. lofi allows a file to be associated with a block device. That file
can then be accessed through the block device.
lofiadm has been reported prone to a DoS vulnerability. An unprivileged
user may reportedly employ the lofiadm application to induce a kernel
memory leak on Solaris 8. The kernel memory leak may consume system
resources and result, over time, in system performance degradation or a
critical exception. Requiring a server reboot.
An attacker may exploit this vulnerability to trigger a persistent denial
of service condition on an affected server.
Further details of this vulnerability are currently unknown. This BID will
be updated as further information becomes available.
22. Oracle Net Services Link Buffer Overflow Vulnerability
BugTraq ID: 7453
Remote: Yes
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7453
Summary:
Oracle has announced a buffer overflow vulnerability in Oracle Net
Services for the Oracle Database Server.
The vulnerability exists due to insufficient boundary checks performed by
the Oracle server for values supplied to the 'CREATE DATABASE LINK' query.
The 'CREATE DATABASE LINK' privileges are assigned to the CONNECT role
thus low privileged accounts are able to create database links.
A malicious attacker with CONNECT privileges can exploit this
vulnerability to create a specially crafted database link and then
executing a select query from the link. Once the link is selected the
buffer overflow condition will be triggered resulting in the corruption of
sensitive stack memory. Successful exploitation will result in the
execution of attacker-supplied code with the privileges of the database
server. On Windows systems, the Oracle Database Server is executed with
SYSTEM privileges and on Unix and Linux systems, the Database Server runs
as the 'oracle' user.
23. Netscape Navigator Directory Cross-Domain Scripting Vulnerability
BugTraq ID: 7456
Remote: Yes
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7456
Summary:
Netscape is a web browser which is available for a number of platforms,
including Microsoft Windows and Unix and Linux variants.
A vulnerability has been reported that could allow an attacker to fool
Netscape into running script in a foreign domain. If a dot (.) is
appended to the end of the hostname in a URI, Netscape may accept the
directory name as the actual domain. This could permit a malicious web
page to access the DOM (Document Object Model) of another foreign domain.
An attacker could exploit this by enticing a user to visit a malicious URI
and then running malicious script code which can access the properties of
a foreign domain. This could lead to theft of cookie-based authentication
credentials, information disclosure or other attacks.
This issue was reported for Netscape Navigator 7.02. It is likely that
other versions of Netscape are vulnerable to this issue. As well, browsers
based on Mozilla may be vulnerable too.
24. Sun Solaris RPCbind Unspecified Denial of Service Vulnerability
BugTraq ID: 7455
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7455
Summary:
rpcbind is a server that converts RPC program numbers into universal
addresses. It must be running on the host to be able to make RPC calls on
a server on that machine.
Sun Solaris rpcbind has been reported prone to an unspecified denial of
service vulnerability.
The vulnerability has been reported to affect Solaris rpcbind
implementations and could make it possible for remote users to deny
service to legitimate users of RPC dependent services.
An attacker may exploit this vulnerability to remotely trigger a
persistent denial of service condition on the affected rpcbind service.
Further details of this vulnerability are currently unknown. This BID will
be updated as further information becomes available.
25. Sun Ray Smart Card Removal Session Logout Failure Vulnerability
BugTraq ID: 7457
Remote: No
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7457
Summary:
Sun Ray is a thin-client appliance meant to process all input and output
for a user and to manage communication with the shared Sun Ray server. Sun
Ray Server Software (SRSS) versions 1.3 and 2.0 are prone to an issue
where a session may be left open after a Smart Card is quickly removed.
Sun Ray clients have a smart card reader that facilitates authentication
against a Sun Ray server. A situation where a smart card is quickly
removed, reinserted, and removed again will not log a user out of the Sun
Ray client.
This vulnerability may cause a situation where an unauthorized individual
may have access to a victim user's Sun Ray session.
26. Auerswald COMsuite CTI Application Weak Default Password Vulnerability
BugTraq ID: 7458
Remote: Yes
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7458
Summary:
Auerswald COMsuite is an application suite intended to integrate Telephone
functionality into the Windows environment. The COMsuite CTI (Computer
Telephony Integration) application is designed to automate many manual
telephone functions.
Auerswald COMsuite CTI application has been reported prone to weak default
password vulnerability.
It has been reported that, when installed, the CTI control center creates
a user "runasositron" to enable operating system interaction. A problem
exists in a low entropy password used to control access to the account.
The password is easily guessed using readily available tools.
Once the password is retrieved the "runasositron" account can be used
locally and remotely to access the Windows PC on which COMsuite is
installed.
27. HP-UX RExec Remote Username Flag Local Buffer Overrun Vulnerability
BugTraq ID: 7459
Remote: No
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7459
Summary:
HP-UX is the Unix operating system variant maintained and distributed by
HP.
It has been reported that a problem in the rexec program included with
some versions of HP-UX may be vulnerable to a boundary condition error.
It may be possible for a local user to exploit this vulnerability to gain
elevated privileges on the system.
The rexec program does not properly check bounds in the remote username
flag (-l). This results in a stack overrun that may be exploited by a
malicious local user to execute arbitrary instructions. As the rexec
program is typically a setuid program, exploitation could result in
compromise of the administrative account on a vulnerable system.
This problem has been reported in version 10.20 of HP-UX, but may also
affect other versions.
28. Worker Filemanager Directory Creation Race Condition Vulnerability
BugTraq ID: 7460
Remote: No
Date Published: Apr 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7460
Summary:
Worker is a file management utility for the Unix X windowing system. It is
modeled after the Directory Opus 4 application and is available for
Unix-based operating systems.
A vulnerability has been discovered in Worker Filemanager 2.7. The problem
lies in a destination directory that is given world-readable and
executable permissions during data transfer. As a result, during a
specific time window, an attacker may be capable of modifying or accessing
sensitive files located in the directory. Permissions are changed to a
secure setting after the data transfer has completed.
Files located in this directory may contain sensitive data, which may aid
an attacker in launching further attacks against a target system. Though
unconfirmed, if these temporarily accessible files are writeable and later
used by a user or some application to carry out an operation, an attacker
may be capable of corrupting data or executing malicious commands. All
actions carried out would be done with the privileges of the user running
Worker Filemanager, possibly root.
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. RIAA messaging gambit faces countermeasures
By Kevin Poulsen
Peer-to-peer techies use IP blacklists and specialty software to deal with
copyright police.
http://www.securityfocus.com/news/4359
2. Rise of the Spam Zombies
By Kevin Poulsen
Spammers are breaking into home computers and turning them into e-mail
laundering machines.
http://www.securityfocus.com/news/4217
3. RIAA cashes in on file-swapping students
By Ashlee Vance, The Register
The RIAA has tacked on $59,500 to the amount four college students must
pay in addition to their student loans.
http://www.securityfocus.com/news/4403
4. Computer crime sentences are 'not good enough'
By John Leyden, The Register May 2 2003 6:15AM
A senior policeman has called for higher sentences to combat hi-tech
crime. Detective Superintendent Mick Deats, second in command of Britain's
National High Tech Crime Unit, said that computer crime sentences are "not
good enough".
http://www.securityfocus.com/news/4401
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. SSHVnc v0.0.1 Alpha
by Lee David Painter
Relevant URL:
http://www.sshtools.com
Platforms: Os Independent
Summary:
SSHVnc is a standalone Java VNC viewer that secures VNC a ccess by
integrating the popular TightVNC viewer with the SSH Tools Java SSH API.
It features a clean and easy to use interf ace.
2. msulogin v0.9
by Solar Designer
Relevant URL:
http://www.openwall.com/msulogin/
Platforms: Linux, POSIX, UNIX
Summary:
msulogin is the single-user mode login program used to force the console
user to login under a root account before a shell is started. Unlike other
implementations of sulogin, this one supports having multiple root
accounts on a system. msulogin has been developed as a part of Openwall
GNU/*/Linux and is being made available separately primarily for use by
other distributions. Currently, msulogin supports only systems with shadow
passwords and getspnam(3).
3. Jeb Perl Ping Stats v1.4.4
by Jean-Edouard BABIN Jeb (at) jeb.com (dot) fr [email concealed]
Relevant URL:
http://www.jeb.be/codingstuff/
Platforms: N/A
Summary:
JPPS (Jeb Perl Ping Stats) is a Perl script which extracts statistics from
the output generated by the 'ping' command.
4. Prelude Library v0.8.5
by yoann
Relevant URL:
http://www.prelude-ids.org/
Platforms: POSIX
Summary:
The Prelude Library is a collection of generic functions providing
communication between the Prelude Hybrid IDS suite's components. It
provides a convenient interface for sending alerts to Prelude Manager with
transparent SSL, failover and replication support, asynchronous events and
timer interfaces, an abstracted configuration API (hooking at the
commandline, the configuration line, or wide configuration, available from
the Manager), and a generic plugin API. It allows you to easily turn your
favorite security program into a Prelude sensor.
5. dnsreflector v1.02
by Armin Wolfermann
Relevant URL:
http://www.wolfermann.org/dnsreflector.html
Platforms: OpenBSD
Summary:
The dnsreflector daemon listens for DNS queries on a local UDP port and
answers with records pointing back to localhost. Combined with OpenBSD's
packet filter pf(4), this works as a bandwidth efficient spamtrap.
6. Epylog v0.9.0
by Konstantin Riabitsev
Relevant URL:
http://linux.duke.edu/projects/epylog/
Platforms: UNIX
Summary:
Epylog is a log notifier and parser that periodically tails system logs on
Unix systems, parses the output in order to present it in an easily
readable format (parsing modules currently exist only for Linux), and
mails the final report to the administrator. It can run daily or hourly.
Epylog is written specifically for large clusters where many systems log
to a single loghost using syslog or syslog-ng. Although Epylog can be used
on standalone systems, other packages (like logwatch) are probably better
suited for such purposes.
V. SECURITY JOBS SUMMARY
------------------------
1. Newtork Security Engineers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320121
2. Security Officer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320120
3. Security Manager (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320117
4. Senior Account Executive (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320118
5. Inside Sales Reps Needed - Security Software (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320116
6. RESUME - CSO / CTO / Sr. Security Eng. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320084
7. Manager, Development - Enterprise Security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320062
8. Security Manager Germany 200k Euros (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320066
9. Information Security Consultant Needed Immediately - SF Bay Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320065
10. Forensics Specialist (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320085
11. Information Sytems Manager (3DP002) - Information Security Officer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320070
12. Senior Associate - Secure Network Solutions Team (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320076
13. Saleperson Needed in Maryland (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320083
14. Job Offering: Singapore (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320075
15. Senior Network Security Engineers - Amherst, NY (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320073
16. searching for a junior computer security engineer position (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320072
17. Seeking Security Archiect role in Toronto Canada (Repost) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320080
18. Position: IT Security Officer - Baltimore, MD (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320079
19. Illinois- $90K-$110K - Script Kiddies..... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320061
20. Director of QA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/319871
21. Security Consultant Available (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/320078
22. Information Security Technician - Richmond, VA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/319873
23. Information Security Evangelist (Paris, France) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/319872
24. bay area vulnerability researcher available (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/319870
25. Consultant available (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/319785
26. Security Training and Awareness Manager vacancy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/319784
VI. INCIDENTS LIST SUMMARY
-------------------------
1. Logs showing GET /.hash=... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/320243
2. UDP packets towards port 38293 (NAV) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/320102
3. New attack or old Vulnerability Scanner? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/320058
4. Administrivia: SPAM control, vacation messages, and the like. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/320039
5. Odd IIS log entries (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/320041
6. New CodeRed strain? -- UPDATE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/320040
7. undetected DDOS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319982
8. Anyone seen this UDP source port 7001 traffic? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319983
9. lots of port 0 scannings (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319981
10. SMTP Scans (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319977
11. New CodeRed strain? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319843
12. Scans on TCP port 9631 + other unknown ports (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319743
13. msamba (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/319742
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. Buffer overflow in Microsoft ftp.exe (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/320099
2. shellcode not executing if optimizations are on. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/320097
3. Windows XP mmc.exe Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/320096
4. smallftpd's version 1.0.2 Directory Transversal Vulnerability (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/320016
5. Latest MS SQL Server vulnerabilities revealed. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/320023
6. Administrivia: Local Windows Overflows (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/319970
7. heap overflow under solaris sparc (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/319887
8. s0h: Remote/Local exploit and patch for regedit.exe. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/319905
9. defacement stats (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/319888
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Outlook Security Settings removed (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/320115
2. AD Question (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/320113
3. SecurityFocus Microsoft Newsletter #135 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/319876
4. Windows 2003 Security Guides (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/319711
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. .exrc file security risks (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/320229
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Martian Source (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/320231
2. SUMMARY: Linux Security Courses (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/319988
XI. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Vigilar
FREE Linksys Wireless Access Point When You Register for ANY Vigilar
Security Course!
Why Train With Anyone Other Than Security Experts When Seeking
Certification?
** Courses Offered Nationwide with 100% Satisfaction Guarantee.
** 30% Discount off select CISSP and Check Point Courses!
** Courses: CISSP, Security+, Ethical Hacking, CWP® (Certified Wireless
Professional), CISCO Security & more!
Take Advantage of Vigilar's Pass Rate (95%) Today- The Highest in the
Industry!
Visit us at: http://www.securityfocus.com/Vigilar-sf-news
------------------------------------------------------------------------
------
[ reply ]