Zone Labs is the most trusted provider of endpoint security solutions.
Proven in over 800+ enterprises around the globe, our centrally-managed
endpoint security solution, Zone Labs Integrity?, proactively protects
network endpoint PCs and assures security policy enforcement enterprise-
wide. Learn how to protect your enterprise by default. Download our
security white paper, "The Future of Enterprise Hacker Attacks: How to
Protect Your Network Endpoint PCs".
I. FRONT AND CENTER
1. Fighting Internet Worms With Honeypots
2. Web Security Appliance With Apache and mod_security
3. Joe Average User Is In Trouble
II. BUGTRAQ SUMMARY
1. Eric S. Raymond Fetchmail Unspecified Denial of Service Vuln...
2. Oracle Database Server Oracle Binary Local Buffer Overflow V...
3. Oracle Database Server OracleO Binary Local Buffer Overflow ...
4. Multiple GDM Local Denial Of Service Vulnerabilities
5. GoldLink Cookie SQL Injection Vulnerability
6. PHP-Nuke Search Field Path Disclosure Vulnerability
7. Geeklog Forgot Password SQL Injection Vulnerability
8. Bytehoard File Disclosure Vulnerability
9. CPCommerce Functions Remote File Include Vulnerability
10. Caucho Resin Multiple HTML Injection and Cross-site Scriptin...
11. Opera HREF Malformed Server Name Heap Corruption Vulnerabili...
12. Emule Web Control Panel HTTP Login Long Password Denial of S...
13. Origo ADSL Router Remote Administrative Interface Configurat...
14. DeskPro Multiple SQL Injection Vulnerabilities
15. Sun Java Cross-Site Applet Sandbox Security Model Violation ...
16. Gast Arbeiter File Upload Validation Vulnerability
17. HP OpenView Network Node Manager Denial Of Service Vulnerabi...
18. Dansie Shopping Cart Server Error Message Installation Path ...
19. Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov...
20. Vivisimo Clustering Engine Search Script Cross-Site Scriptin...
21. FuzzyMonkey MyClassifieds Email Variable SQL Injection Vulne...
22. SCO OpenServer Insecure Temporary File Vulnerabilities
23. HP Servicecontrol Manager Unauthorized Access Vulnerability
24. Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities
25. Sun Java Unauthorized Java Applet Floppy Access Weakness
26. PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulner...
27. PGPDisk Switched User Unauthorized Access Weakness
28. My Photo Gallery Unspecified Vulnerability
29. Sun Management Center Error Message Information Disclosure V...
30. Microsoft Internet Explorer Scrollbar-Base-Color Partial Den...
31. Coreutils LS Width Argument Integer Overflow Vulnerability
32. DansGuardian Denied URL Cross-Site Scripting Vulnerability
33. Sylpheed-Claws Mail Client SMTP Error Reporting Format Strin...
34. HP Management Software Web Agents Unspecified Unauthorized A...
35. Sun Java Virtual Machine Slash Path Security Model Circumven...
36. mIRC DCC SEND Variant Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Justice e-censorship gaffe sparks controversy
2. Senators propose Patriot Act limitations
3. Prosecutors admit error in whistleblower conviction
4. Email scammers target Halifax, Nationwide, Citibank
5. Halifax suspends e-banking site after phishing attack
6. Tech ignorance, vague laws lead to mistaken conviction
IV. SECURITYFOCUS TOP 6 TOOLS
1. AntiSpam Mail Filter v1.2
2. testmail v3.1.6
3. Astaro Security Linux (Stable 4.x) v4.016
4. Yet Another antiVirus Recipe v1.7.5
5. GPA (GNU Privacy Assistant) v0.7.0
6. Prelude Log Monitoring Lackey v 0.8.6
V. SECURITYJOBS LIST SUMMARY
1. Needed CISSP/GIAC Certified Instructors in Bay Area/... (Thread)
2. Senior Analyst/Systems Rosslyn, Virginia (Thread)
3. Ethical Hacker and Information Security Expert (Thread)
4. Interests outside the USA (Thread)
5. Anyone know of more Canadian focused lists? (Thread)
6. Symantec Looking for Mgr, Educational Services - Wal... (Thread)
7. Seeking a position in Network Security (Thread)
8. Seeking Job oportunities in México (Thread)
9. Manager of Customer Operations - India - Neoteris (Thread)
10. Network Security Analyst, Mechanicsburg, PA (Thread)
11. Techncial Support Engineer - Silicon Valley - Neoter... (Thread)
12. New Articles @ SecurityFocus (Thread)
13. Kirkland, WA - Software Implementation Project Manag... (Thread)
14. SecurityFocus.com Webmaster (Thread)
15. Looking for an xForce Vulnerability Research Enginee... (Thread)
16. UK Internal IT Security Sales Executive (Thread)
17. Exciting Opportunity for a Principal Information Ass... (Thread)
18. Security/ Infrastructure Support positions available... (Thread)
19. R1935 IDS Software Quality Engineer (Thread)
20. Web Application/Application Security Engineer - SF B... (Thread)
21. Customer Support Manager-Security-Silicon Valley-Sun... (Thread)
22. Senior Network Security/Firewall Engineer (Permanent... (Thread)
23. Information Seurity Policy Analyst - Located in Wash... (Thread)
24. Information Security Analyst - Washington, D.C. (Thread)
25. QA Lead Engineer- Sunnyvale, CA (Thread)
26. Sr Technical Account Director (Sales) (Thread)
27. Senior Regional Manager (Security Software Company) (Thread)
28. Zone Labs-Security Researcher-San Francisco (Thread)
29. IT Security Engineer with 5 years experience - CISSP (Thread)
30. Infrastructure Security Specialist - Wilmington DE ... (Thread)
31. "SecurityGuys", a securityjobs-like brazilian distri... (Thread)
32. US-MD-Columbia-R1933 Secruity Research Engineer (Thread)
33. Lead QA Engineer (Thread)
34. NetScreen Technologies - Sr. Systems Engineer - Dall... (Thread)
35. WLAN Security Company seeks Sales Engineer in San Fr... (Thread)
36. How about the recruiters? (Thread)
37. Information Security Recruitment Stars (Thread)
38. Senior Linux Kernel Security Developer - Silicon Val... (Thread)
39. Seeking Employment: Ethical Hacker / Penetration Tes... (Thread)
40. Seniors, Ernst and Young's Security and Technology S... (Thread)
41. looking for security position in ri/eastern ma/weste... (Thread)
42. Security and/or IT audit: Los Angeles (Thread)
VI. INCIDENTS LIST SUMMARY
1. New Trojan (Thread)
2. [inbox] RE: Bogus DNS traffic (Thread)
3. Need help to find web server attacks signature (Thread)
4. OpenNIC "attack?" (Thread)
5. [despammed] Bogus DNS traffic (Thread)
6. Bogus DNS traffic (Thread)
7. Odd MS-SQL scan. (Thread)
8. Odd MS-Sql scans. (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. TCP on multicast (Solaris) (Thread)
2. win32 heap overflow exploitation (Thread)
3. "Local" and "Remote" considered insufficient (Thread)
4. Shattering XP Buttons (Thread)
5. Question about Data type in VB.NET (Thread)
6. IIS leaks Internal IP, Again (already reported) (Thread)
7. IIS leak internal IP, Again? (Thread)
8. Gast Arbeiter Privilege Escalation (Thread)
9. Delphi and buffer overflows (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Terminal Services Auditing? (Thread)
2. Auditing enabled but Logon Failures not showing up (Thread)
3. DOT NET & J2EE (Thread)
4. RSA key pair lifetime expiration (Thread)
5. Terminal Services Manager as a non-admin user. (Thread)
6. group policy and NT policy editor (Thread)
7. Article Announcement: Disclosure Plan Won't Help (Thread)
8. group policy question (Thread)
9. SecurityFocus Microsoft Newsletter #159 (Thread)
10. RE : Blocking and allowing ActiveX (Thread)
11. automating reboot (was RE: RPC Scan Issues) (Thread)
IX. SUN FOCUS LIST SUMMARY
1. ipf, Sunscreen or ? (Thread)
2. 64-bit GCC (was: ipf, Sunscreen or ?) (Thread)
3. Information disclosure with SMC webserver on Solaris... (Thread)
4. Problems updating Stonghold on Solaris (Thread)
5. New SecurityFocus article (Thread)
6. Solaris 8 SSH Issues. (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Fw: AntiVirus for Red Hat 9? (Thread)
2. AntiVirus for Red Hat 9? (Thread)
3. New Articles on SecurityFocus (Thread)
4. NFS replacements for Linux (Thread)
5. Synflooding a Linux (Thread)
6. New SecurityFocus Article (Thread)
7. [despammed] Synflooding a Linux (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Fighting Internet Worms With Honeypots
By Laurent Oudot
This paper will evaluate the usefulness of using honeypots to fight
Internet worms, including a discussion on capturing a worm, redirecting
worm traffic to fake services, launching counter attacks to clean infected
hosts, and finally removing the worm or negating its effects.
http://www.securityfocus.com/infocus/1740
2. Web Security Appliance With Apache and mod_security
By Ivan Ristic
This article will demonstrate how you can build your own application
gateway with little effort, using open source components that are widely
available.
http://www.securityfocus.com/infocus/1739
3. Joe Average User Is In Trouble
By Scott Granneman
As security professionals we're at the forefront, like it or not, and it's
up to us to help lessen the myriad of user problems we see around us.
http://www.securityfocus.com/columnists/193
II. BUGTRAQ SUMMARY
-------------------
1. Eric S. Raymond Fetchmail Unspecified Denial of Service Vuln...
BugTraq ID: 8843
Remote: Yes
Date Published: Oct 16 2003
Relevant URL: http://www.securityfocus.com/bid/8843
Summary:
Fetchmail is a freely available, open source mail retrieval utility. It is
maintained by Eric S. Raymond.
A vulnerability has been reported to be present in the software that may
allow an attacker to cause a denial of service condition in Fetchmail
6.2.4. It has been reported that the problem presents itself when a
specially crafted e-mail message is sent to fetchmail. The precise nature
of this vulnerability is not known at the moment due to a lack of details,
however exploitation of this issue may allow an attacker to cause the
software to crash. Although unconfirmed, it may be possible to execute
arbitrary code on a vulnerable system.
This vulnerability may be related to known issues, however this has not
been confirmed by Symantec. This BID and any other applicable BIDs will be
updated, as further information is available.
Fetchmail 6.2.4 has been reported to be prone to this issue however other
versions may be vulnerable as well.
2. Oracle Database Server Oracle Binary Local Buffer Overflow V...
BugTraq ID: 8844
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8844
Summary:
Oracle is a commercial database product, which is available for a number
of platforms including Microsoft Windows and Unix and Linux variants.
Oracle Database Server 'oracle' binary has been reported prone to a local
buffer overflow vulnerability.
The issue likely presents itself due to a lack of sufficient boundary
checks performed on command line arguments passed to the affected binary.
It has been reported that a local attacker may overflow the bounds of an
insufficient reserved buffer in oracle process memory by passing data
>=9850 bytes to the affected binary as a command line argument. Data that
exceeds the size of the affected buffer will corrupt memory that is
adjacent to the aforementioned buffer. Because variables that are crucial
to controlling execution flow of the affected binary are saved in memory
space that an attacker can corrupt, the attacker may influence oracle
execution flow into attacker-controlled memory. Ultimately this condition
could lead to the execution of arbitrary instructions in the context of
the vulnerable binary, which has been reported to be setuid Oracle user.
It should be noted that while this vulnerability has been reported to
affect Oracle 9i Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86
other versions and platforms might also be affected.
3. Oracle Database Server OracleO Binary Local Buffer Overflow ...
BugTraq ID: 8845
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8845
Summary:
Oracle is a commercial database product, which is available for a number
of platforms including Microsoft Windows and Unix and Linux variants.
Oracle Database Server 'oracleO' binary has been reported prone to a local
buffer overflow vulnerability.
The issue likely presents itself due to a lack of sufficient boundary
checks performed on command line arguments passed to the affected binary.
It has been reported that a local attacker may overflow the bounds of an
insufficient reserved buffer in oracle process memory by passing excessive
data to the affected binary as a command line argument. Data that exceeds
the size of the affected buffer will corrupt memory that is adjacent to
the aforementioned buffer. Because variables that are crucial to
controlling execution flow of the affected binary are saved in memory
space that an attacker may corrupt, the attacker may influence oracle
execution flow into attacker-controlled memory. Ultimately this condition
could lead to the execution of arbitrary instructions in the context of
the vulnerable binary, which has been reported to be setuid Oracle user.
It should be noted that while this vulnerability has been reported to
affect Oracle 9i Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86
other versions and platforms might also be affected.
4. Multiple GDM Local Denial Of Service Vulnerabilities
BugTraq ID: 8846
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8846
Summary:
Gnome Display Manager (GDM) is a utility harnessed by Gnome to manage
various functions when interfacing with X.
GDM has been reported prone to multiple denial of service vulnerabilities
that may be triggered by a local attacker.
It has been reported that GDM does not perform sufficient restrictions on
data that it receives. A local attacker may send excessive amounts of data
to GDM and cause memory resources to be exhausted until the kernel
terminates the process of the affected GDM.
Additionally a separate issue has been reported to affect GDM that may be
exploited by a local attacker to trigger a denial of service of the GDM
utility. The issue has been reported to present itself due to an error
while handling queries, for example version queries or authentication
responses. It has been reported that an attacker may invoke a query
request against GDM and not read the reply, thus triggering GDM into
filling its send buffer. This will have the affect of preventing GDM from
accepting new logins.
A local attacker may exploit these vulnerabilities to deny service to GDM
for legitimate users.
Explicit details regarding this vulnerability are not currently available,
this BID will be updated when further details are released or when more
exhaustive investigation into this condition has been completed.
5. GoldLink Cookie SQL Injection Vulnerability
BugTraq ID: 8847
Remote: Yes
Date Published: Oct 18 2003
Relevant URL: http://www.securityfocus.com/bid/8847
Summary:
GoldLink is a web application that is implemented in PHP.
GoldLink is prone to SQL injection attacks. This vulnerability exists in
the admin.php script. The source of the problem is that the software does
not sufficiently sanitize SQL syntax from data supplied via cookies. This
data will then be used when making database queries. Malicious SQL may be
submitted via the vadmin_login and vadmin_pass cookie fields.
As a result of this issue, it may be possible to manipulate SQL queries,
potentially resulting in information disclosure, bulletin board compromise
or other consequences.
6. PHP-Nuke Search Field Path Disclosure Vulnerability
BugTraq ID: 8848
Remote: Yes
Date Published: Oct 18 2003
Relevant URL: http://www.securityfocus.com/bid/8848
Summary:
PHP-Nuke is prone to a path disclosure vulnerability. Path information
will be displayed in error output when invalid input is supplied in search
fields. In particular, if characters such as ", >, and ' are entered in a
search request, PHP-Nuke will reportedly return the installation path.
This information may allow an attacker to map out the file system on the
host, which could be useful in other attacks.
This issue may be related to a number of previously reported
vulnerabilities in PHP-Nuke. If this is the case, the appropriate BID
will be updated and this BID will be retired. It should also be noted
that the vulnerability may be indicative of a more serious problem, such
as an SQL injection issue. This has not been confirmed by Symantec.
7. Geeklog Forgot Password SQL Injection Vulnerability
BugTraq ID: 8849
Remote: Yes
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8849
Summary:
Geeklog is open-source weblog software. It is written in PHP and will run
on most Unix and Linux variants, as well as Microsoft Windows operating
systems.
An SQL injection vulnerability has been reported in the Geeklog "forgot
password" feature (introduced in Geeklog 1.3.8). This feature allows for
user passwords to be reset.
Due to insufficient sanitization of user-supplied input, it is possible
for remote attacks to influence database queries. In particular, a SELECT
query is made by the software when a user attempts to use the feature to
change a password. It is possible for a remote attacker to include
malicious SQL syntax as an argument for the $rid variable, which
represents the requesting user's ID. It has been demonstrated that this
could be exploited to reset any user's password, including the
administrator.
Due to the nature of this vulnerability, direct attacks against the
database are also possible such as manipulating queries to disclose
sensitive information or attempts to exploit latent vulnerabilities in the
database itself.
8. Bytehoard File Disclosure Vulnerability
BugTraq ID: 8850
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8850
Summary:
Bytehoard is a file storage/transfer application that is implemented in
PHP.
Bytehoard is prone to directory traversal attacks. Remote attackers may
submit requests containing directory traversal sequences to Bytehoard.
This could potentially permit remote attackers to gain unauthorized access
to sensitive files hosted on the system running the software. Files that
are readable to the web server will be accessible to an attacker if this
vulnerability is successfully exploited.
9. CPCommerce Functions Remote File Include Vulnerability
BugTraq ID: 8851
Remote: Yes
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8851
Summary:
cpCommerce is open-source e-commerce software. It is implemented in PHP
and available for Microsoft Windows and Unix/Linux variants.
cpCommerce may allow remote users to influence the include path for PHP
scripts, resulting in execution of arbitrary code.
The vulnerability exists in the _functions.php script, which makes the
following require_once() calls:
If certain PHP configuration directives are enabled, then it is possible
for remote attackers to control the $prefix variable and specify an
include path that points to a malicious PHP script on a remote,
attacker-controlled server. If successfully exploited, an
attacker-specified PHP script will be executed in the context of the web
server process.
10. Caucho Resin Multiple HTML Injection and Cross-site Scriptin...
BugTraq ID: 8852
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8852
Summary:
Caucho Resin is a XML application server that provides support for
servlets and JSP.
Multiple cross-site scripting vulnerabilities have been reported in
various scripts of Caucho. The affected scripts include env.jsp,
form.jsp, session.jsp, and tictactoe.jsp. The 'name' and 'comment' fields
of guestbook.jsp have been reported to be vulnerable to HTML injection.
These issues affect sample scripts included with the software, which may
not be appropriate for use on production systems.
The vulnerabilities are caused by insufficient sanitization of
user-supplied data. HTML and script code will not be filtered from
externally supplied input before being displayed in web pages, therefore
allowing an attacker to construct a link containing malicious HTML or
script code to be executed in a user's browser upon visiting that link.
This attack would occur in the security context of the site running the
vulnerable version of Caucho Resin. Exploitation may also allow attackers
to inject hostile HTML and script code into the sample guestbook.
Successful exploitation of these issues may allow an attack to steal
cookie-based authentication credentials. Other attacks are possible as
well.
Caucho Resin version 2.1 and prior have been reported to be prone to this
issue, however other versions may be affected as well.
11. Opera HREF Malformed Server Name Heap Corruption Vulnerabili...
BugTraq ID: 8853
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8853
Summary:
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS. Opera also
includes the M2 Mail Client, which is a fully featured e-mail client that
supports HTML e-mail.
A vulnerability has been discovered in Opera that could lead to remote
code execution. The issue is said to occur when rendering malformed HTML
HREF server name parameters. Specifically, an illegally escaped server
name of excessive length may trigger a buffer overrun within heap memory.
This could potentially allow an attacker to corrupt heap memory management
structures, possibly leading to the execution flow of the program being
controlled when the memory is later freed.
Successful exploitation of this issue could lead to an attacker executing
arbitrary code on a users system, simply by the victim opening a web site
or HTML e-mail.
It should be noted that, due to the differing heap management algorithms
used across operating systems, it is currently unknown whether or not this
issue can be exploited on all affected platforms.
This vulnerability has been reported to reside in Opera 7.11 and 7.20,
however earlier versions may also be affected.
12. Emule Web Control Panel HTTP Login Long Password Denial of S...
BugTraq ID: 8854
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8854
Summary:
eMule is a freely available, open source peer-to-peer file sharing
application. eMule uses the eDonkey file sharing protocol. It is available
for the BSD, Linux, Microsoft Windows operating systems. eMule includes a
web control panel that allows users to login to the server over the web.
It has been reported that the eMule Web Control Panel HTTP login mechanism
may be prone to denial of service attacks. Reports indicate that the eMule
program expects that login credentials will be received only from the
trusted login form. Specifically, no more then 12 password characters are
expected to be received, and as such eMule does not carry out bounds
checking on this data. However, the eMule login mechanism is said to not
validate the origin of login form information received.
As a result, an attacker may be capable of constructing malicious HTML
form data to transmit excessive password data to the program. Due to
insufficient bounds checking, this will effectively cause memory
corruption and trigger a denial of service. Reports indicated that
password data in excess of 500 to 1000 bytes may be required to trigger
the issue.
It should be noted that, due to the nature of this vulnerability, this
could theoretically lead to arbitrary code execution. This has not been
confirmed however.
13. Origo ADSL Router Remote Administrative Interface Configurat...
BugTraq ID: 8855
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8855
Summary:
Origo ADSL routers are a broadband connectivity solution distributed and
maintained by Origo.
A problem has been identified in some Origo ADSL routers. Due to
insufficient access control, it may be possible for a remote user to gain
unauthorized administrative access to routers, potentially resulting in a
denial of service.
The problem is in the listening of a command line-based administrative
service on port 254. This service is enabled by default, and is not
protected with a password. An attacker could access this interface to
change the router configuration, resulting in a denial of service until
the router is reconfigured. Other attacks against network resources, such
as man-in-the-middle attacks, may also be possible.
This issue is known to affect the ASR-8100 router, though ASR-8400 routers
may also be affected.
14. DeskPro Multiple SQL Injection Vulnerabilities
BugTraq ID: 8856
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8856
Summary:
DeskPro is a commercially-available contact management software package.
It is available for the Unix, Linux, and Microsoft Platforms.
Multiple Vulnerabilities have been reported to exist in DeskPro that may
allow a remote attacker to inject malicious SQL syntax into database
queries. The source of these issues is insufficient sanitization of
user-supplied input.
The problems are reported to exist in various parameters such as cat,
article, and ticketid of the faq.php and view.php modules. It has also
been reported that an attacker may log on to the system as an
administrator by using 'admin' as the Email value and supplying 'or''=' as
the password. These issues exist because vulnerable parameters are not
sanitized for user-supplied input before it is included in the database. A
remote attacker may exploit this issue to influence SQL query logic while
attempting to authenticate to the server.
A malicious user may influence database queries in order to view or modify
sensitive information, potentially compromising the software or the
database. The consequences of exploitation may vary depending on the
underlying database implementation.
DeskPro version 1.1.0 and prior have been reported to be prone to this
issue, however other versions may also be affected.
15. Sun Java Cross-Site Applet Sandbox Security Model Violation ...
BugTraq ID: 8857
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8857
Summary:
A vulnerability has been reported in Java implementations that may
potentially allow Java applets from two different domains to violate the
sandbox security model and share read/write access to data areas. This
vulnerability is made possible through the use of undocumented static
variables of the Java JDK. It is reported that if these variables are
altered, the internal state of the JDK may be corrupted. This could
result in a denial of service but also presents an additional threat of
exposing properties such as applet data to other potentially untrusted
applets.
The issue is reportedly prevalent during XML processing, which depends on
the org.apache.xalan.processor.XSLProcessorVersion class.
The vulnerability violates the principle of isolation that should be
enforced by Java and it is possible for unsigned applets to share
read/write access with signed applets, though it is not known to what
extent this is possible. The lack of data protection could also be used
to interfere with XML processing. This type of issue could potentially
also lead to other attacks against applets, since the security model is
being evaded. This has not been confirmed.
This issue was reported for Java Plug-in 1.4.2_01 on Microsoft Windows
platforms, though it is believed that other platforms are similarly
affected. It is not known if other versions or Java implementations are
also affected.
16. Gast Arbeiter File Upload Validation Vulnerability
BugTraq ID: 8858
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8858
Summary:
Gast Arbeiter is a web-based instant messaging application. It is
implemented in Perl.
Gast Arbeiter allegedly does not sufficiently validate user-supplied input
during uploads. This could be exploited by a remote attacker to upload a
file to an attacker-specified location on the file system hosting the
software. The issue appears to be exploitable by including directory
traversal sequences during a file upload.
Consequences of exploitation include the possibility of corrupting files
on the system or placing files such as malicious scripts in directories
where they may be interpreted (such as in a cgi-bin directory). This will
occur with the privileges of the web server hosting the software. This
may permit remote attackers to gain unauthorized access to a system
hosting the software as well as launch denial of service attacks by
corrupting critical files.
17. HP OpenView Network Node Manager Denial Of Service Vulnerabi...
BugTraq ID: 8859
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8859
Summary:
HP Network Node Manager is a commercial systems management software
package distributed by Hewlett-Packard.
HP has announced that a number of vulnerabilities exist in the OpenView
Network Node Manager (NNM). It has been reported that specially formatted
packets transmitted to a listening TCP port of specific NNM processes may
trigger a memory leak. This would effectively result in the targeted
process crashing or possibly affecting availability of resources on a
system-wide basis.
HP has also reported that NNM is prone to a second separate denial of
service condition, also when handling malformed TCP packets.
The precise details regarding these issues are currently unknown, however
if new information is made available, this BID will be updated
accordingly.
18. Dansie Shopping Cart Server Error Message Installation Path ...
BugTraq ID: 8860
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8860
Summary:
Dansie Shopping Cart is a shopping cart software designed to fulfill
e-commerce needs for a business. The shopping cart is based on Perl.
A vulnerability has been reported to exist in the software that may allow
a remote attacker to obtain the installation path of the software. The
problem is reported to exist due to improper verification of 'db'
parameter of 'cart.pl' script. By supplying a "'" character to the 'db'
parameter, an attacker may disclose the installation path of the software
in the form of an error message.
Successful exploitation of this attack may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
19. Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov...
BugTraq ID: 8861
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8861
Summary:
MERCUR Mailserver is a commercially available mail software solution
distributed and maintained by Atrium Software International. It is
available for the Microsoft Windows platform.
A problem has been reported in MERCUR Mailserver when handling the IMAP
AUTH command. This problem may make it possible for an attacker crash the
service on a vulnerable system.
The problem is in the handling of long arguments to the AUTH command. When
a string of excessive length is supplied to the AUTH command via the PLAIN
option, the process becomes unstable. This is due to a boundary condition
error in the base64 decoding routine.
It is possible for an attacker to exploit this issue to execute arbitrary
instructions. Any instructions executed on a vulnerable host would be
executed with the privileges of the IMAP server process, which in a
typical implementation may execute with SYSTEM privileges.
20. Vivisimo Clustering Engine Search Script Cross-Site Scriptin...
BugTraq ID: 8862
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8862
Summary:
Vivisimo Clustering Engine is a product designed to search or query data
into an organized hierarchy.
It has been reported that Vivisimo Clustering Engine is prone to a
cross-site scripting vulnerability. The problem specifically occurs within
the 'query' parameter passed to the 'search' script. This parameter is not
sufficiently sanitized by the program and as a result may be used by an
attacker to execute arbitrary script code within the browser of a victim
user. This could be accomplished by constructing a malicious link
containing script code embedded within the 'query' URI parameter.
Successful exploitation of this vulnerability may allow an attacker to
steal cookie-based authentication credentials. Other attacks may well be
possible.
21. FuzzyMonkey MyClassifieds Email Variable SQL Injection Vulne...
BugTraq ID: 8863
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8863
Summary:
FuzzyMonkey MyClassifieds is an application for creating and maintaining
online classifieds. MyClassified is written in Perl.
A vulnerability has been reported to exist in the software that may a
remote user to inject malicious SQL syntax into database queries. This
issue is caused by insufficient sanitization of user-supplied data.
The problem may present itself if an attacker inserts malicious SQL code
in the Email variable, which may cause the software to write user
passwords to a world readable file. A remote attacker may exploit this
issue to influence SQL query logic to disclose user password that could be
used to gain unauthorized access.
A malicious user may influence database queries in order to view or modify
sensitive information, and gain unauthorized access by disclosing user
passwords therefore potentially compromising the software or the database.
MyClassifieds version 2.11 has been reported to be prone to this
vulnerability, however other versions may be affected as well.
22. SCO OpenServer Insecure Temporary File Vulnerabilities
BugTraq ID: 8864
Remote: No
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8864
Summary:
SCO has released an advisory for OpenServer 5.0.5 which addresses multiple
instances of scripts creating temporary files insecurely.
The following files are updated by this advisory:
/etc/init.d/VDISK
/etc/init.d/VDRESTORE
/etc/tcp
/usr/lib/mkdev/hostmib
/etc/init.d/hostmib
/etc/nfs
/etc/nis
/etc/rpcinit
/usr/lib/cleantmp
These issues could be exploited by a local attacker to corrupt files via
symbolic link attacks. An attacker may exploit this to cause the
vulnerable scripts to perform operations such as overwriting or appending
to an attacker-specified file, provided that the file is writeable by the
user that the script is invoked by during exploitation. Since there are
many scripts which are prone to these issues, it is more than likely that
one of these scripts could allow an attack to corrupt files with custom
data, resulting in elevated privileges. File corruption could otherwise
result in a denial of service if critical or sensitive files are
overwritten or appended to as a result of exploitation.
These issues were addressed with the release of OpenServer 5.0.6.
23. HP Servicecontrol Manager Unauthorized Access Vulnerability
BugTraq ID: 8865
Remote: No
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8865
Summary:
HP Servicecontorl Manager is a utility designed to manage multiple
systems. Its web-based interface allows an administrator to access various
configuration options and monitor systems.
HP has reported that a vulnerability has been discovered in Servicecontrol
Manager that could lead to unauthorized access. They suggest that the
exploitation of this issue could allow a local user to be granted access
to the web-based manager interface. It is likely that this could lead to a
variety of attacks, depending on the actions carried out while an attacker
accesses the administration interface.
The precise details regarding this vulnerability are not currently known.
This BID will be updated if further information is made available.
24. Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 8866
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8866
Summary:
Web Wiz Forums has been reported prone to cross-site scripting attacks
when processing requests to various .asp files.
The problem occurs due to insufficient sanitization of various URI
parameters passed to the members.asp and pm_buddy_list.asp script files.
It has been reported that a remote attacker may construct a malicious link
to the vulnerable script and supply arbitrary HTML code as URI parameters.
If this link is followed, malicious HTML code will be rendered in the
browser of the user who followed the link.
This could permit the theft of cookie authentication credentials; other
attacks may also be possible.
New information has been made available by the vendor stating that one of
the affected script files reported (forum_members.asp) does not exist. As
such, some of the reported cross-site scripting issues may not exist. The
vendor has confirmed that the other issues did at some time exist and do
not affect Web Wiz Forums 7.5. It is not yet known which release of Web
Wiz Forums addressed these issues.
25. Sun Java Unauthorized Java Applet Floppy Access Weakness
BugTraq ID: 8867
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8867
Summary:
A weakness has been reported in Java implementations that may constitute
unauthorized access by Java applets to floppy devices. This weakness
appears to present a flaw in the Java security model. It has been
demonstrated that a malicious applet may cause repeated floppy access
attempts. Side effects of this issue include a potential to cause
applications which load a malicious applet to block, as was demonstrated
with the example of loading the malicious example applet in Internet
Explorer. This could also cause strain on the floppy device under some
circumstances, due to repeated access attempts.
This may be due to a flaw in the
org.apache.crimson.tree.XmlDocument.createXmlDocument class. The provided
proof-of-concept calls this class in an infinite loop, using the following
syntax to access the floppy device:
It should be noted that this weakness may be a symptom of a more serious
issue which could present permit a further degree of unauthorized device
access, though this has not been confirmed.
This issue was reported in Java Plug-in 1.4.x versions on Microsoft
Windows operating systems, when run with Internet Explorer. Other
environments and versions may also be affected.
26. PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulner...
BugTraq ID: 8869
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8869
Summary:
PSCS VPOP3 Email Server is an e-mail server and gateway.
A cross-site scripting vulnerability has been reported to exist in PSCS
VPOP3.
The problem has been reported to exist in the WebAdmin utility of the
software. The issue presents itself due to improper handling of
user-supplied data in certain parameters, which will permit remote
attackers to embed HTML and script code in links. HTML and script code
could then be rendered in the browser of the user visiting the link. This
attack would occur in the security context of the vulnerable site.
Successful exploitation of this attack may allow an attacker to steal
cookie-based authentication information. Since the issue affects the
WebAdmin utility, it is likely that a successful attack of this nature
would permit an attacker to hijack an administrative account.
PSCS VPOP3 versions 2.0.0e and 2.0.0f have been reported to be prone to
this vulnerability, however other versions may be affected as well.
27. PGPDisk Switched User Unauthorized Access Weakness
BugTraq ID: 8870
Remote: Unknown
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8870
Summary:
PGPDisk is a PGP integrated application that allows users to create
encrypted disk partitions. PGPDisk is available for Microsoft Windows and
MacOS.
PGPDisk has been reported to be prone to an unauthorized access weakness
that may allow a local attacker to gain access to a user's PGP volume.
The problem has been reported to occur when PGPDisk is used in conjunction
with Windows XP. It has been reported that when a user uses the Windows
XP 'switch user' function, PGP disk fails to unmount. As a result,
another local user may obtain full access to the mounted PGP disk, leading
to the disclosure of sensitive information.
Successful exploitation of this issue may allow an attacker to gain access
to sensitive data. Information obtained through this attack could be used
to launch further attacks against a vulnerable user.
Although unconfirmed, PGPDisk version 6.02i and prior may be affected by
this issue.
28. My Photo Gallery Unspecified Vulnerability
BugTraq ID: 8872
Remote: Unknown
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8872
Summary:
My Photo Gallery is a web-based image gallery application written in Perl.
An unspecified security vulnerability has been reported by the My Photo
Gallery vendor. Due to the fact that no details were supplied by the
vendor, the implications of exploitation are not currently known.
However, due to the nature of the program it can be assumed that the issue
may involve a denial of service or the exposure of sensitive information.
As a result, the impact of this alert have been set to reflect the
possible implications of this issue. As further information is made
available, the impact levels as well as the details of the BID will be
changed if necessary.
29. Sun Management Center Error Message Information Disclosure V...
BugTraq ID: 8873
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8873
Summary:
Sun Management Center is a web-based system management interface for Sun
Solaris. It is maintained and distributed by Sun.
A problem in the handling of error messages has been identified in Sun
Management Center. Because of this, an attacker may be able to gain
sensitive information about vulnerable hosts.
The problem is in the returning of error messages by Sun Management
Center. The Sun Management Center server typically runs on TCP port 898.
When a user sends a request for a specific file in the file system of the
host using directory traversal strings, the host returns an error message.
However, this error message varies between files that exist, and files
that do not exist.
In the instance of a file that does not exist, the service gives a
response similar to the following:
Error: 404
File Not Found
/stuff/blah
However, when an existing file is requested, the host gives the following
response:
Error: 404
No detailed message
This issue could allow an attacker to use the Sun Management Center as an
oracle to determine key system configuration variables. Information
gained through this vulnerability could be used to launch further attack
against system and network resources.
30. Microsoft Internet Explorer Scrollbar-Base-Color Partial Den...
BugTraq ID: 8874
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8874
Summary:
A vulnerability has been reported to exist in Microsoft Internet Explorer
that may allow an attacker to cause a partial denial of service condition
in the software. The issue presents itself due to improper handling of
scrollbar-base-color attribute of the div object. It has been reported
that Internet Explorer crashes if value of scrollbar-base-color is changed
in a textarea located in a table.
An attacker may create a web page containing malicious script code that
would cause a user's browser to crash upon visiting that site. It should
be noted that Internet Explorer restarts immediately after the crash.
Microsoft Internet Explorer 6.0 has been reported to be vulnerable to this
issue, however other versions may be affected as well.
31. Coreutils LS Width Argument Integer Overflow Vulnerability
BugTraq ID: 8875
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8875
Summary:
Coreutils 'ls' utility is a binary application that is used to list
directory contents.
Coreutils 'ls' has been reported prone to an integer overflow
vulnerability. The issue reportedly presents itself when handling '-w'
(width) and '-C' (output column display) command line arguments passed to
the vulnerable application. It has been reported that excessive values
passed as a '-w' argument to 'ls' may cause an internal integer value to
be misrepresented. Further arithmetic performed based off this
misrepresented value may have unintentional results.
For example, if this value is used when assigning memory, huge amounts of
system memory may be allocated resulting in a denial of service condition
as resource starvation occurs.
Additionally it has been reported that this vulnerability may be exploited
in software that implements and invokes the vulnerable 'ls' utility to
trigger a denial of service in the affected software. It has been
conjectured that this issue may present itself when affected software
invokes 'ls' and expects a return of data. When 'ls' hangs the invoking
software may also subsequently hang.
The integer overflow vulnerability in 'ls' has not been reported to be
exploitable to execute arbitrary instructions.
32. DansGuardian Denied URL Cross-Site Scripting Vulnerability
BugTraq ID: 8876
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8876
Summary:
DansGuardian is a content filtering software package. It is available for
Unix, Linux, and Microsoft operating systems.
A problem has been reported in the handling of some types of input to
DansGuardian. This problem may permit an attacker to launch cross-site
scripting attacks.
The problem is in the filtering of the DENIEDURL parameter. When HTML is
passed to the parameter, the script renders the HTML in the security
context of the site hosting DansGuardian. An attacker exploiting this
issue could potentially steal sensitive information such as cookie
authentication credentials, or launch other types of browser-based
attacks.
33. Sylpheed-Claws Mail Client SMTP Error Reporting Format Strin...
BugTraq ID: 8877
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8877
Summary:
Sylpheed-Claws is a branch of the Sylpheed mail client, designed to
implement and test less stable features. Both code bases are regularly
updated to match each others behavior. Sylpheed-Claws is available for the
Linux operating system.
It has been reported that Sylpheed-Claws is prone to a format string bug
when handling error messages received from an SMTP server. These errors
are typically generated when an action cannot be carried out correctly or
an incorrect command has been received, however an attacker may be capable
of transmitting an error message immediately upon connection.
The problem specifically occurs within the 'send_message.c' source file,
which includes a call to the 'alertpanel_error_log' function when handling
error messages. This function takes formatted arguments and reports the
error message; however when an error message is encountered the function
is incorrectly called without a format specifier, but is passed the SMTP
server-supplied error data. As a result, a malformed SMTP server may be
capable of having arbitrary format specifiers interpreted by the
Sylpheed-Claws mail client, ultimately allowing for code execution.
All code executed in this manner would be run with the privileges of the
user invoking the affected mail client program.
It has been confirmed that the Sylpheed mail client is also affected by
this vulnerability. This issue has been addressed in version 0.9.7.
34. HP Management Software Web Agents Unspecified Unauthorized A...
BugTraq ID: 8878
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8878
Summary:
Various HP Management Software released for the Microsoft Windows
operating system include web agents that allow users to manage their
systems.
HP has announced that a vulnerability in various web agents released with
their Management Software could allow for unauthorized remote access. The
problem is said to occur within specific non-SSL agents.
Exploitation of this issue is said to allow for unauthorized remote
access, as well as a possible denial of service. Further details have not
been made available however, if and when they are, this bid will be
updated accordingly.
This vulnerability is said to affect Insight Management for Clients
versions 3.5 to 5.0, all versions of Remote Diagnostics Enabling Agent,
and Insight Manager LC versions 1.00 to 1.60.
35. Sun Java Virtual Machine Slash Path Security Model Circumven...
BugTraq ID: 8879
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8879
Summary:
The Java Virtual Machine (JVM) is a component of the Sun Java
infrastructure that performs the handling of Java applets and other
programs. It is available for Unix, Linux, and Microsoft platforms.
A vulnerability has been identified in the Sun Java Virtual Machine
packaged with JRE and SDK. This issue results in the circumvention of the
Java Security Model, and can permit an attacker to execute arbitrary code
on vulnerable hosts.
The problem is in the handling of security checks on classes. Due to an
error in the loadClass method of the sun.applet.AppletClassLoader
implementation, the JVM does not sufficiently handle one of the syntaxes
used to invoke classes. When classes are invoked by an applet using dot
notation, such as sun.java.class, the checkPackageAccess method of
securitymanager performs reliably, throwing an exception when an applet
attempts to load an unauthorized class.
However, when an applet attempts to load a class using the supported slash
notation, such as sun/java/class, the checkPackageAccess method of
securitymanager does not properly check the name of the requested class.
The applet thus could circumvent the security model, calling classes
outside of the sandbox imposed by the Java security model, and gain access
to prohibited classes. A malicious applet could use this vulnerability to
execute arbitrary code of any type, resulting in unauthorized access to
the vulnerable system with the privileges of the user that has loaded the
malicious Java applet.
36. mIRC DCC SEND Variant Buffer Overflow Vulnerability
BugTraq ID: 8880
Remote: Yes
Date Published: Oct 23 2003
Relevant URL: http://www.securityfocus.com/bid/8880
Summary:
mIRC is a chat client for the IRC protocol, designed for Microsoft Windows
based operating systems.
It has been reported that mIRC 6.12, which addressed the recently
discovered DCC SEND vulnerability, is prone to a variant buffer overflow
issue. The problem appears to occur in an identical fashion to the
previous vulnerability described in BID 8818, however a specific sequence
of actions must be carried out for the condition to be triggered.
Specifically, a user must have a minimized DCC get dialog window, or the
window must have been minimized by default. The victim must then open the
minimized window and proceed to accept a file with a name of excessive
length, likely formatted as described in BID 8818.
It should be noted that this issue is said to only occur if the precise
sequence of events described above occurs. If DCC autoget is enabled or
the file is not accepted, the bug will not be triggered.
It should be noted that this may issue may in fact be the same
vulnerability described in BID 8818. If further information shows that
this is in fact the case, this BID will be retired the the appropriate
details will be added to the correct BID.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Justice e-censorship gaffe sparks controversy
By: Kevin Poulsen
The Department of Justice used Microsoft Word's highlight tool to black
out the sensitive portions of a key report on internal workplace
diversity, before releasing it to the public as a PDF file. Guess what
happened next.
http://www.securityfocus.com/news/7272
2. Senators propose Patriot Act limitations
By: Kevin Poulsen
In 2001, the Senate approved USA-PATRIOT 98 to 1. Now proposed legislation
with bipartisan support would undo some of their own work.
http://www.securityfocus.com/news/7245
3. Prosecutors admit error in whistleblower conviction
By: Kevin Poulsen
Federal officials will ask a court to set aside the conviction of a man
who served 16 months in federal prison for blowing the whistle on an
ex-employer's cybersecurity holes.
http://www.securityfocus.com/news/7202
4. Email scammers target Halifax, Nationwide, Citibank
By: John Leyden, The Register
http://www.securityfocus.com/news/7309
5. Halifax suspends e-banking site after phishing attack
By: John Leyden, The Register
http://www.securityfocus.com/news/7308
6. Tech ignorance, vague laws lead to mistaken conviction
By: Matthew Fordahl, The Associated Press
http://www.securityfocus.com/news/7299
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. AntiSpam Mail Filter v1.2
By: Timo Roehling
Relevant URL: http://sourceforge.net/projects/antispam-filter
Platforms: Linux
Summary:
AntiSpam Mail Filter is yet another Bayesian filter, designed for use with
Exim.
testmail is a Perl script that checks email availability at the POP3
server, filters it according to defined rules, and--depending on the
selected method--gets the messages to the local mailbox and/or removes it
from the server. It uses Perl libnet module and helps you escape from
spam.
Astaro Security Linux is a firewall solution. It does stateful packet
inspection filtering, content filtering, user authentication, virus
scanning, VPN with IPSec and PPTP, and much more. With its Web-based
management tool, WebAdmin, and the ability to pull updates via the
Internet, it is pretty easy to manage. It is based on a special hardened
Linux 2.4 distribution where most daemons are running in change-roots and
are protected by kernel capabilities.
Yet Another antiVirus Recipe is a procmail that helps to filter out a lot
of the most common e-mail worms. It detects worms with base-64 signatures
(such as Klez, Hybris, and BugBear), HTML IFRAME exploits, CLSID hidden
extension exploits, -XML code base exploits, executable extensions (bat,
pif, vbs, vba, scr, lnk, com, and exe), and macros for doc, dot, xls, and
xla files. It also detects most Nigerian scam e-mails.
5. GPA (GNU Privacy Assistant) v0.7.0
By: Bernhard Reiter
Relevant URL: http://www.gnupg.org/(en)/related_software/gpa/index.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The GNU Privacy Assistant is a graphical frontend to GnuPG and may be used
to manage the keys and encrypt/decrypt/sign/check files. It is much like
Seahorse.
The Prelude Log Monitoring Lackey (LML) is the host-based sensor program
part of the Prelude Hybrid IDS suite. It can act as a centralized log
collector for local or remote systems, or as a simple log analyzer (such
as swatch). It can run as a network server listening on a syslog port or
analyze log files. It supports logfiles in the BSD syslog format and is
able to analyze any logfile by using the PCRE library. It can apply
logfile-specific analysis through plugins such as PAX. It can send an
alert to the Prelude Manager when a suspicious log entry is detected.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Needed CISSP/GIAC Certified Instructors in Bay Area/... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342422
2. Senior Analyst/Systems Rosslyn, Virginia (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342421
3. Ethical Hacker and Information Security Expert (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342420
4. Interests outside the USA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342419
5. Anyone know of more Canadian focused lists? (Thread)
Relevant URL:
SecurityFocus Newsletter #220
------------------------------
This Issue is Sponsored by: Zone Labs
Zone Labs is the most trusted provider of endpoint security solutions.
Proven in over 800+ enterprises around the globe, our centrally-managed
endpoint security solution, Zone Labs Integrity?, proactively protects
network endpoint PCs and assures security policy enforcement enterprise-
wide. Learn how to protect your enterprise by default. Download our
security white paper, "The Future of Enterprise Hacker Attacks: How to
Protect Your Network Endpoint PCs".
http://www.securityfocus.com/sponsor/ZoneLabs_sf-news_031027
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Fighting Internet Worms With Honeypots
2. Web Security Appliance With Apache and mod_security
3. Joe Average User Is In Trouble
II. BUGTRAQ SUMMARY
1. Eric S. Raymond Fetchmail Unspecified Denial of Service Vuln...
2. Oracle Database Server Oracle Binary Local Buffer Overflow V...
3. Oracle Database Server OracleO Binary Local Buffer Overflow ...
4. Multiple GDM Local Denial Of Service Vulnerabilities
5. GoldLink Cookie SQL Injection Vulnerability
6. PHP-Nuke Search Field Path Disclosure Vulnerability
7. Geeklog Forgot Password SQL Injection Vulnerability
8. Bytehoard File Disclosure Vulnerability
9. CPCommerce Functions Remote File Include Vulnerability
10. Caucho Resin Multiple HTML Injection and Cross-site Scriptin...
11. Opera HREF Malformed Server Name Heap Corruption Vulnerabili...
12. Emule Web Control Panel HTTP Login Long Password Denial of S...
13. Origo ADSL Router Remote Administrative Interface Configurat...
14. DeskPro Multiple SQL Injection Vulnerabilities
15. Sun Java Cross-Site Applet Sandbox Security Model Violation ...
16. Gast Arbeiter File Upload Validation Vulnerability
17. HP OpenView Network Node Manager Denial Of Service Vulnerabi...
18. Dansie Shopping Cart Server Error Message Installation Path ...
19. Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov...
20. Vivisimo Clustering Engine Search Script Cross-Site Scriptin...
21. FuzzyMonkey MyClassifieds Email Variable SQL Injection Vulne...
22. SCO OpenServer Insecure Temporary File Vulnerabilities
23. HP Servicecontrol Manager Unauthorized Access Vulnerability
24. Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities
25. Sun Java Unauthorized Java Applet Floppy Access Weakness
26. PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulner...
27. PGPDisk Switched User Unauthorized Access Weakness
28. My Photo Gallery Unspecified Vulnerability
29. Sun Management Center Error Message Information Disclosure V...
30. Microsoft Internet Explorer Scrollbar-Base-Color Partial Den...
31. Coreutils LS Width Argument Integer Overflow Vulnerability
32. DansGuardian Denied URL Cross-Site Scripting Vulnerability
33. Sylpheed-Claws Mail Client SMTP Error Reporting Format Strin...
34. HP Management Software Web Agents Unspecified Unauthorized A...
35. Sun Java Virtual Machine Slash Path Security Model Circumven...
36. mIRC DCC SEND Variant Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Justice e-censorship gaffe sparks controversy
2. Senators propose Patriot Act limitations
3. Prosecutors admit error in whistleblower conviction
4. Email scammers target Halifax, Nationwide, Citibank
5. Halifax suspends e-banking site after phishing attack
6. Tech ignorance, vague laws lead to mistaken conviction
IV. SECURITYFOCUS TOP 6 TOOLS
1. AntiSpam Mail Filter v1.2
2. testmail v3.1.6
3. Astaro Security Linux (Stable 4.x) v4.016
4. Yet Another antiVirus Recipe v1.7.5
5. GPA (GNU Privacy Assistant) v0.7.0
6. Prelude Log Monitoring Lackey v 0.8.6
V. SECURITYJOBS LIST SUMMARY
1. Needed CISSP/GIAC Certified Instructors in Bay Area/... (Thread)
2. Senior Analyst/Systems Rosslyn, Virginia (Thread)
3. Ethical Hacker and Information Security Expert (Thread)
4. Interests outside the USA (Thread)
5. Anyone know of more Canadian focused lists? (Thread)
6. Symantec Looking for Mgr, Educational Services - Wal... (Thread)
7. Seeking a position in Network Security (Thread)
8. Seeking Job oportunities in México (Thread)
9. Manager of Customer Operations - India - Neoteris (Thread)
10. Network Security Analyst, Mechanicsburg, PA (Thread)
11. Techncial Support Engineer - Silicon Valley - Neoter... (Thread)
12. New Articles @ SecurityFocus (Thread)
13. Kirkland, WA - Software Implementation Project Manag... (Thread)
14. SecurityFocus.com Webmaster (Thread)
15. Looking for an xForce Vulnerability Research Enginee... (Thread)
16. UK Internal IT Security Sales Executive (Thread)
17. Exciting Opportunity for a Principal Information Ass... (Thread)
18. Security/ Infrastructure Support positions available... (Thread)
19. R1935 IDS Software Quality Engineer (Thread)
20. Web Application/Application Security Engineer - SF B... (Thread)
21. Customer Support Manager-Security-Silicon Valley-Sun... (Thread)
22. Senior Network Security/Firewall Engineer (Permanent... (Thread)
23. Information Seurity Policy Analyst - Located in Wash... (Thread)
24. Information Security Analyst - Washington, D.C. (Thread)
25. QA Lead Engineer- Sunnyvale, CA (Thread)
26. Sr Technical Account Director (Sales) (Thread)
27. Senior Regional Manager (Security Software Company) (Thread)
28. Zone Labs-Security Researcher-San Francisco (Thread)
29. IT Security Engineer with 5 years experience - CISSP (Thread)
30. Infrastructure Security Specialist - Wilmington DE ... (Thread)
31. "SecurityGuys", a securityjobs-like brazilian distri... (Thread)
32. US-MD-Columbia-R1933 Secruity Research Engineer (Thread)
33. Lead QA Engineer (Thread)
34. NetScreen Technologies - Sr. Systems Engineer - Dall... (Thread)
35. WLAN Security Company seeks Sales Engineer in San Fr... (Thread)
36. How about the recruiters? (Thread)
37. Information Security Recruitment Stars (Thread)
38. Senior Linux Kernel Security Developer - Silicon Val... (Thread)
39. Seeking Employment: Ethical Hacker / Penetration Tes... (Thread)
40. Seniors, Ernst and Young's Security and Technology S... (Thread)
41. looking for security position in ri/eastern ma/weste... (Thread)
42. Security and/or IT audit: Los Angeles (Thread)
VI. INCIDENTS LIST SUMMARY
1. New Trojan (Thread)
2. [inbox] RE: Bogus DNS traffic (Thread)
3. Need help to find web server attacks signature (Thread)
4. OpenNIC "attack?" (Thread)
5. [despammed] Bogus DNS traffic (Thread)
6. Bogus DNS traffic (Thread)
7. Odd MS-SQL scan. (Thread)
8. Odd MS-Sql scans. (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. TCP on multicast (Solaris) (Thread)
2. win32 heap overflow exploitation (Thread)
3. "Local" and "Remote" considered insufficient (Thread)
4. Shattering XP Buttons (Thread)
5. Question about Data type in VB.NET (Thread)
6. IIS leaks Internal IP, Again (already reported) (Thread)
7. IIS leak internal IP, Again? (Thread)
8. Gast Arbeiter Privilege Escalation (Thread)
9. Delphi and buffer overflows (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Terminal Services Auditing? (Thread)
2. Auditing enabled but Logon Failures not showing up (Thread)
3. DOT NET & J2EE (Thread)
4. RSA key pair lifetime expiration (Thread)
5. Terminal Services Manager as a non-admin user. (Thread)
6. group policy and NT policy editor (Thread)
7. Article Announcement: Disclosure Plan Won't Help (Thread)
8. group policy question (Thread)
9. SecurityFocus Microsoft Newsletter #159 (Thread)
10. RE : Blocking and allowing ActiveX (Thread)
11. automating reboot (was RE: RPC Scan Issues) (Thread)
IX. SUN FOCUS LIST SUMMARY
1. ipf, Sunscreen or ? (Thread)
2. 64-bit GCC (was: ipf, Sunscreen or ?) (Thread)
3. Information disclosure with SMC webserver on Solaris... (Thread)
4. Problems updating Stonghold on Solaris (Thread)
5. New SecurityFocus article (Thread)
6. Solaris 8 SSH Issues. (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Fw: AntiVirus for Red Hat 9? (Thread)
2. AntiVirus for Red Hat 9? (Thread)
3. New Articles on SecurityFocus (Thread)
4. NFS replacements for Linux (Thread)
5. Synflooding a Linux (Thread)
6. New SecurityFocus Article (Thread)
7. [despammed] Synflooding a Linux (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Fighting Internet Worms With Honeypots
By Laurent Oudot
This paper will evaluate the usefulness of using honeypots to fight
Internet worms, including a discussion on capturing a worm, redirecting
worm traffic to fake services, launching counter attacks to clean infected
hosts, and finally removing the worm or negating its effects.
http://www.securityfocus.com/infocus/1740
2. Web Security Appliance With Apache and mod_security
By Ivan Ristic
This article will demonstrate how you can build your own application
gateway with little effort, using open source components that are widely
available.
http://www.securityfocus.com/infocus/1739
3. Joe Average User Is In Trouble
By Scott Granneman
As security professionals we're at the forefront, like it or not, and it's
up to us to help lessen the myriad of user problems we see around us.
http://www.securityfocus.com/columnists/193
II. BUGTRAQ SUMMARY
-------------------
1. Eric S. Raymond Fetchmail Unspecified Denial of Service Vuln...
BugTraq ID: 8843
Remote: Yes
Date Published: Oct 16 2003
Relevant URL: http://www.securityfocus.com/bid/8843
Summary:
Fetchmail is a freely available, open source mail retrieval utility. It is
maintained by Eric S. Raymond.
A vulnerability has been reported to be present in the software that may
allow an attacker to cause a denial of service condition in Fetchmail
6.2.4. It has been reported that the problem presents itself when a
specially crafted e-mail message is sent to fetchmail. The precise nature
of this vulnerability is not known at the moment due to a lack of details,
however exploitation of this issue may allow an attacker to cause the
software to crash. Although unconfirmed, it may be possible to execute
arbitrary code on a vulnerable system.
This vulnerability may be related to known issues, however this has not
been confirmed by Symantec. This BID and any other applicable BIDs will be
updated, as further information is available.
Fetchmail 6.2.4 has been reported to be prone to this issue however other
versions may be vulnerable as well.
2. Oracle Database Server Oracle Binary Local Buffer Overflow V...
BugTraq ID: 8844
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8844
Summary:
Oracle is a commercial database product, which is available for a number
of platforms including Microsoft Windows and Unix and Linux variants.
Oracle Database Server 'oracle' binary has been reported prone to a local
buffer overflow vulnerability.
The issue likely presents itself due to a lack of sufficient boundary
checks performed on command line arguments passed to the affected binary.
It has been reported that a local attacker may overflow the bounds of an
insufficient reserved buffer in oracle process memory by passing data
>=9850 bytes to the affected binary as a command line argument. Data that
exceeds the size of the affected buffer will corrupt memory that is
adjacent to the aforementioned buffer. Because variables that are crucial
to controlling execution flow of the affected binary are saved in memory
space that an attacker can corrupt, the attacker may influence oracle
execution flow into attacker-controlled memory. Ultimately this condition
could lead to the execution of arbitrary instructions in the context of
the vulnerable binary, which has been reported to be setuid Oracle user.
It should be noted that while this vulnerability has been reported to
affect Oracle 9i Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86
other versions and platforms might also be affected.
3. Oracle Database Server OracleO Binary Local Buffer Overflow ...
BugTraq ID: 8845
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8845
Summary:
Oracle is a commercial database product, which is available for a number
of platforms including Microsoft Windows and Unix and Linux variants.
Oracle Database Server 'oracleO' binary has been reported prone to a local
buffer overflow vulnerability.
The issue likely presents itself due to a lack of sufficient boundary
checks performed on command line arguments passed to the affected binary.
It has been reported that a local attacker may overflow the bounds of an
insufficient reserved buffer in oracle process memory by passing excessive
data to the affected binary as a command line argument. Data that exceeds
the size of the affected buffer will corrupt memory that is adjacent to
the aforementioned buffer. Because variables that are crucial to
controlling execution flow of the affected binary are saved in memory
space that an attacker may corrupt, the attacker may influence oracle
execution flow into attacker-controlled memory. Ultimately this condition
could lead to the execution of arbitrary instructions in the context of
the vulnerable binary, which has been reported to be setuid Oracle user.
It should be noted that while this vulnerability has been reported to
affect Oracle 9i Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86
other versions and platforms might also be affected.
4. Multiple GDM Local Denial Of Service Vulnerabilities
BugTraq ID: 8846
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8846
Summary:
Gnome Display Manager (GDM) is a utility harnessed by Gnome to manage
various functions when interfacing with X.
GDM has been reported prone to multiple denial of service vulnerabilities
that may be triggered by a local attacker.
It has been reported that GDM does not perform sufficient restrictions on
data that it receives. A local attacker may send excessive amounts of data
to GDM and cause memory resources to be exhausted until the kernel
terminates the process of the affected GDM.
Additionally a separate issue has been reported to affect GDM that may be
exploited by a local attacker to trigger a denial of service of the GDM
utility. The issue has been reported to present itself due to an error
while handling queries, for example version queries or authentication
responses. It has been reported that an attacker may invoke a query
request against GDM and not read the reply, thus triggering GDM into
filling its send buffer. This will have the affect of preventing GDM from
accepting new logins.
A local attacker may exploit these vulnerabilities to deny service to GDM
for legitimate users.
Explicit details regarding this vulnerability are not currently available,
this BID will be updated when further details are released or when more
exhaustive investigation into this condition has been completed.
5. GoldLink Cookie SQL Injection Vulnerability
BugTraq ID: 8847
Remote: Yes
Date Published: Oct 18 2003
Relevant URL: http://www.securityfocus.com/bid/8847
Summary:
GoldLink is a web application that is implemented in PHP.
GoldLink is prone to SQL injection attacks. This vulnerability exists in
the admin.php script. The source of the problem is that the software does
not sufficiently sanitize SQL syntax from data supplied via cookies. This
data will then be used when making database queries. Malicious SQL may be
submitted via the vadmin_login and vadmin_pass cookie fields.
As a result of this issue, it may be possible to manipulate SQL queries,
potentially resulting in information disclosure, bulletin board compromise
or other consequences.
6. PHP-Nuke Search Field Path Disclosure Vulnerability
BugTraq ID: 8848
Remote: Yes
Date Published: Oct 18 2003
Relevant URL: http://www.securityfocus.com/bid/8848
Summary:
PHP-Nuke is prone to a path disclosure vulnerability. Path information
will be displayed in error output when invalid input is supplied in search
fields. In particular, if characters such as ", >, and ' are entered in a
search request, PHP-Nuke will reportedly return the installation path.
This information may allow an attacker to map out the file system on the
host, which could be useful in other attacks.
This issue may be related to a number of previously reported
vulnerabilities in PHP-Nuke. If this is the case, the appropriate BID
will be updated and this BID will be retired. It should also be noted
that the vulnerability may be indicative of a more serious problem, such
as an SQL injection issue. This has not been confirmed by Symantec.
7. Geeklog Forgot Password SQL Injection Vulnerability
BugTraq ID: 8849
Remote: Yes
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8849
Summary:
Geeklog is open-source weblog software. It is written in PHP and will run
on most Unix and Linux variants, as well as Microsoft Windows operating
systems.
An SQL injection vulnerability has been reported in the Geeklog "forgot
password" feature (introduced in Geeklog 1.3.8). This feature allows for
user passwords to be reset.
Due to insufficient sanitization of user-supplied input, it is possible
for remote attacks to influence database queries. In particular, a SELECT
query is made by the software when a user attempts to use the feature to
change a password. It is possible for a remote attacker to include
malicious SQL syntax as an argument for the $rid variable, which
represents the requesting user's ID. It has been demonstrated that this
could be exploited to reset any user's password, including the
administrator.
Due to the nature of this vulnerability, direct attacks against the
database are also possible such as manipulating queries to disclose
sensitive information or attempts to exploit latent vulnerabilities in the
database itself.
8. Bytehoard File Disclosure Vulnerability
BugTraq ID: 8850
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8850
Summary:
Bytehoard is a file storage/transfer application that is implemented in
PHP.
Bytehoard is prone to directory traversal attacks. Remote attackers may
submit requests containing directory traversal sequences to Bytehoard.
This could potentially permit remote attackers to gain unauthorized access
to sensitive files hosted on the system running the software. Files that
are readable to the web server will be accessible to an attacker if this
vulnerability is successfully exploited.
9. CPCommerce Functions Remote File Include Vulnerability
BugTraq ID: 8851
Remote: Yes
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8851
Summary:
cpCommerce is open-source e-commerce software. It is implemented in PHP
and available for Microsoft Windows and Unix/Linux variants.
cpCommerce may allow remote users to influence the include path for PHP
scripts, resulting in execution of arbitrary code.
The vulnerability exists in the _functions.php script, which makes the
following require_once() calls:
require_once("{$prefix}_config.php");
require_once("{$prefix}_gateways.php");
If certain PHP configuration directives are enabled, then it is possible
for remote attackers to control the $prefix variable and specify an
include path that points to a malicious PHP script on a remote,
attacker-controlled server. If successfully exploited, an
attacker-specified PHP script will be executed in the context of the web
server process.
10. Caucho Resin Multiple HTML Injection and Cross-site Scriptin...
BugTraq ID: 8852
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8852
Summary:
Caucho Resin is a XML application server that provides support for
servlets and JSP.
Multiple cross-site scripting vulnerabilities have been reported in
various scripts of Caucho. The affected scripts include env.jsp,
form.jsp, session.jsp, and tictactoe.jsp. The 'name' and 'comment' fields
of guestbook.jsp have been reported to be vulnerable to HTML injection.
These issues affect sample scripts included with the software, which may
not be appropriate for use on production systems.
The vulnerabilities are caused by insufficient sanitization of
user-supplied data. HTML and script code will not be filtered from
externally supplied input before being displayed in web pages, therefore
allowing an attacker to construct a link containing malicious HTML or
script code to be executed in a user's browser upon visiting that link.
This attack would occur in the security context of the site running the
vulnerable version of Caucho Resin. Exploitation may also allow attackers
to inject hostile HTML and script code into the sample guestbook.
Successful exploitation of these issues may allow an attack to steal
cookie-based authentication credentials. Other attacks are possible as
well.
Caucho Resin version 2.1 and prior have been reported to be prone to this
issue, however other versions may be affected as well.
11. Opera HREF Malformed Server Name Heap Corruption Vulnerabili...
BugTraq ID: 8853
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8853
Summary:
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS. Opera also
includes the M2 Mail Client, which is a fully featured e-mail client that
supports HTML e-mail.
A vulnerability has been discovered in Opera that could lead to remote
code execution. The issue is said to occur when rendering malformed HTML
HREF server name parameters. Specifically, an illegally escaped server
name of excessive length may trigger a buffer overrun within heap memory.
This could potentially allow an attacker to corrupt heap memory management
structures, possibly leading to the execution flow of the program being
controlled when the memory is later freed.
Successful exploitation of this issue could lead to an attacker executing
arbitrary code on a users system, simply by the victim opening a web site
or HTML e-mail.
It should be noted that, due to the differing heap management algorithms
used across operating systems, it is currently unknown whether or not this
issue can be exploited on all affected platforms.
This vulnerability has been reported to reside in Opera 7.11 and 7.20,
however earlier versions may also be affected.
12. Emule Web Control Panel HTTP Login Long Password Denial of S...
BugTraq ID: 8854
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8854
Summary:
eMule is a freely available, open source peer-to-peer file sharing
application. eMule uses the eDonkey file sharing protocol. It is available
for the BSD, Linux, Microsoft Windows operating systems. eMule includes a
web control panel that allows users to login to the server over the web.
It has been reported that the eMule Web Control Panel HTTP login mechanism
may be prone to denial of service attacks. Reports indicate that the eMule
program expects that login credentials will be received only from the
trusted login form. Specifically, no more then 12 password characters are
expected to be received, and as such eMule does not carry out bounds
checking on this data. However, the eMule login mechanism is said to not
validate the origin of login form information received.
As a result, an attacker may be capable of constructing malicious HTML
form data to transmit excessive password data to the program. Due to
insufficient bounds checking, this will effectively cause memory
corruption and trigger a denial of service. Reports indicated that
password data in excess of 500 to 1000 bytes may be required to trigger
the issue.
It should be noted that, due to the nature of this vulnerability, this
could theoretically lead to arbitrary code execution. This has not been
confirmed however.
13. Origo ADSL Router Remote Administrative Interface Configurat...
BugTraq ID: 8855
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8855
Summary:
Origo ADSL routers are a broadband connectivity solution distributed and
maintained by Origo.
A problem has been identified in some Origo ADSL routers. Due to
insufficient access control, it may be possible for a remote user to gain
unauthorized administrative access to routers, potentially resulting in a
denial of service.
The problem is in the listening of a command line-based administrative
service on port 254. This service is enabled by default, and is not
protected with a password. An attacker could access this interface to
change the router configuration, resulting in a denial of service until
the router is reconfigured. Other attacks against network resources, such
as man-in-the-middle attacks, may also be possible.
This issue is known to affect the ASR-8100 router, though ASR-8400 routers
may also be affected.
14. DeskPro Multiple SQL Injection Vulnerabilities
BugTraq ID: 8856
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8856
Summary:
DeskPro is a commercially-available contact management software package.
It is available for the Unix, Linux, and Microsoft Platforms.
Multiple Vulnerabilities have been reported to exist in DeskPro that may
allow a remote attacker to inject malicious SQL syntax into database
queries. The source of these issues is insufficient sanitization of
user-supplied input.
The problems are reported to exist in various parameters such as cat,
article, and ticketid of the faq.php and view.php modules. It has also
been reported that an attacker may log on to the system as an
administrator by using 'admin' as the Email value and supplying 'or''=' as
the password. These issues exist because vulnerable parameters are not
sanitized for user-supplied input before it is included in the database. A
remote attacker may exploit this issue to influence SQL query logic while
attempting to authenticate to the server.
A malicious user may influence database queries in order to view or modify
sensitive information, potentially compromising the software or the
database. The consequences of exploitation may vary depending on the
underlying database implementation.
DeskPro version 1.1.0 and prior have been reported to be prone to this
issue, however other versions may also be affected.
15. Sun Java Cross-Site Applet Sandbox Security Model Violation ...
BugTraq ID: 8857
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8857
Summary:
A vulnerability has been reported in Java implementations that may
potentially allow Java applets from two different domains to violate the
sandbox security model and share read/write access to data areas. This
vulnerability is made possible through the use of undocumented static
variables of the Java JDK. It is reported that if these variables are
altered, the internal state of the JDK may be corrupted. This could
result in a denial of service but also presents an additional threat of
exposing properties such as applet data to other potentially untrusted
applets.
The issue is reportedly prevalent during XML processing, which depends on
the org.apache.xalan.processor.XSLProcessorVersion class.
The vulnerability violates the principle of isolation that should be
enforced by Java and it is possible for unsigned applets to share
read/write access with signed applets, though it is not known to what
extent this is possible. The lack of data protection could also be used
to interfere with XML processing. This type of issue could potentially
also lead to other attacks against applets, since the security model is
being evaded. This has not been confirmed.
This issue was reported for Java Plug-in 1.4.2_01 on Microsoft Windows
platforms, though it is believed that other platforms are similarly
affected. It is not known if other versions or Java implementations are
also affected.
16. Gast Arbeiter File Upload Validation Vulnerability
BugTraq ID: 8858
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8858
Summary:
Gast Arbeiter is a web-based instant messaging application. It is
implemented in Perl.
Gast Arbeiter allegedly does not sufficiently validate user-supplied input
during uploads. This could be exploited by a remote attacker to upload a
file to an attacker-specified location on the file system hosting the
software. The issue appears to be exploitable by including directory
traversal sequences during a file upload.
Consequences of exploitation include the possibility of corrupting files
on the system or placing files such as malicious scripts in directories
where they may be interpreted (such as in a cgi-bin directory). This will
occur with the privileges of the web server hosting the software. This
may permit remote attackers to gain unauthorized access to a system
hosting the software as well as launch denial of service attacks by
corrupting critical files.
17. HP OpenView Network Node Manager Denial Of Service Vulnerabi...
BugTraq ID: 8859
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8859
Summary:
HP Network Node Manager is a commercial systems management software
package distributed by Hewlett-Packard.
HP has announced that a number of vulnerabilities exist in the OpenView
Network Node Manager (NNM). It has been reported that specially formatted
packets transmitted to a listening TCP port of specific NNM processes may
trigger a memory leak. This would effectively result in the targeted
process crashing or possibly affecting availability of resources on a
system-wide basis.
HP has also reported that NNM is prone to a second separate denial of
service condition, also when handling malformed TCP packets.
The precise details regarding these issues are currently unknown, however
if new information is made available, this BID will be updated
accordingly.
18. Dansie Shopping Cart Server Error Message Installation Path ...
BugTraq ID: 8860
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8860
Summary:
Dansie Shopping Cart is a shopping cart software designed to fulfill
e-commerce needs for a business. The shopping cart is based on Perl.
A vulnerability has been reported to exist in the software that may allow
a remote attacker to obtain the installation path of the software. The
problem is reported to exist due to improper verification of 'db'
parameter of 'cart.pl' script. By supplying a "'" character to the 'db'
parameter, an attacker may disclose the installation path of the software
in the form of an error message.
Successful exploitation of this attack may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
19. Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov...
BugTraq ID: 8861
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8861
Summary:
MERCUR Mailserver is a commercially available mail software solution
distributed and maintained by Atrium Software International. It is
available for the Microsoft Windows platform.
A problem has been reported in MERCUR Mailserver when handling the IMAP
AUTH command. This problem may make it possible for an attacker crash the
service on a vulnerable system.
The problem is in the handling of long arguments to the AUTH command. When
a string of excessive length is supplied to the AUTH command via the PLAIN
option, the process becomes unstable. This is due to a boundary condition
error in the base64 decoding routine.
It is possible for an attacker to exploit this issue to execute arbitrary
instructions. Any instructions executed on a vulnerable host would be
executed with the privileges of the IMAP server process, which in a
typical implementation may execute with SYSTEM privileges.
20. Vivisimo Clustering Engine Search Script Cross-Site Scriptin...
BugTraq ID: 8862
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8862
Summary:
Vivisimo Clustering Engine is a product designed to search or query data
into an organized hierarchy.
It has been reported that Vivisimo Clustering Engine is prone to a
cross-site scripting vulnerability. The problem specifically occurs within
the 'query' parameter passed to the 'search' script. This parameter is not
sufficiently sanitized by the program and as a result may be used by an
attacker to execute arbitrary script code within the browser of a victim
user. This could be accomplished by constructing a malicious link
containing script code embedded within the 'query' URI parameter.
Successful exploitation of this vulnerability may allow an attacker to
steal cookie-based authentication credentials. Other attacks may well be
possible.
21. FuzzyMonkey MyClassifieds Email Variable SQL Injection Vulne...
BugTraq ID: 8863
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8863
Summary:
FuzzyMonkey MyClassifieds is an application for creating and maintaining
online classifieds. MyClassified is written in Perl.
A vulnerability has been reported to exist in the software that may a
remote user to inject malicious SQL syntax into database queries. This
issue is caused by insufficient sanitization of user-supplied data.
The problem may present itself if an attacker inserts malicious SQL code
in the Email variable, which may cause the software to write user
passwords to a world readable file. A remote attacker may exploit this
issue to influence SQL query logic to disclose user password that could be
used to gain unauthorized access.
A malicious user may influence database queries in order to view or modify
sensitive information, and gain unauthorized access by disclosing user
passwords therefore potentially compromising the software or the database.
MyClassifieds version 2.11 has been reported to be prone to this
vulnerability, however other versions may be affected as well.
22. SCO OpenServer Insecure Temporary File Vulnerabilities
BugTraq ID: 8864
Remote: No
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8864
Summary:
SCO has released an advisory for OpenServer 5.0.5 which addresses multiple
instances of scripts creating temporary files insecurely.
The following files are updated by this advisory:
/etc/init.d/VDISK
/etc/init.d/VDRESTORE
/etc/tcp
/usr/lib/mkdev/hostmib
/etc/init.d/hostmib
/etc/nfs
/etc/nis
/etc/rpcinit
/usr/lib/cleantmp
These issues could be exploited by a local attacker to corrupt files via
symbolic link attacks. An attacker may exploit this to cause the
vulnerable scripts to perform operations such as overwriting or appending
to an attacker-specified file, provided that the file is writeable by the
user that the script is invoked by during exploitation. Since there are
many scripts which are prone to these issues, it is more than likely that
one of these scripts could allow an attack to corrupt files with custom
data, resulting in elevated privileges. File corruption could otherwise
result in a denial of service if critical or sensitive files are
overwritten or appended to as a result of exploitation.
These issues were addressed with the release of OpenServer 5.0.6.
23. HP Servicecontrol Manager Unauthorized Access Vulnerability
BugTraq ID: 8865
Remote: No
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8865
Summary:
HP Servicecontorl Manager is a utility designed to manage multiple
systems. Its web-based interface allows an administrator to access various
configuration options and monitor systems.
HP has reported that a vulnerability has been discovered in Servicecontrol
Manager that could lead to unauthorized access. They suggest that the
exploitation of this issue could allow a local user to be granted access
to the web-based manager interface. It is likely that this could lead to a
variety of attacks, depending on the actions carried out while an attacker
accesses the administration interface.
The precise details regarding this vulnerability are not currently known.
This BID will be updated if further information is made available.
24. Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 8866
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8866
Summary:
Web Wiz Forums has been reported prone to cross-site scripting attacks
when processing requests to various .asp files.
The problem occurs due to insufficient sanitization of various URI
parameters passed to the members.asp and pm_buddy_list.asp script files.
It has been reported that a remote attacker may construct a malicious link
to the vulnerable script and supply arbitrary HTML code as URI parameters.
If this link is followed, malicious HTML code will be rendered in the
browser of the user who followed the link.
This could permit the theft of cookie authentication credentials; other
attacks may also be possible.
New information has been made available by the vendor stating that one of
the affected script files reported (forum_members.asp) does not exist. As
such, some of the reported cross-site scripting issues may not exist. The
vendor has confirmed that the other issues did at some time exist and do
not affect Web Wiz Forums 7.5. It is not yet known which release of Web
Wiz Forums addressed these issues.
25. Sun Java Unauthorized Java Applet Floppy Access Weakness
BugTraq ID: 8867
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8867
Summary:
A weakness has been reported in Java implementations that may constitute
unauthorized access by Java applets to floppy devices. This weakness
appears to present a flaw in the Java security model. It has been
demonstrated that a malicious applet may cause repeated floppy access
attempts. Side effects of this issue include a potential to cause
applications which load a malicious applet to block, as was demonstrated
with the example of loading the malicious example applet in Internet
Explorer. This could also cause strain on the floppy device under some
circumstances, due to repeated access attempts.
This may be due to a flaw in the
org.apache.crimson.tree.XmlDocument.createXmlDocument class. The provided
proof-of-concept calls this class in an infinite loop, using the following
syntax to access the floppy device:
org.apache.crimson.tree.XmlDocument.createXmlDocument("file:///a:/",fals
e);
It should be noted that this weakness may be a symptom of a more serious
issue which could present permit a further degree of unauthorized device
access, though this has not been confirmed.
This issue was reported in Java Plug-in 1.4.x versions on Microsoft
Windows operating systems, when run with Internet Explorer. Other
environments and versions may also be affected.
26. PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulner...
BugTraq ID: 8869
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8869
Summary:
PSCS VPOP3 Email Server is an e-mail server and gateway.
A cross-site scripting vulnerability has been reported to exist in PSCS
VPOP3.
The problem has been reported to exist in the WebAdmin utility of the
software. The issue presents itself due to improper handling of
user-supplied data in certain parameters, which will permit remote
attackers to embed HTML and script code in links. HTML and script code
could then be rendered in the browser of the user visiting the link. This
attack would occur in the security context of the vulnerable site.
Successful exploitation of this attack may allow an attacker to steal
cookie-based authentication information. Since the issue affects the
WebAdmin utility, it is likely that a successful attack of this nature
would permit an attacker to hijack an administrative account.
PSCS VPOP3 versions 2.0.0e and 2.0.0f have been reported to be prone to
this vulnerability, however other versions may be affected as well.
27. PGPDisk Switched User Unauthorized Access Weakness
BugTraq ID: 8870
Remote: Unknown
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8870
Summary:
PGPDisk is a PGP integrated application that allows users to create
encrypted disk partitions. PGPDisk is available for Microsoft Windows and
MacOS.
PGPDisk has been reported to be prone to an unauthorized access weakness
that may allow a local attacker to gain access to a user's PGP volume.
The problem has been reported to occur when PGPDisk is used in conjunction
with Windows XP. It has been reported that when a user uses the Windows
XP 'switch user' function, PGP disk fails to unmount. As a result,
another local user may obtain full access to the mounted PGP disk, leading
to the disclosure of sensitive information.
Successful exploitation of this issue may allow an attacker to gain access
to sensitive data. Information obtained through this attack could be used
to launch further attacks against a vulnerable user.
Although unconfirmed, PGPDisk version 6.02i and prior may be affected by
this issue.
28. My Photo Gallery Unspecified Vulnerability
BugTraq ID: 8872
Remote: Unknown
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8872
Summary:
My Photo Gallery is a web-based image gallery application written in Perl.
An unspecified security vulnerability has been reported by the My Photo
Gallery vendor. Due to the fact that no details were supplied by the
vendor, the implications of exploitation are not currently known.
However, due to the nature of the program it can be assumed that the issue
may involve a denial of service or the exposure of sensitive information.
As a result, the impact of this alert have been set to reflect the
possible implications of this issue. As further information is made
available, the impact levels as well as the details of the BID will be
changed if necessary.
29. Sun Management Center Error Message Information Disclosure V...
BugTraq ID: 8873
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8873
Summary:
Sun Management Center is a web-based system management interface for Sun
Solaris. It is maintained and distributed by Sun.
A problem in the handling of error messages has been identified in Sun
Management Center. Because of this, an attacker may be able to gain
sensitive information about vulnerable hosts.
The problem is in the returning of error messages by Sun Management
Center. The Sun Management Center server typically runs on TCP port 898.
When a user sends a request for a specific file in the file system of the
host using directory traversal strings, the host returns an error message.
However, this error message varies between files that exist, and files
that do not exist.
In the instance of a file that does not exist, the service gives a
response similar to the following:
Error: 404
File Not Found
/stuff/blah
However, when an existing file is requested, the host gives the following
response:
Error: 404
No detailed message
This issue could allow an attacker to use the Sun Management Center as an
oracle to determine key system configuration variables. Information
gained through this vulnerability could be used to launch further attack
against system and network resources.
30. Microsoft Internet Explorer Scrollbar-Base-Color Partial Den...
BugTraq ID: 8874
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8874
Summary:
A vulnerability has been reported to exist in Microsoft Internet Explorer
that may allow an attacker to cause a partial denial of service condition
in the software. The issue presents itself due to improper handling of
scrollbar-base-color attribute of the div object. It has been reported
that Internet Explorer crashes if value of scrollbar-base-color is changed
in a textarea located in a table.
An attacker may create a web page containing malicious script code that
would cause a user's browser to crash upon visiting that site. It should
be noted that Internet Explorer restarts immediately after the crash.
Microsoft Internet Explorer 6.0 has been reported to be vulnerable to this
issue, however other versions may be affected as well.
31. Coreutils LS Width Argument Integer Overflow Vulnerability
BugTraq ID: 8875
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8875
Summary:
Coreutils 'ls' utility is a binary application that is used to list
directory contents.
Coreutils 'ls' has been reported prone to an integer overflow
vulnerability. The issue reportedly presents itself when handling '-w'
(width) and '-C' (output column display) command line arguments passed to
the vulnerable application. It has been reported that excessive values
passed as a '-w' argument to 'ls' may cause an internal integer value to
be misrepresented. Further arithmetic performed based off this
misrepresented value may have unintentional results.
For example, if this value is used when assigning memory, huge amounts of
system memory may be allocated resulting in a denial of service condition
as resource starvation occurs.
Additionally it has been reported that this vulnerability may be exploited
in software that implements and invokes the vulnerable 'ls' utility to
trigger a denial of service in the affected software. It has been
conjectured that this issue may present itself when affected software
invokes 'ls' and expects a return of data. When 'ls' hangs the invoking
software may also subsequently hang.
The integer overflow vulnerability in 'ls' has not been reported to be
exploitable to execute arbitrary instructions.
32. DansGuardian Denied URL Cross-Site Scripting Vulnerability
BugTraq ID: 8876
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8876
Summary:
DansGuardian is a content filtering software package. It is available for
Unix, Linux, and Microsoft operating systems.
A problem has been reported in the handling of some types of input to
DansGuardian. This problem may permit an attacker to launch cross-site
scripting attacks.
The problem is in the filtering of the DENIEDURL parameter. When HTML is
passed to the parameter, the script renders the HTML in the security
context of the site hosting DansGuardian. An attacker exploiting this
issue could potentially steal sensitive information such as cookie
authentication credentials, or launch other types of browser-based
attacks.
33. Sylpheed-Claws Mail Client SMTP Error Reporting Format Strin...
BugTraq ID: 8877
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8877
Summary:
Sylpheed-Claws is a branch of the Sylpheed mail client, designed to
implement and test less stable features. Both code bases are regularly
updated to match each others behavior. Sylpheed-Claws is available for the
Linux operating system.
It has been reported that Sylpheed-Claws is prone to a format string bug
when handling error messages received from an SMTP server. These errors
are typically generated when an action cannot be carried out correctly or
an incorrect command has been received, however an attacker may be capable
of transmitting an error message immediately upon connection.
The problem specifically occurs within the 'send_message.c' source file,
which includes a call to the 'alertpanel_error_log' function when handling
error messages. This function takes formatted arguments and reports the
error message; however when an error message is encountered the function
is incorrectly called without a format specifier, but is passed the SMTP
server-supplied error data. As a result, a malformed SMTP server may be
capable of having arbitrary format specifiers interpreted by the
Sylpheed-Claws mail client, ultimately allowing for code execution.
All code executed in this manner would be run with the privileges of the
user invoking the affected mail client program.
It has been confirmed that the Sylpheed mail client is also affected by
this vulnerability. This issue has been addressed in version 0.9.7.
34. HP Management Software Web Agents Unspecified Unauthorized A...
BugTraq ID: 8878
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8878
Summary:
Various HP Management Software released for the Microsoft Windows
operating system include web agents that allow users to manage their
systems.
HP has announced that a vulnerability in various web agents released with
their Management Software could allow for unauthorized remote access. The
problem is said to occur within specific non-SSL agents.
Exploitation of this issue is said to allow for unauthorized remote
access, as well as a possible denial of service. Further details have not
been made available however, if and when they are, this bid will be
updated accordingly.
This vulnerability is said to affect Insight Management for Clients
versions 3.5 to 5.0, all versions of Remote Diagnostics Enabling Agent,
and Insight Manager LC versions 1.00 to 1.60.
35. Sun Java Virtual Machine Slash Path Security Model Circumven...
BugTraq ID: 8879
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8879
Summary:
The Java Virtual Machine (JVM) is a component of the Sun Java
infrastructure that performs the handling of Java applets and other
programs. It is available for Unix, Linux, and Microsoft platforms.
A vulnerability has been identified in the Sun Java Virtual Machine
packaged with JRE and SDK. This issue results in the circumvention of the
Java Security Model, and can permit an attacker to execute arbitrary code
on vulnerable hosts.
The problem is in the handling of security checks on classes. Due to an
error in the loadClass method of the sun.applet.AppletClassLoader
implementation, the JVM does not sufficiently handle one of the syntaxes
used to invoke classes. When classes are invoked by an applet using dot
notation, such as sun.java.class, the checkPackageAccess method of
securitymanager performs reliably, throwing an exception when an applet
attempts to load an unauthorized class.
However, when an applet attempts to load a class using the supported slash
notation, such as sun/java/class, the checkPackageAccess method of
securitymanager does not properly check the name of the requested class.
The applet thus could circumvent the security model, calling classes
outside of the sandbox imposed by the Java security model, and gain access
to prohibited classes. A malicious applet could use this vulnerability to
execute arbitrary code of any type, resulting in unauthorized access to
the vulnerable system with the privileges of the user that has loaded the
malicious Java applet.
36. mIRC DCC SEND Variant Buffer Overflow Vulnerability
BugTraq ID: 8880
Remote: Yes
Date Published: Oct 23 2003
Relevant URL: http://www.securityfocus.com/bid/8880
Summary:
mIRC is a chat client for the IRC protocol, designed for Microsoft Windows
based operating systems.
It has been reported that mIRC 6.12, which addressed the recently
discovered DCC SEND vulnerability, is prone to a variant buffer overflow
issue. The problem appears to occur in an identical fashion to the
previous vulnerability described in BID 8818, however a specific sequence
of actions must be carried out for the condition to be triggered.
Specifically, a user must have a minimized DCC get dialog window, or the
window must have been minimized by default. The victim must then open the
minimized window and proceed to accept a file with a name of excessive
length, likely formatted as described in BID 8818.
It should be noted that this issue is said to only occur if the precise
sequence of events described above occurs. If DCC autoget is enabled or
the file is not accepted, the bug will not be triggered.
It should be noted that this may issue may in fact be the same
vulnerability described in BID 8818. If further information shows that
this is in fact the case, this BID will be retired the the appropriate
details will be added to the correct BID.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Justice e-censorship gaffe sparks controversy
By: Kevin Poulsen
The Department of Justice used Microsoft Word's highlight tool to black
out the sensitive portions of a key report on internal workplace
diversity, before releasing it to the public as a PDF file. Guess what
happened next.
http://www.securityfocus.com/news/7272
2. Senators propose Patriot Act limitations
By: Kevin Poulsen
In 2001, the Senate approved USA-PATRIOT 98 to 1. Now proposed legislation
with bipartisan support would undo some of their own work.
http://www.securityfocus.com/news/7245
3. Prosecutors admit error in whistleblower conviction
By: Kevin Poulsen
Federal officials will ask a court to set aside the conviction of a man
who served 16 months in federal prison for blowing the whistle on an
ex-employer's cybersecurity holes.
http://www.securityfocus.com/news/7202
4. Email scammers target Halifax, Nationwide, Citibank
By: John Leyden, The Register
http://www.securityfocus.com/news/7309
5. Halifax suspends e-banking site after phishing attack
By: John Leyden, The Register
http://www.securityfocus.com/news/7308
6. Tech ignorance, vague laws lead to mistaken conviction
By: Matthew Fordahl, The Associated Press
http://www.securityfocus.com/news/7299
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. AntiSpam Mail Filter v1.2
By: Timo Roehling
Relevant URL: http://sourceforge.net/projects/antispam-filter
Platforms: Linux
Summary:
AntiSpam Mail Filter is yet another Bayesian filter, designed for use with
Exim.
2. testmail v3.1.6
By: c.kruk
Relevant URL: http://strony.wp.pl/wp/c_kruk/
Platforms: Perl (any system supporting perl)
Summary:
testmail is a Perl script that checks email availability at the POP3
server, filters it according to defined rules, and--depending on the
selected method--gets the messages to the local mailbox and/or removes it
from the server. It uses Perl libnet module and helps you escape from
spam.
3. Astaro Security Linux (Stable 4.x) v4.016
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet
inspection filtering, content filtering, user authentication, virus
scanning, VPN with IPSec and PPTP, and much more. With its Web-based
management tool, WebAdmin, and the ability to pull updates via the
Internet, it is pretty easy to manage. It is based on a special hardened
Linux 2.4 distribution where most daemons are running in change-roots and
are protected by kernel capabilities.
4. Yet Another antiVirus Recipe v1.7.5
By: nikant
Relevant URL: http://agriroot.aua.gr/~nikant/nkvir/
Platforms: N/A
Summary:
Yet Another antiVirus Recipe is a procmail that helps to filter out a lot
of the most common e-mail worms. It detects worms with base-64 signatures
(such as Klez, Hybris, and BugBear), HTML IFRAME exploits, CLSID hidden
extension exploits, -XML code base exploits, executable extensions (bat,
pif, vbs, vba, scr, lnk, com, and exe), and macros for doc, dot, xls, and
xla files. It also detects most Nigerian scam e-mails.
5. GPA (GNU Privacy Assistant) v0.7.0
By: Bernhard Reiter
Relevant URL: http://www.gnupg.org/(en)/related_software/gpa/index.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The GNU Privacy Assistant is a graphical frontend to GnuPG and may be used
to manage the keys and encrypt/decrypt/sign/check files. It is much like
Seahorse.
6. Prelude Log Monitoring Lackey v 0.8.6
By: yoann
Relevant URL: http://www.prelude-ids.org/
Platforms: POSIX
Summary:
The Prelude Log Monitoring Lackey (LML) is the host-based sensor program
part of the Prelude Hybrid IDS suite. It can act as a centralized log
collector for local or remote systems, or as a simple log analyzer (such
as swatch). It can run as a network server listening on a syslog port or
analyze log files. It supports logfiles in the BSD syslog format and is
able to analyze any logfile by using the PCRE library. It can apply
logfile-specific analysis through plugins such as PAX. It can send an
alert to the Prelude Manager when a suspicious log entry is detected.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Needed CISSP/GIAC Certified Instructors in Bay Area/... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342422
2. Senior Analyst/Systems Rosslyn, Virginia (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342421
3. Ethical Hacker and Information Security Expert (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342420
4. Interests outside the USA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342419
5. Anyone know of more Canadian focused lists? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342418
6. Symantec Looking for Mgr, Educational Services - Wal... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342417
7. Seeking a position in Network Security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342416
8. Seeking Job oportunities in México (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342323
9. Manager of Customer Operations - India - Neoteris (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342314
10. Network Security Analyst, Mechanicsburg, PA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342303
11. Techncial Support Engineer - Silicon Valley - Neoter... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342301
12. New Articles @ SecurityFocus (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342300
13. Kirkland, WA - Software Implementation Project Manag... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342199
14. SecurityFocus.com Webmaster (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342198
15. Looking for an xForce Vulnerability Research Enginee... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342188
16. UK Internal IT Security Sales Executive (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342157
17. Exciting Opportunity for a Principal Information Ass... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342156
18. Security/ Infrastructure Support positions available... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342155
19. R1935 IDS Software Quality Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342154
20. Web Application/Application Security Engineer - SF B... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342089
21. Customer Support Manager-Security-Silicon Valley-Sun... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342088
22. Senior Network Security/Firewall Engineer (Permanent... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342076
23. Information Seurity Policy Analyst - Located in Wash... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342075
24. Information Security Analyst - Washington, D.C. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342074
25. QA Lead Engineer- Sunnyvale, CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342073
26. Sr Technical Account Director (Sales) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342072
27. Senior Regional Manager (Security Software Company) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342071
28. Zone Labs-Security Researcher-San Francisco (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342070
29. IT Security Engineer with 5 years experience - CISSP (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342048
30. Infrastructure Security Specialist - Wilmington DE ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342024
31. "SecurityGuys", a securityjobs-like brazilian distri... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342023
32. US-MD-Columbia-R1933 Secruity Research Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342022
33. Lead QA Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342021
34. NetScreen Technologies - Sr. Systems Engineer - Dall... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342020
35. WLAN Security Company seeks Sales Engineer in San Fr... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/342019
36. How about the recruiters? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341924
37. Information Security Recruitment Stars (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341919
38. Senior Linux Kernel Security Developer - Silicon Val... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341836
39. Seeking Employment: Ethical Hacker / Penetration Tes... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341834
40. Seniors, Ernst and Young's Security and Technology S... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341780
41. looking for security position in ri/eastern ma/weste... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341774
42. Security and/or IT audit: Los Angeles (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/341771
VI. INCIDENTS LIST SUMMARY
--------------------------
1. New Trojan (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/342415
2. [inbox] RE: Bogus DNS traffic (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/342389
3. Need help to find web server attacks signature (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/342285
4. OpenNIC "attack?" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/342284
5. [despammed] Bogus DNS traffic (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/342283
6. Bogus DNS traffic (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/342164
7. Odd MS-SQL scan. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/341779
8. Odd MS-Sql scans. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/341762
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. TCP on multicast (Solaris) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/342427
2. win32 heap overflow exploitation (Thread)
Relevant URL:
http://www.securityfocus.c
[ reply ]