Enter to win a free application-level software security inspection -- a
$20,000 value!
Reasoning will inspect up to 100,000 lines of your toughest C/C++ code,
pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power that application scanning
and dynamic testing tools can't match.
Enter to win a free software security inspection now:
I. FRONT AND CENTER
1. IIS 6.0 Security
2. HIPAA Security Rule
3. Is password-lending a cybercrime?
II. BUGTRAQ SUMMARY
1. Symantec Gateway Security Error Page Cross-Site Scripting Vu...
2. Calife Password Heap Overrun Vulnerability
3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera...
4. UUDeview MIME Archive Buffer Overrun Vulnerability
5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit...
6. Microsoft Internet Explorer Cross-Domain Event Leakage Vulne...
7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability
8. Apple Mac OS X Apple Filing Protocol Client Multiple Vulnera...
9. xboing Local Buffer Overflow Vulnerabilities
10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
12. Multiple WFTPD Vulnerabilities
13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi...
14. ArGoSoft FTP Server Multiple Vulnerabilities
15. IGeneric Free Shopping Cart SQL Injection Vulnerability
16. GNU Anubis Multiple Remote Buffer Overflow and Format String...
17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili...
18. YABB SE Multiple Input Validation Vulnerabilities
19. Volition Red Faction Game Client Remote Buffer Overflow Vuln...
20. Calife Local Memory Corruption Vulnerability
21. Software602 602Pro LAN Suite Web Mail Cross-Site Scripting V...
22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
23. Motorola T720 Phone Denial Of Service Vulnerability
24. Software602 602Pro LAN Suite Web Mail Directory Listing Disc...
25. Software602 602Pro LAN Suite Web Mail Installation Path Disc...
26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
27. ignitionServer Global IRC Operator Privilege Escalation Vuln...
28. Symantec Firewall/VPN Appliance Cached Plaintext Password Vu...
29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln...
30. Magic Winmail Server LDapLib.PHP Remote Installation Path Di...
31. Nortel Wireless LAN Access Point 2200 Series Denial Of Servi...
32. SonicWall Firewall/VPN Appliance Multiple ARP Request Handli...
33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil...
34. NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scriptin...
35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul...
36. Coreutils DIR Width Argument Integer Overflow Vulnerability
37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu...
38. SureCom Network Device Malformed Web Authorization Request D...
39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo...
40. SpiderSales Shopping Cart Multiple Vulnerabilities
41. BolinTech Dream FTP Server FTP Command Format String Vulnera...
42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne...
44. HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalat...
45. Multiple Vendor HTTP Response Splitting Vulnerability
46. SmarterTools SmarterMail Multiple Vulnerabilities
47. Cisco Content Service Switch Management Port UDP Denial Of S...
48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
III. SECURITYFOCUS NEWS ARTICLES
1. Feds: E-mail subpoena ruling hurts law enforcement
2. Pranksters bedevil TV weather announcment system
3. Alleged WebTV 911 hacker charged with cyberterrorism
4. Californian ISP sues Bob Vila site for spam
5. Firms Look to Limit Liability for Online Security Breaches
6. Virus writers in malicious code hide-and-seek
IV. SECURITYFOCUS TOP 6 TOOLS
1. Prismstumbler v0.7.0
2. The Backup Shell v1.7
3. Rule-based Intrusion Detection System 1.0 (Default) v1.0
4. The SSH library v0.1
5. OpenCA v0.9.2 RC3
6. MIMEDefang v2.40
V. SECURITYJOBS LIST SUMMARY
1. Security Engineer Silicon Valley CA (Thread)
2. Security Software Sales ? Detroit, MI (Thread)
3. Senior Security Engineer for Windows Silicon Valley... (Thread)
4. Security Software Sales - Boston, MA (Thread)
5. Security Software Sales? Cleveland, OH (Thread)
6. Business Development Mgr (Anti Virus) ? California (... (Thread)
7. Business Development Manager EMEA ? London, UK (Thread)
8. Sales Engineer (CISSP) ? New York, Boston, Detroit, ... (Thread)
9. Management /Securiity Engineer - Lead (Thread)
10. QA Manager - Networking/Security - Infoblox - Silico... (Thread)
11. looking for recruiters (Thread)
12. Symantec in Redwood City is hiring a Technical Produ... (Thread)
13. Director of Engineering (Networking) - Infoblox - Si... (Thread)
14. Identity Management - Web Services Architect (Thread)
15. Identity Management - Systems Integrator (Thread)
16. Identity Management - Capacity and Performance Engin... (Thread)
17. security jobs in nyc (Thread)
18. Boston - kernel Principal Software Engineer (Thread)
19. Network Management Solutions Sales - NYC (Thread)
20. application security engineer (Thread)
21. FW: Returned post for securityjobs (at) securityfocus (dot) com [email concealed] (Thread)
22. Thanks! Job seeker advice (Thread)
23. Sales Representative Need, AZ - Security Technologie... (Thread)
24. Job seeker advice (Thread)
25. Network Security Analyst-Network Appliance (Thread)
26. Information Systems Audit-Kansas City (Thread)
27. Technical Director vacancy (Thread)
28. Firewall Security Engineer-Network Appliance (Thread)
29. IT Auditor vacancy (Thread)
30. Sales Stud in the Northeast (Thread)
31. seeking summer internship in US (cleared) (Thread)
32. Senior Inbound Product Manager Need - Security Solut... (Thread)
33. Senior Technical Security Consultant, ID Management,... (Thread)
34. Pre-Sales Security Consultant, ID Management, M4 Cor... (Thread)
35. Security Pro seeking CSO or Director of Security Pos... (Thread)
36. Full time Mid level Firewall Consultant position in ... (Thread)
37. Secure Messaging Solution Sales ( NYC) (Thread)
38. Road warrior found - parses syslog for fun - NJ log ... (Thread)
39. QA Lab- Security - Bay Area (Thread)
40. Regional Sales Manager - Midtow - NYC (Thread)
41. VP of Engineering--F/T NJ (Thread)
42. NJ log guru-road warrior needed. (Thread)
43. Senior Software Engineers - Intrusec - Atlanta, GA (Thread)
44. Health Insurance Survey Results (Thread)
45. Direct Sales Exec - Montreal/Quebec (Thread)
VI. INCIDENTS LIST SUMMARY
1. strange SMTP DoS traffic from Korea (Thread)
2. Strange Windows behavior / Spamming customers (Thread)
3. port 544 sweeps (Thread)
4. Dead Thread: Releasing patches is bad for security (Thread)
5. Blaster Recurrence (Thread)
6. Releasing patches is bad for security (Thread)
7. A basic Question from a new bie!! (Thread)
8. Project Honeynet Scan of the Month #30: Analysis Cha... (Thread)
9. Nmap - 3.50 changes mstask.exe? (Thread)
10. know your enemy (was: Releasing patches is bad for ... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Looking For Vulnerability Researchers (Thread)
2. [SPAM] WbemScripting.SWbemLocator - createobject al... (Thread)
3. WbemScripting.SWbemLocator - createobject allows... ... (Thread)
4. add to my previous post (Thread)
5. Announcing The Black Hat Briefings call for papers (Thread)
6. VoIP Security (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Windows file move restriction (Thread)
2. DHCP through RAS (Thread)
3. Article Announcements (Thread)
4. SecurityFocus Microsoft Newsletter #178 (Thread)
5. Administrivia: Mass-mailing worms (Thread)
6. FPSE Admin Listner on IIS 6.0 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Administrivia X-Post: Farewell (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Administrivia X-Post: Farewell (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. IIS 6.0 Security
By Rohyt Belani and Michael Muckin
This article discusses the major default configuration and design changes
incorporated in IIS 6.0 to make it a more secure platform for hosting
critical web applications.
http://www.securityfocus.com/infocus/1765
2. HIPAA Security Rule
By Steven Weil
This article presents a detailed overview of the American HIPAA (Health
Insurance Portability and Accountability Act) Security Rule and key
factors you should consider when preparing to comply with the rule.
http://www.securityfocus.com/infocus/1764
3. Is password-lending a cybercrime?
By Mark Rasch
A judge's wrongheaded interpretation of the federal Computer Fraud and
Abuse Act illustrates the problems of allowing civil enforcement of a
criminal law.
http://www.securityfocus.com/columnists/222
II. BUGTRAQ SUMMARY
-------------------
1. Symantec Gateway Security Error Page Cross-Site Scripting Vu...
BugTraq ID: 9755
Remote: Yes
Date Published: Feb 26 2004
Relevant URL: http://www.securityfocus.com/bid/9755
Summary:
A vulnerability has been reported to exist in the Symantec Gateway
Security Web based management console that may allow a remote user to
launch cross-site scripting attacks.
The issue is reported to exist due to improper sanitizing of user-supplied
data. It has been reported that HTML and script code passed to the
Symantec Gateway Security Web based management console via a specially
crafted URI, may be incorporated into dynamic content of a server error
page.
Successful exploitation of this vulnerability may allow an attacker to
steal cookie-based authentication credentials. If an attacker manages to
steal a cookie for a valid session, the attacker may leverage the
vulnerability to gain management rights to the affected device.
2. Calife Password Heap Overrun Vulnerability
BugTraq ID: 9756
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9756
Summary:
Calife is reportedly prone to a locally exploitable heap overrun
vulnerability. This issue is due to insufficient bounds checking of
password input. If this issue was successfully exploited to execute
arbitrary code, it could potentially allow an unprivileged local user to
gain root access.
It has been reported that this issue may actually be indicative of a more
serious problem in the glibc implementation of the getpass() function.
This has not been confirmed. This BID will be updated as more information
is provided.
3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera...
BugTraq ID: 9757
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9757
Summary:
Sun has reported an unspecified vulnerability in the passwd utility on
Solaris that may permit local attackers to gain unauthorized root
privileges.
4. UUDeview MIME Archive Buffer Overrun Vulnerability
BugTraq ID: 9758
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9758
Summary:
A buffer overrun vulnerability has been reported in UUDeview. This issue
exists in the MIME parsing routines.
It is reported that this issue may be exploited via a malicious MIME
archive that specifies excessively long strings for various parameters.
This could be exploited to execute arbitrary code on a system in the
context of a user who opens a malicious MIME archive using the UUDeview
program.
It should be noted that UUDeview is shipped as a component of WinZip.
5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit...
BugTraq ID: 9759
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9759
Summary:
It has been reported that Sun Solaris may be prone to a vulnerability due
to an unspecified erroneous condition resulting from the 'conv_fix'
command invoked by conv_lpd(1M) script. This issue will reportedly permit
a local attacker to overwrite or create any file on the system.
Successful exploitation of this issue may allow a local attacker to gain
elevated privileges leading to full compromise of a vulnerable system.
The attacker may also cause a denial of service condition on the system.
6. Microsoft Internet Explorer Cross-Domain Event Leakage Vulne...
BugTraq ID: 9761
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9761
Summary:
Microsoft Internet Explorer is reported to be prone to an issue that may
leak sensitive information across foreign domains.
This issue could permit framesets in different domains to leak various
events, including keyboard events. This could effectively permit a
hostile web page to capture keystrokes from a foreign domain.
7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability
BugTraq ID: 9762
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9762
Summary:
A vulnerability was reported in FreeBSD that may permit a jailed process
with superuser privileges to gain unauthorized access to other jails.
This is due to an access validation issue in the jail_attach(2) system
call.
8. Apple Mac OS X Apple Filing Protocol Client Multiple Vulnera...
BugTraq ID: 9763
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9763
Summary:
Multiple issues have been identified in Apple Mac OS X Apple Filing
Protocol (AFP) client that may allow an attacker to carry out
man-in-the-middle attacks and steal confidential information.
The first issue arises due to the fact that the AFP client does not issue
a warning to a user if an SSH session cannot be established with a server.
The client is reported to proceed with an unencrypted session via other
means, while giving the impression that SSH tunneling is employed, leading
to a false sense of security.
The AFP client is also reported to be prone to a weakness that may allow
an attacker to carry out man-in-the-middle attacks. This issue presents
itself because the client does not differentiate between various encrypted
authentication mechanisms
Another weakness in the AFP client may also allow an attacker carry out
man-in-the-middle attacks. This issue exists because the client does not
verify a server's host key before a secure connection is established.
9. xboing Local Buffer Overflow Vulnerabilities
BugTraq ID: 9764
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9764
Summary:
xboing is prone to multiple buffer overflows that could be exploited to
allow a local user to elevate their privileges.
10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
BugTraq ID: 9765
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9765
Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewtopic.php" returns the value of the HTML variable
"postorder" to the client as its output without encoding it or otherwise
removing potentially hostile content. This can be exploited by
constructing malicious links with the malicious "postorder" variable value
embedded as a GET request style HTML variable. If the target user visits
such a link, the malicious, externally created content supplied in the
link will be rendered (or executed, in the case of script code) as part of
the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).
11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
BugTraq ID: 9766
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9766
Summary:
It has been reported that an input validation error with the potential for
use in a SQL injection attack is present in the "search.php" script.
Consequently, malicious users may corrupt the resulting SQL queries (there
are at least two) by specially crafting a value for the "st" variable.
The impact of this vulnerability depends on the underlying database. It
may be possible to corrupt/read sensitive data, execute
commands/procedures on the database server or possibly exploit
vulnerabilities in the database itself through this condition.
12. Multiple WFTPD Vulnerabilities
BugTraq ID: 9767
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9767
Summary:
Multiple vulnerabilities have been reported to affect versions 3.21 and
3.20 of WFTPD Server and WFTPD Pro Server, including potential denial of
service conditions and remote command execution.
The less serious of the vulnerabilities are the flaws which can be
exploited to cause a denial of service. According to the report, the
method by which WFTPD allocates additional memory is flawed in such a way
that it can be exploited to exhaust available memory in a manner efficient
to the attacker. Attackers may also take advantage of a buffer scan
operation to spike CPU usage.
The more serious vulnerability is a stack-based buffer overflow condition.
The condition is present in the implementation of FTP commands LIST, NLST,
and STAT. To exploit the vulnerability, the attacker must be
authenticated as a valid user unless the Secure option in the registry is
set to 0. There is a logical error (which may be due to the use of an
incorrect macro) in the check that is in place to prevent a buffer
overflow. This results the possibility to write a string of excessive
length to the local buffer, corrupting the process stack.
Note: Analysis is currently pending. This record will likely be retired
as new entries are created for each individual vulnerability.
13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi...
BugTraq ID: 9768
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9768
Summary:
Invision Power Board is prone to multiple cross-site scripting
vulnerabilities.
These issues are due to insufficient sanitization of input supplied via
the 'c', 'f', , 'showuser', and 'username' URI parameters. This input
will be included in dynamically generated pages, making it possible for an
attacker to create a malicious link to a vulnerable site that includes
hostile HTML and script code. This code may be rendered in the browser of
a victim user who visits the malicious link, potentially allowing for
theft of cookie-based credentials or other attacks.
These issues are reported to affect Invision Power Board 1.3 Final.
Earlier versions may also be affected.
14. ArGoSoft FTP Server Multiple Vulnerabilities
BugTraq ID: 9770
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9770
Summary:
ArGoSoft has released version 1.4.1.6 of their FTP Server to address
multiple unspecified security vulnerabilities. These issues include three
buffer overruns when handling overly long FTP SITE ZIP and SITE COPY
commands, a file enumeration issue involving the SITE UNZIP command and
user database corruption denial of service attacks via the SITE PASS
command.
15. IGeneric Free Shopping Cart SQL Injection Vulnerability
BugTraq ID: 9771
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9771
Summary:
It has been reported that iGeneric Free Shopping Cart is prone to an SQL
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied URI parameters
As a result of this issue a malicious user may influence database queries
in order to view or modify sensitive information, potentially compromising
the software or the database. It has been conjectured that an attacker may
be able to disclose user password hashes by exploiting this issue. This
issue may also be leveraged to exploit latent vulnerabilities within the
database itself.
16. GNU Anubis Multiple Remote Buffer Overflow and Format String...
BugTraq ID: 9772
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9772
Summary:
GNU Anubis has been reported prone to multiple buffer overflow and format
string vulnerabilities. It has been conjectured that a remote attacker
may potentially exploit these vulnerabilities to have arbitrary code
executed in the context of the Anubis software. The buffer overflow
vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The
format string vulnerabilities are reported to affect the 'info' function
in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error'
function in 'ssl.c'.
These vulnerabilities have been reported to exist in GNU Anubis versions
3.6.0, 3.6.1, 3.6.2, 3.9.92, and 3.9.93. It is possible that other
versions are affected as well.
These issues are undergiong further analysis, they will be divided into
separate BIDs as analysis is completed.
17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili...
BugTraq ID: 9773
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9773
Summary:
It has been reported that iGeneric Free Shopping Cart is prone to a
cross-site vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied URI parameters
Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible.
18. YABB SE Multiple Input Validation Vulnerabilities
BugTraq ID: 9774
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9774
Summary:
It has been reported that YaBB SE may be prone to multiple vulnerabilities
due to improper input validation. The issues may allow an attacker to
carry out SQL injection and directory traversal attacks. Successful
exploitation of these issues may allow an attacker to gain access to
sensitive information that may be used to mount further attacks against a
vulnerable system. The SQL injection vulnerabilities can be exploited to
gain access to user authentication credentials and corrupt user
information in the underlying database.
YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by
these issues, however it is possible that other versions are vulnerable as
well.
19. Volition Red Faction Game Client Remote Buffer Overflow Vuln...
BugTraq ID: 9775
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9775
Summary:
It has been reported that Red Faction game client may be prone to a remote
buffer overflow vulnerability that could allow remote attackers to execute
arbitrary code in a vulnerable system in order to gain unauthorized
access. It has been reported that this vulnerability can be reproduced by
sending a server name of 260 characters or more to a vulnerable client.
When the client reads in the string, sensitive regions of memory may be
corrupted with attacker-supplied values.
Red Faction versions 1.20 and prior are reported to be affected by this
issue.
20. Calife Local Memory Corruption Vulnerability
BugTraq ID: 9776
Remote: No
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9776
Summary:
Calife has been reported prone to a local memory corruption vulnerability.
The issue is likely due to a lack of sufficient sanity checks performed on
certain sequences of data that is read from the file "/etc/calife.auth".
Due to the nature of this vulnerability, it has been conjectured that a
local user who has write access to the "/etc/calife.auth" configuration
file may potentially leverage this issue to have arbitrary instructions
executed in the context of the root user.
21. Software602 602Pro LAN Suite Web Mail Cross-Site Scripting V...
BugTraq ID: 9777
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9777
Summary:
It has been reported that 602Pro LAN Suite Web Mail is prone to a
cross-site scripting vulnerability. This issue is due to a failure of the
application to properly sanitize user input supplied via the URI.
Attackers may exploit this vulnerability to steal authentication
credentials. Other attacks may also be possible.
22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
BugTraq ID: 9778
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9778
Summary:
It has been reported that Squid Proxy may be prone to an unauthorized
access vulnerability that may allow remote users to bypass access controls
resulting in unauthorized access to attacker-specified resources. The
vulnerability presents itself when a URI that is designed to access a
specific location with a supplied username, contains '%00' characters.
This sequence may be placed as part of the username value prior to the @
symbol in the malicious URI.
Squid Proxy versions 2.0 to 2.5 STABLE4 are reported to be prone to this
vulnerability.
23. Motorola T720 Phone Denial Of Service Vulnerability
BugTraq ID: 9779
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9779
Summary:
The Motorola T720 has been reported prone to a remote denial of service
vulnerability. The issue presents itself when the phone handles excessive
IP based traffic under certain circumstances.
An attacker may potentially exploit this issue to cause a target phone to
crash.
24. Software602 602Pro LAN Suite Web Mail Directory Listing Disc...
BugTraq ID: 9780
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9780
Summary:
It has been reported that 602Pro LAN SUITE is prone to a remote directory
listing vulnerability. This issue is due to a design error that causes
the application to fail to properly verify user requests.
This issue will allow an attacker to gain access to sensitive information
by disclosing directory listings that could lead to further attacks
against the target system.
25. Software602 602Pro LAN Suite Web Mail Installation Path Disc...
BugTraq ID: 9781
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9781
Summary:
It has been reported that 602Pro LAN SUITE is prone to a remote
installation path disclosure vulnerability. This issue is due to the
existence of a hidden parameter embedded within the 'login' form that
specifies the installation path.
Successful exploitation of this issue may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
BugTraq ID: 9782
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9782
Summary:
A remotely exploitable buffer overrun was reported in ProFTPD. This issue
is due to insufficient bounds checking of user-supplied data in the
_xlate_ascii_write() function, permitting an attacker to overwrite two
bytes memory adjacent to the affected buffer. This may potentially be
exploited to execute arbitrary code in the context of the server. This
issue may be triggered when submitting a RETR command to the server.
27. ignitionServer Global IRC Operator Privilege Escalation Vuln...
BugTraq ID: 9783
Remote: Yes
Date Published: Feb 29 2004
Relevant URL: http://www.securityfocus.com/bid/9783
Summary:
ignitionServer is prone to a vulnerability that may permit a local IRC
operator to escalate their privileges to that of a global IRC operator
through the use of an undocumented command.
28. Symantec Firewall/VPN Appliance Cached Plaintext Password Vu...
BugTraq ID: 9784
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9784
Summary:
It has been reported that Symantec Firewall/VPN Appliance is prone to an
issue where depending on browser settings; administration password
credentials may be stored in the browser\proxy cache in plaintext format.
Symantec Firewall/VPN Appliance Models 100, 200, 200R are reported to be
prone to this vulnerability.
29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln...
BugTraq ID: 9785
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9785
Summary:
It has been reported that Freespace 2 game client may be prone to a remote
buffer overflow vulnerability that could allow remote attackers to execute
arbitrary code in a vulnerable system in order to gain unauthorized
access. It has been reported that this vulnerability can be reproduced by
sending a server name of 180 characters or more to a vulnerable client.
When the client reads in the string, sensitive regions of memory may be
corrupted with attacker-supplied values.
Freespace 2 versions 1.20 and prior are reported to be affected by this
issue.
30. Magic Winmail Server LDapLib.PHP Remote Installation Path Di...
BugTraq ID: 9786
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9786
Summary:
It has been reported that Magic Winmail Server is prone to a remote
installation path disclosure vulnerability. This issue is due to a
failure of the application to properly filter user input.
Successful exploitation of this issue may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
31. Nortel Wireless LAN Access Point 2200 Series Denial Of Servi...
BugTraq ID: 9787
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9787
Summary:
Nortel Wireless LAN Access Point 2200 series appliances have been reported
to be prone to a remote denial of service vulnerability. The issue is
reported to present itself when a large network request is handled by one
of the Wireless LAN Access Point default administration services. This
will reportedly cause the Access Point Appliance Operating service to
crash, effectively denying service to legitimate users.
32. SonicWall Firewall/VPN Appliance Multiple ARP Request Handli...
BugTraq ID: 9789
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9789
Summary:
Several problems in the handling of ARP requests have been identified in
SonicWall VPN and Firewall devices. Because of this, an attacker may be
able to gain access to sensitive information about networks behind
SonicWall devices. Denial of service attacks through affected devices are
also possible.
33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil...
BugTraq ID: 9790
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9790
Summary:
Hot Open Tickets is prone to an unspecified privilege escalation
vulnerability. This issue may allow a registered user to leverage a
vulnerability to escalate their privilege to administrator levels.
34. NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scriptin...
BugTraq ID: 9791
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9791
Summary:
It has been reported that NetScreen SA 5000 Series may be prone to a
cross-site scripting vulnerability that may allow an attacker to execute
arbitrary HTML or script code in the browser of a vulnerable user. The
issue presents itself due to insufficient sanitization of user-supplied
data via the 'row' parameter of the 'delhomepage.cgi' CGI binary.
The vulnerability has been discovered in an appliance called
A5030-Clustered pair running IVE firmware version 3.3 Patch 1 build 4797.
35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul...
BugTraq ID: 9792
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9792
Summary:
A problem in the handling of out-of-sequence packets has been identified
in FreeBSD. Because of this, it may be possible for remote attackers to
deny service to legitimate users of vulnerable systems.
36. Coreutils DIR Width Argument Integer Overflow Vulnerability
BugTraq ID: 9793
Remote: Unknown
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9793
Summary:
Coreutils 'dir' has been reported prone to an integer overflow
vulnerability. The issue reportedly presents itself when handling large
integer value '-w' (width) command line arguments passed to the vulnerable
application.
Due to the nature of this issue it may possibly be leveraged to deny
service to applications that use the 'dir' utility. It has been
conjectured that when invoked by an application with a malicious integer
value passed via the '-w' argument, the affected application may hang
while waiting for the utility to return output.
37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu...
BugTraq ID: 9794
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9794
Summary:
1st Class Mail Server has been reported prone to a remote buffer overflow
vulnerability. The issue exists due to a lack of sufficient boundary
checks performed on user-supplied data.
A remote attacker may pass excessive data as an argument for an APOP
command passed to the affected server. The attacker may exploit this issue
to corrupt a saved instruction pointer and in doing so may potentially
influence execution flow of the affected service into attacker-supplied
instructions.
38. SureCom Network Device Malformed Web Authorization Request D...
BugTraq ID: 9795
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9795
Summary:
An issue in the handling of specific web requests by SureCom network
devices has been identified. By placing a malformed request to the web
configuration interface, it is possible for an attacker to deny service to
legitimate users of a vulnerable device.
39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo...
BugTraq ID: 9797
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9797
Summary:
An integer overflow vulnerability has been reported in qmail-qmtpd. This
issue exists in code that processes values supplied to qmail-qmtpd in
RELAYCLIENT data. Though unconfirmed, this issue may be exploitable to
execute arbitrary code with elevated privileges.
It should be noted that this issue does not exist in the default
configuration and is only exposed if mail relaying is enabled by setting
the RELAYCLIENT environment variable.
40. SpiderSales Shopping Cart Multiple Vulnerabilities
BugTraq ID: 9799
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9799
Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to obtain the private cryptographic key and gain access
to sensitive information. The application is also reported prone to an
SQL injection vulnerability that may allow an attacker to gain
administrative level access to the underlying database.
The issues exist due to improper implementation of the RSA cryptosystem by
SpiderSales and failure to sanitize user-supplied input via the 'userId'
URI parameter employed by various scripts.
SpiderSales version 2.0 is assumed to be vulnerable to these issues,
however, other versions could be affected as well.
41. BolinTech Dream FTP Server FTP Command Format String Vulnera...
BugTraq ID: 9800
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9800
Summary:
Dream FTP Server has been reported to be prone to a remote format string
vulnerability when processing a malicious request from a client.
Although it has been demonstrated that this could crash the server, the
vulnerability could also theoretically allow for execution of arbitrary
code on the system hosting the server. This would occur in the security
context of the server process.
42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
BugTraq ID: 9801
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9801
Summary:
It has been reported that a number of undisclosed SandSurfer scripts are
prone to cross-site scripting vulnerabilities.
This could permit a remote attacker to create a malicious link to the
vulnerable application that includes hostile HTML and script code. If this
link were followed, the hostile code may be rendered in the web browser of
the victim user.
43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne...
BugTraq ID: 9802
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9802
Summary:
Acrobat Reader has been reported to be prone to a buffer overflow
vulnerability. According to the report, the overflow occurs when a user
views a malicious XFDF document.
Due to the nature of this vulnerability an attacker may potentially
leverage the issue to corrupt values that crucial to controlling program
execution flow, if this is the case it is conjectured that this issue may
be exploitable to execute arbitrary instructions in the context of the
affected software.
44. HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalat...
BugTraq ID: 9803
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9803
Summary:
HP has reported an unspecified vulnerability in HP Tru64 UNIX. This issue
is reported to exist in systems using IPsec and Internet Key Exchange
(IKE) with certificates. Successful exploitation of this issue may allow
an attacker to remotely compromise a vulnerable system.
Although unconfirmed, this issue may be related to Multiple Vendor IKE
Implementation Certificate Authenticity Verification Vulnerability (BID
9208). This BID will be updated as more information becomes available.
HP Tru64 UNIX 5.1B PK2(BL22), 5.1B PK3(BL24), and 5.1A PK6(BL24) are
reported to be vulnerable to this issue.
45. Multiple Vendor HTTP Response Splitting Vulnerability
BugTraq ID: 9804
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9804
Summary:
A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Related Topics) was released to describe various attacks that
target web users through web application, browser, web/application server
and proxy implementations. These attacks are described under the general
category of HTTP Response Splitting and involve abusing various input
validation flaws in these implementations to split HTTP responses into
multiple parts in such a way that response data may be misrepresented to
client users.
Exploitation would occur by injecting variations of CR/LF sequences into
parts of HTTP response headers that the attacker may control or influence.
The general consequences of exploitation are that an attacker may
misrepresent web content to the client, potentially enticing the user to
trust the content and take actions based on this false trust.
While the various implementations listed in the paper contribute to these
attacks, this issue will most likely be exposed through web applications
that do not properly account for CR/LF sequences when accepting
user-supplied input that may be returned in server responses.
This vulnerability could also aid in exploitation of cross-site scripting
vulnerabilities.
46. SmarterTools SmarterMail Multiple Vulnerabilities
BugTraq ID: 9805
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9805
Summary:
Multiple vulnerabilities have been identified in the software that may
allow an attacker to carry out directory traversal, cross-site scripting,
and denial of service attacks.
SmarterMail version 3.1 has been reported to be prone to these issues,
however, it is possible that other versions are affected as well.
47. Cisco Content Service Switch Management Port UDP Denial Of S...
BugTraq ID: 9806
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9806
Summary:
A problem in the handling of some types of malformed UDP network traffic
to the Cisco Content Service Switch management port has been identified.
Because of this, it may be possible for an attacker to deny service to
legitimate users of vulnerable systems.
48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
BugTraq ID: 9807
Remote: No
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9807
Summary:
It has been reported that DAWKCo POP3 Server Hosting Version with WebMAIL
Extension does not properly handle timed out sessions. Because of this, it
may be possible for a user regain access to a previous session.
This could potentially expose sessions, especially in situations where
other vulnerabilities facilitate session hijacking.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Feds: E-mail subpoena ruling hurts law enforcement
By: Kevin Poulsen
An appeals court refuses to reconsider a ruling that an overbroad subpoena
for stored e-mail can qualify as a computer intrusion, despite a plea from
the Justice Department to rethink the decision.
http://www.securityfocus.com/news/8199
2. Pranksters bedevil TV weather announcment system
By: Kevin Poulsen
Hacked newscast warns viewers: "All your base are belong to us."
http://www.securityfocus.com/news/8191
3. Alleged WebTV 911 hacker charged with cyberterrorism
By: Kevin Poulsen
Louisiana man is charged with endangering public safety for sending out a
malicious script that made set-top boxes call the police.
http://www.securityfocus.com/news/8136
4. Californian ISP sues Bob Vila site for spam
By: John Leyden, The Register
http://www.securityfocus.com/news/8198
5. Firms Look to Limit Liability for Online Security Breaches
By: Jonathan Krim, Washington Technology
http://www.securityfocus.com/news/8197
6. Virus writers in malicious code hide-and-seek
By: John Leyden, The Register
http://www.securityfocus.com/news/8196
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Prismstumbler v0.7.0
By: Florian Boor
Relevant URL: http://prismstumbler.sourceforge.net/
Platforms: Linux, POSIX
Summary:
Prismstumbler is software which finds 802.11 (W-LAN) networks. It comes
with an easy to use GTK2 frontend and is small enough to fit on a small
portable system. It is designed to be a flexible tool to find as much
information about wireless LAN installations as possible. Because of its
client-server architecture the scanner engine may be used for different
frontends.
2. The Backup Shell v1.7
By: The Anarcat
Relevant URL: http://anarcat.ath.cx/software/bksh.en.html
Platforms: FreeBSD, POSIX
Summary:
bksh is a simple program designed to be used as a shell by SSH. All it
does it to copy its input to a given backup file. Its goal is to allow
administrators to create backup-only accounts.
3. Rule-based Intrusion Detection System 1.0 (Default) v1.0
By: Pankaj Kumar Madhukar
Relevant URL: http://students.iiit.net/~pankaj_n/rids/index.html
Platforms: Linux
Summary:
RIDS is a machine learning rule-based intrusion detection system for
Linux.
The SSH library is a C library to authenticate in a simple manner to one
or more SSH servers. The goal of this project is to provide a library much
simpler to use than OpenSSH's one. A sample SSH client is provided.
The OpenCA Project is a collaborative effort to develop a robust,
full-featured and Open Source out-of-the-box Certification Authority
implementing the most used protocols with full-strength cryptography
world-wide. OpenCA is based on many Open-Source Projects. Among the
supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
6. MIMEDefang v2.40
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect Windows
clients from viruses. It can alter or delete various parts of a MIME
message according to a very flexible configuration file. It can also
bounce messages with unnaceptable attachments. MIMEDefang works with
Sendmail 8.11's new "Milter" API, which gives it much more flexibility
than procmail-based approaches.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Security Engineer Silicon Valley CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356554
2. Security Software Sales ? Detroit, MI (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356553
3. Senior Security Engineer for Windows Silicon Valley... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356552
4. Security Software Sales - Boston, MA (Thread)
Relevant URL:
6. FPSE Admin Listner on IIS 6.0 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355789
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. Administrivia X-Post: Farewell (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/356582
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Administrivia X-Post: Farewell (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/356494
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Reasoning Inc.
Enter to win a free application-level software security inspection. A
$20,000 value!
Reasoning will inspect up to 100,000 lines of your toughest C/C++ code.
Pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power application scanning and
dynamic testing tools can't match.
Enter to win a free software security inspection now:
SecurityFocus Newsletter #139
------------------------------
This issue is sponsored by: Reasoning Inc.
Enter to win a free application-level software security inspection -- a
$20,000 value!
Reasoning will inspect up to 100,000 lines of your toughest C/C++ code,
pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power that application scanning
and dynamic testing tools can't match.
Enter to win a free software security inspection now:
http://sic-em.steelbrick.com/REA2302/securityfocus-corporate.jsp
------------------------------------------------------------------------
I. FRONT AND CENTER
1. IIS 6.0 Security
2. HIPAA Security Rule
3. Is password-lending a cybercrime?
II. BUGTRAQ SUMMARY
1. Symantec Gateway Security Error Page Cross-Site Scripting Vu...
2. Calife Password Heap Overrun Vulnerability
3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera...
4. UUDeview MIME Archive Buffer Overrun Vulnerability
5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit...
6. Microsoft Internet Explorer Cross-Domain Event Leakage Vulne...
7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability
8. Apple Mac OS X Apple Filing Protocol Client Multiple Vulnera...
9. xboing Local Buffer Overflow Vulnerabilities
10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
12. Multiple WFTPD Vulnerabilities
13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi...
14. ArGoSoft FTP Server Multiple Vulnerabilities
15. IGeneric Free Shopping Cart SQL Injection Vulnerability
16. GNU Anubis Multiple Remote Buffer Overflow and Format String...
17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili...
18. YABB SE Multiple Input Validation Vulnerabilities
19. Volition Red Faction Game Client Remote Buffer Overflow Vuln...
20. Calife Local Memory Corruption Vulnerability
21. Software602 602Pro LAN Suite Web Mail Cross-Site Scripting V...
22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
23. Motorola T720 Phone Denial Of Service Vulnerability
24. Software602 602Pro LAN Suite Web Mail Directory Listing Disc...
25. Software602 602Pro LAN Suite Web Mail Installation Path Disc...
26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
27. ignitionServer Global IRC Operator Privilege Escalation Vuln...
28. Symantec Firewall/VPN Appliance Cached Plaintext Password Vu...
29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln...
30. Magic Winmail Server LDapLib.PHP Remote Installation Path Di...
31. Nortel Wireless LAN Access Point 2200 Series Denial Of Servi...
32. SonicWall Firewall/VPN Appliance Multiple ARP Request Handli...
33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil...
34. NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scriptin...
35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul...
36. Coreutils DIR Width Argument Integer Overflow Vulnerability
37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu...
38. SureCom Network Device Malformed Web Authorization Request D...
39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo...
40. SpiderSales Shopping Cart Multiple Vulnerabilities
41. BolinTech Dream FTP Server FTP Command Format String Vulnera...
42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne...
44. HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalat...
45. Multiple Vendor HTTP Response Splitting Vulnerability
46. SmarterTools SmarterMail Multiple Vulnerabilities
47. Cisco Content Service Switch Management Port UDP Denial Of S...
48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
III. SECURITYFOCUS NEWS ARTICLES
1. Feds: E-mail subpoena ruling hurts law enforcement
2. Pranksters bedevil TV weather announcment system
3. Alleged WebTV 911 hacker charged with cyberterrorism
4. Californian ISP sues Bob Vila site for spam
5. Firms Look to Limit Liability for Online Security Breaches
6. Virus writers in malicious code hide-and-seek
IV. SECURITYFOCUS TOP 6 TOOLS
1. Prismstumbler v0.7.0
2. The Backup Shell v1.7
3. Rule-based Intrusion Detection System 1.0 (Default) v1.0
4. The SSH library v0.1
5. OpenCA v0.9.2 RC3
6. MIMEDefang v2.40
V. SECURITYJOBS LIST SUMMARY
1. Security Engineer Silicon Valley CA (Thread)
2. Security Software Sales ? Detroit, MI (Thread)
3. Senior Security Engineer for Windows Silicon Valley... (Thread)
4. Security Software Sales - Boston, MA (Thread)
5. Security Software Sales? Cleveland, OH (Thread)
6. Business Development Mgr (Anti Virus) ? California (... (Thread)
7. Business Development Manager EMEA ? London, UK (Thread)
8. Sales Engineer (CISSP) ? New York, Boston, Detroit, ... (Thread)
9. Management /Securiity Engineer - Lead (Thread)
10. QA Manager - Networking/Security - Infoblox - Silico... (Thread)
11. looking for recruiters (Thread)
12. Symantec in Redwood City is hiring a Technical Produ... (Thread)
13. Director of Engineering (Networking) - Infoblox - Si... (Thread)
14. Identity Management - Web Services Architect (Thread)
15. Identity Management - Systems Integrator (Thread)
16. Identity Management - Capacity and Performance Engin... (Thread)
17. security jobs in nyc (Thread)
18. Boston - kernel Principal Software Engineer (Thread)
19. Network Management Solutions Sales - NYC (Thread)
20. application security engineer (Thread)
21. FW: Returned post for securityjobs (at) securityfocus (dot) com [email concealed] (Thread)
22. Thanks! Job seeker advice (Thread)
23. Sales Representative Need, AZ - Security Technologie... (Thread)
24. Job seeker advice (Thread)
25. Network Security Analyst-Network Appliance (Thread)
26. Information Systems Audit-Kansas City (Thread)
27. Technical Director vacancy (Thread)
28. Firewall Security Engineer-Network Appliance (Thread)
29. IT Auditor vacancy (Thread)
30. Sales Stud in the Northeast (Thread)
31. seeking summer internship in US (cleared) (Thread)
32. Senior Inbound Product Manager Need - Security Solut... (Thread)
33. Senior Technical Security Consultant, ID Management,... (Thread)
34. Pre-Sales Security Consultant, ID Management, M4 Cor... (Thread)
35. Security Pro seeking CSO or Director of Security Pos... (Thread)
36. Full time Mid level Firewall Consultant position in ... (Thread)
37. Secure Messaging Solution Sales ( NYC) (Thread)
38. Road warrior found - parses syslog for fun - NJ log ... (Thread)
39. QA Lab- Security - Bay Area (Thread)
40. Regional Sales Manager - Midtow - NYC (Thread)
41. VP of Engineering--F/T NJ (Thread)
42. NJ log guru-road warrior needed. (Thread)
43. Senior Software Engineers - Intrusec - Atlanta, GA (Thread)
44. Health Insurance Survey Results (Thread)
45. Direct Sales Exec - Montreal/Quebec (Thread)
VI. INCIDENTS LIST SUMMARY
1. strange SMTP DoS traffic from Korea (Thread)
2. Strange Windows behavior / Spamming customers (Thread)
3. port 544 sweeps (Thread)
4. Dead Thread: Releasing patches is bad for security (Thread)
5. Blaster Recurrence (Thread)
6. Releasing patches is bad for security (Thread)
7. A basic Question from a new bie!! (Thread)
8. Project Honeynet Scan of the Month #30: Analysis Cha... (Thread)
9. Nmap - 3.50 changes mstask.exe? (Thread)
10. know your enemy (was: Releasing patches is bad for ... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Looking For Vulnerability Researchers (Thread)
2. [SPAM] WbemScripting.SWbemLocator - createobject al... (Thread)
3. WbemScripting.SWbemLocator - createobject allows... ... (Thread)
4. add to my previous post (Thread)
5. Announcing The Black Hat Briefings call for papers (Thread)
6. VoIP Security (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Windows file move restriction (Thread)
2. DHCP through RAS (Thread)
3. Article Announcements (Thread)
4. SecurityFocus Microsoft Newsletter #178 (Thread)
5. Administrivia: Mass-mailing worms (Thread)
6. FPSE Admin Listner on IIS 6.0 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Administrivia X-Post: Farewell (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Administrivia X-Post: Farewell (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. IIS 6.0 Security
By Rohyt Belani and Michael Muckin
This article discusses the major default configuration and design changes
incorporated in IIS 6.0 to make it a more secure platform for hosting
critical web applications.
http://www.securityfocus.com/infocus/1765
2. HIPAA Security Rule
By Steven Weil
This article presents a detailed overview of the American HIPAA (Health
Insurance Portability and Accountability Act) Security Rule and key
factors you should consider when preparing to comply with the rule.
http://www.securityfocus.com/infocus/1764
3. Is password-lending a cybercrime?
By Mark Rasch
A judge's wrongheaded interpretation of the federal Computer Fraud and
Abuse Act illustrates the problems of allowing civil enforcement of a
criminal law.
http://www.securityfocus.com/columnists/222
II. BUGTRAQ SUMMARY
-------------------
1. Symantec Gateway Security Error Page Cross-Site Scripting Vu...
BugTraq ID: 9755
Remote: Yes
Date Published: Feb 26 2004
Relevant URL: http://www.securityfocus.com/bid/9755
Summary:
A vulnerability has been reported to exist in the Symantec Gateway
Security Web based management console that may allow a remote user to
launch cross-site scripting attacks.
The issue is reported to exist due to improper sanitizing of user-supplied
data. It has been reported that HTML and script code passed to the
Symantec Gateway Security Web based management console via a specially
crafted URI, may be incorporated into dynamic content of a server error
page.
Successful exploitation of this vulnerability may allow an attacker to
steal cookie-based authentication credentials. If an attacker manages to
steal a cookie for a valid session, the attacker may leverage the
vulnerability to gain management rights to the affected device.
2. Calife Password Heap Overrun Vulnerability
BugTraq ID: 9756
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9756
Summary:
Calife is reportedly prone to a locally exploitable heap overrun
vulnerability. This issue is due to insufficient bounds checking of
password input. If this issue was successfully exploited to execute
arbitrary code, it could potentially allow an unprivileged local user to
gain root access.
It has been reported that this issue may actually be indicative of a more
serious problem in the glibc implementation of the getpass() function.
This has not been confirmed. This BID will be updated as more information
is provided.
3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera...
BugTraq ID: 9757
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9757
Summary:
Sun has reported an unspecified vulnerability in the passwd utility on
Solaris that may permit local attackers to gain unauthorized root
privileges.
4. UUDeview MIME Archive Buffer Overrun Vulnerability
BugTraq ID: 9758
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9758
Summary:
A buffer overrun vulnerability has been reported in UUDeview. This issue
exists in the MIME parsing routines.
It is reported that this issue may be exploited via a malicious MIME
archive that specifies excessively long strings for various parameters.
This could be exploited to execute arbitrary code on a system in the
context of a user who opens a malicious MIME archive using the UUDeview
program.
It should be noted that UUDeview is shipped as a component of WinZip.
5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit...
BugTraq ID: 9759
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9759
Summary:
It has been reported that Sun Solaris may be prone to a vulnerability due
to an unspecified erroneous condition resulting from the 'conv_fix'
command invoked by conv_lpd(1M) script. This issue will reportedly permit
a local attacker to overwrite or create any file on the system.
Successful exploitation of this issue may allow a local attacker to gain
elevated privileges leading to full compromise of a vulnerable system.
The attacker may also cause a denial of service condition on the system.
6. Microsoft Internet Explorer Cross-Domain Event Leakage Vulne...
BugTraq ID: 9761
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9761
Summary:
Microsoft Internet Explorer is reported to be prone to an issue that may
leak sensitive information across foreign domains.
This issue could permit framesets in different domains to leak various
events, including keyboard events. This could effectively permit a
hostile web page to capture keystrokes from a foreign domain.
7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability
BugTraq ID: 9762
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9762
Summary:
A vulnerability was reported in FreeBSD that may permit a jailed process
with superuser privileges to gain unauthorized access to other jails.
This is due to an access validation issue in the jail_attach(2) system
call.
8. Apple Mac OS X Apple Filing Protocol Client Multiple Vulnera...
BugTraq ID: 9763
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9763
Summary:
Multiple issues have been identified in Apple Mac OS X Apple Filing
Protocol (AFP) client that may allow an attacker to carry out
man-in-the-middle attacks and steal confidential information.
The first issue arises due to the fact that the AFP client does not issue
a warning to a user if an SSH session cannot be established with a server.
The client is reported to proceed with an unencrypted session via other
means, while giving the impression that SSH tunneling is employed, leading
to a false sense of security.
The AFP client is also reported to be prone to a weakness that may allow
an attacker to carry out man-in-the-middle attacks. This issue presents
itself because the client does not differentiate between various encrypted
authentication mechanisms
Another weakness in the AFP client may also allow an attacker carry out
man-in-the-middle attacks. This issue exists because the client does not
verify a server's host key before a secure connection is established.
9. xboing Local Buffer Overflow Vulnerabilities
BugTraq ID: 9764
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9764
Summary:
xboing is prone to multiple buffer overflows that could be exploited to
allow a local user to elevate their privileges.
10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
BugTraq ID: 9765
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9765
Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewtopic.php" returns the value of the HTML variable
"postorder" to the client as its output without encoding it or otherwise
removing potentially hostile content. This can be exploited by
constructing malicious links with the malicious "postorder" variable value
embedded as a GET request style HTML variable. If the target user visits
such a link, the malicious, externally created content supplied in the
link will be rendered (or executed, in the case of script code) as part of
the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).
11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
BugTraq ID: 9766
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9766
Summary:
It has been reported that an input validation error with the potential for
use in a SQL injection attack is present in the "search.php" script.
Consequently, malicious users may corrupt the resulting SQL queries (there
are at least two) by specially crafting a value for the "st" variable.
The impact of this vulnerability depends on the underlying database. It
may be possible to corrupt/read sensitive data, execute
commands/procedures on the database server or possibly exploit
vulnerabilities in the database itself through this condition.
12. Multiple WFTPD Vulnerabilities
BugTraq ID: 9767
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9767
Summary:
Multiple vulnerabilities have been reported to affect versions 3.21 and
3.20 of WFTPD Server and WFTPD Pro Server, including potential denial of
service conditions and remote command execution.
The less serious of the vulnerabilities are the flaws which can be
exploited to cause a denial of service. According to the report, the
method by which WFTPD allocates additional memory is flawed in such a way
that it can be exploited to exhaust available memory in a manner efficient
to the attacker. Attackers may also take advantage of a buffer scan
operation to spike CPU usage.
The more serious vulnerability is a stack-based buffer overflow condition.
The condition is present in the implementation of FTP commands LIST, NLST,
and STAT. To exploit the vulnerability, the attacker must be
authenticated as a valid user unless the Secure option in the registry is
set to 0. There is a logical error (which may be due to the use of an
incorrect macro) in the check that is in place to prevent a buffer
overflow. This results the possibility to write a string of excessive
length to the local buffer, corrupting the process stack.
Note: Analysis is currently pending. This record will likely be retired
as new entries are created for each individual vulnerability.
13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi...
BugTraq ID: 9768
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9768
Summary:
Invision Power Board is prone to multiple cross-site scripting
vulnerabilities.
These issues are due to insufficient sanitization of input supplied via
the 'c', 'f', , 'showuser', and 'username' URI parameters. This input
will be included in dynamically generated pages, making it possible for an
attacker to create a malicious link to a vulnerable site that includes
hostile HTML and script code. This code may be rendered in the browser of
a victim user who visits the malicious link, potentially allowing for
theft of cookie-based credentials or other attacks.
These issues are reported to affect Invision Power Board 1.3 Final.
Earlier versions may also be affected.
14. ArGoSoft FTP Server Multiple Vulnerabilities
BugTraq ID: 9770
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9770
Summary:
ArGoSoft has released version 1.4.1.6 of their FTP Server to address
multiple unspecified security vulnerabilities. These issues include three
buffer overruns when handling overly long FTP SITE ZIP and SITE COPY
commands, a file enumeration issue involving the SITE UNZIP command and
user database corruption denial of service attacks via the SITE PASS
command.
15. IGeneric Free Shopping Cart SQL Injection Vulnerability
BugTraq ID: 9771
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9771
Summary:
It has been reported that iGeneric Free Shopping Cart is prone to an SQL
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied URI parameters
As a result of this issue a malicious user may influence database queries
in order to view or modify sensitive information, potentially compromising
the software or the database. It has been conjectured that an attacker may
be able to disclose user password hashes by exploiting this issue. This
issue may also be leveraged to exploit latent vulnerabilities within the
database itself.
16. GNU Anubis Multiple Remote Buffer Overflow and Format String...
BugTraq ID: 9772
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9772
Summary:
GNU Anubis has been reported prone to multiple buffer overflow and format
string vulnerabilities. It has been conjectured that a remote attacker
may potentially exploit these vulnerabilities to have arbitrary code
executed in the context of the Anubis software. The buffer overflow
vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The
format string vulnerabilities are reported to affect the 'info' function
in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error'
function in 'ssl.c'.
These vulnerabilities have been reported to exist in GNU Anubis versions
3.6.0, 3.6.1, 3.6.2, 3.9.92, and 3.9.93. It is possible that other
versions are affected as well.
These issues are undergiong further analysis, they will be divided into
separate BIDs as analysis is completed.
17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili...
BugTraq ID: 9773
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9773
Summary:
It has been reported that iGeneric Free Shopping Cart is prone to a
cross-site vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied URI parameters
Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible.
18. YABB SE Multiple Input Validation Vulnerabilities
BugTraq ID: 9774
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9774
Summary:
It has been reported that YaBB SE may be prone to multiple vulnerabilities
due to improper input validation. The issues may allow an attacker to
carry out SQL injection and directory traversal attacks. Successful
exploitation of these issues may allow an attacker to gain access to
sensitive information that may be used to mount further attacks against a
vulnerable system. The SQL injection vulnerabilities can be exploited to
gain access to user authentication credentials and corrupt user
information in the underlying database.
YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by
these issues, however it is possible that other versions are vulnerable as
well.
19. Volition Red Faction Game Client Remote Buffer Overflow Vuln...
BugTraq ID: 9775
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9775
Summary:
It has been reported that Red Faction game client may be prone to a remote
buffer overflow vulnerability that could allow remote attackers to execute
arbitrary code in a vulnerable system in order to gain unauthorized
access. It has been reported that this vulnerability can be reproduced by
sending a server name of 260 characters or more to a vulnerable client.
When the client reads in the string, sensitive regions of memory may be
corrupted with attacker-supplied values.
Red Faction versions 1.20 and prior are reported to be affected by this
issue.
20. Calife Local Memory Corruption Vulnerability
BugTraq ID: 9776
Remote: No
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9776
Summary:
Calife has been reported prone to a local memory corruption vulnerability.
The issue is likely due to a lack of sufficient sanity checks performed on
certain sequences of data that is read from the file "/etc/calife.auth".
Due to the nature of this vulnerability, it has been conjectured that a
local user who has write access to the "/etc/calife.auth" configuration
file may potentially leverage this issue to have arbitrary instructions
executed in the context of the root user.
21. Software602 602Pro LAN Suite Web Mail Cross-Site Scripting V...
BugTraq ID: 9777
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9777
Summary:
It has been reported that 602Pro LAN Suite Web Mail is prone to a
cross-site scripting vulnerability. This issue is due to a failure of the
application to properly sanitize user input supplied via the URI.
Attackers may exploit this vulnerability to steal authentication
credentials. Other attacks may also be possible.
22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
BugTraq ID: 9778
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9778
Summary:
It has been reported that Squid Proxy may be prone to an unauthorized
access vulnerability that may allow remote users to bypass access controls
resulting in unauthorized access to attacker-specified resources. The
vulnerability presents itself when a URI that is designed to access a
specific location with a supplied username, contains '%00' characters.
This sequence may be placed as part of the username value prior to the @
symbol in the malicious URI.
Squid Proxy versions 2.0 to 2.5 STABLE4 are reported to be prone to this
vulnerability.
23. Motorola T720 Phone Denial Of Service Vulnerability
BugTraq ID: 9779
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9779
Summary:
The Motorola T720 has been reported prone to a remote denial of service
vulnerability. The issue presents itself when the phone handles excessive
IP based traffic under certain circumstances.
An attacker may potentially exploit this issue to cause a target phone to
crash.
24. Software602 602Pro LAN Suite Web Mail Directory Listing Disc...
BugTraq ID: 9780
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9780
Summary:
It has been reported that 602Pro LAN SUITE is prone to a remote directory
listing vulnerability. This issue is due to a design error that causes
the application to fail to properly verify user requests.
This issue will allow an attacker to gain access to sensitive information
by disclosing directory listings that could lead to further attacks
against the target system.
25. Software602 602Pro LAN Suite Web Mail Installation Path Disc...
BugTraq ID: 9781
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9781
Summary:
It has been reported that 602Pro LAN SUITE is prone to a remote
installation path disclosure vulnerability. This issue is due to the
existence of a hidden parameter embedded within the 'login' form that
specifies the installation path.
Successful exploitation of this issue may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
BugTraq ID: 9782
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9782
Summary:
A remotely exploitable buffer overrun was reported in ProFTPD. This issue
is due to insufficient bounds checking of user-supplied data in the
_xlate_ascii_write() function, permitting an attacker to overwrite two
bytes memory adjacent to the affected buffer. This may potentially be
exploited to execute arbitrary code in the context of the server. This
issue may be triggered when submitting a RETR command to the server.
27. ignitionServer Global IRC Operator Privilege Escalation Vuln...
BugTraq ID: 9783
Remote: Yes
Date Published: Feb 29 2004
Relevant URL: http://www.securityfocus.com/bid/9783
Summary:
ignitionServer is prone to a vulnerability that may permit a local IRC
operator to escalate their privileges to that of a global IRC operator
through the use of an undocumented command.
28. Symantec Firewall/VPN Appliance Cached Plaintext Password Vu...
BugTraq ID: 9784
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9784
Summary:
It has been reported that Symantec Firewall/VPN Appliance is prone to an
issue where depending on browser settings; administration password
credentials may be stored in the browser\proxy cache in plaintext format.
Symantec Firewall/VPN Appliance Models 100, 200, 200R are reported to be
prone to this vulnerability.
29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln...
BugTraq ID: 9785
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9785
Summary:
It has been reported that Freespace 2 game client may be prone to a remote
buffer overflow vulnerability that could allow remote attackers to execute
arbitrary code in a vulnerable system in order to gain unauthorized
access. It has been reported that this vulnerability can be reproduced by
sending a server name of 180 characters or more to a vulnerable client.
When the client reads in the string, sensitive regions of memory may be
corrupted with attacker-supplied values.
Freespace 2 versions 1.20 and prior are reported to be affected by this
issue.
30. Magic Winmail Server LDapLib.PHP Remote Installation Path Di...
BugTraq ID: 9786
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9786
Summary:
It has been reported that Magic Winmail Server is prone to a remote
installation path disclosure vulnerability. This issue is due to a
failure of the application to properly filter user input.
Successful exploitation of this issue may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
31. Nortel Wireless LAN Access Point 2200 Series Denial Of Servi...
BugTraq ID: 9787
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9787
Summary:
Nortel Wireless LAN Access Point 2200 series appliances have been reported
to be prone to a remote denial of service vulnerability. The issue is
reported to present itself when a large network request is handled by one
of the Wireless LAN Access Point default administration services. This
will reportedly cause the Access Point Appliance Operating service to
crash, effectively denying service to legitimate users.
32. SonicWall Firewall/VPN Appliance Multiple ARP Request Handli...
BugTraq ID: 9789
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9789
Summary:
Several problems in the handling of ARP requests have been identified in
SonicWall VPN and Firewall devices. Because of this, an attacker may be
able to gain access to sensitive information about networks behind
SonicWall devices. Denial of service attacks through affected devices are
also possible.
33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil...
BugTraq ID: 9790
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9790
Summary:
Hot Open Tickets is prone to an unspecified privilege escalation
vulnerability. This issue may allow a registered user to leverage a
vulnerability to escalate their privilege to administrator levels.
34. NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scriptin...
BugTraq ID: 9791
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9791
Summary:
It has been reported that NetScreen SA 5000 Series may be prone to a
cross-site scripting vulnerability that may allow an attacker to execute
arbitrary HTML or script code in the browser of a vulnerable user. The
issue presents itself due to insufficient sanitization of user-supplied
data via the 'row' parameter of the 'delhomepage.cgi' CGI binary.
The vulnerability has been discovered in an appliance called
A5030-Clustered pair running IVE firmware version 3.3 Patch 1 build 4797.
35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul...
BugTraq ID: 9792
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9792
Summary:
A problem in the handling of out-of-sequence packets has been identified
in FreeBSD. Because of this, it may be possible for remote attackers to
deny service to legitimate users of vulnerable systems.
36. Coreutils DIR Width Argument Integer Overflow Vulnerability
BugTraq ID: 9793
Remote: Unknown
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9793
Summary:
Coreutils 'dir' has been reported prone to an integer overflow
vulnerability. The issue reportedly presents itself when handling large
integer value '-w' (width) command line arguments passed to the vulnerable
application.
Due to the nature of this issue it may possibly be leveraged to deny
service to applications that use the 'dir' utility. It has been
conjectured that when invoked by an application with a malicious integer
value passed via the '-w' argument, the affected application may hang
while waiting for the utility to return output.
37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu...
BugTraq ID: 9794
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9794
Summary:
1st Class Mail Server has been reported prone to a remote buffer overflow
vulnerability. The issue exists due to a lack of sufficient boundary
checks performed on user-supplied data.
A remote attacker may pass excessive data as an argument for an APOP
command passed to the affected server. The attacker may exploit this issue
to corrupt a saved instruction pointer and in doing so may potentially
influence execution flow of the affected service into attacker-supplied
instructions.
38. SureCom Network Device Malformed Web Authorization Request D...
BugTraq ID: 9795
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9795
Summary:
An issue in the handling of specific web requests by SureCom network
devices has been identified. By placing a malformed request to the web
configuration interface, it is possible for an attacker to deny service to
legitimate users of a vulnerable device.
39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo...
BugTraq ID: 9797
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9797
Summary:
An integer overflow vulnerability has been reported in qmail-qmtpd. This
issue exists in code that processes values supplied to qmail-qmtpd in
RELAYCLIENT data. Though unconfirmed, this issue may be exploitable to
execute arbitrary code with elevated privileges.
It should be noted that this issue does not exist in the default
configuration and is only exposed if mail relaying is enabled by setting
the RELAYCLIENT environment variable.
40. SpiderSales Shopping Cart Multiple Vulnerabilities
BugTraq ID: 9799
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9799
Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to obtain the private cryptographic key and gain access
to sensitive information. The application is also reported prone to an
SQL injection vulnerability that may allow an attacker to gain
administrative level access to the underlying database.
The issues exist due to improper implementation of the RSA cryptosystem by
SpiderSales and failure to sanitize user-supplied input via the 'userId'
URI parameter employed by various scripts.
SpiderSales version 2.0 is assumed to be vulnerable to these issues,
however, other versions could be affected as well.
41. BolinTech Dream FTP Server FTP Command Format String Vulnera...
BugTraq ID: 9800
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9800
Summary:
Dream FTP Server has been reported to be prone to a remote format string
vulnerability when processing a malicious request from a client.
Although it has been demonstrated that this could crash the server, the
vulnerability could also theoretically allow for execution of arbitrary
code on the system hosting the server. This would occur in the security
context of the server process.
42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
BugTraq ID: 9801
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9801
Summary:
It has been reported that a number of undisclosed SandSurfer scripts are
prone to cross-site scripting vulnerabilities.
This could permit a remote attacker to create a malicious link to the
vulnerable application that includes hostile HTML and script code. If this
link were followed, the hostile code may be rendered in the web browser of
the victim user.
43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne...
BugTraq ID: 9802
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9802
Summary:
Acrobat Reader has been reported to be prone to a buffer overflow
vulnerability. According to the report, the overflow occurs when a user
views a malicious XFDF document.
Due to the nature of this vulnerability an attacker may potentially
leverage the issue to corrupt values that crucial to controlling program
execution flow, if this is the case it is conjectured that this issue may
be exploitable to execute arbitrary instructions in the context of the
affected software.
44. HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalat...
BugTraq ID: 9803
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9803
Summary:
HP has reported an unspecified vulnerability in HP Tru64 UNIX. This issue
is reported to exist in systems using IPsec and Internet Key Exchange
(IKE) with certificates. Successful exploitation of this issue may allow
an attacker to remotely compromise a vulnerable system.
Although unconfirmed, this issue may be related to Multiple Vendor IKE
Implementation Certificate Authenticity Verification Vulnerability (BID
9208). This BID will be updated as more information becomes available.
HP Tru64 UNIX 5.1B PK2(BL22), 5.1B PK3(BL24), and 5.1A PK6(BL24) are
reported to be vulnerable to this issue.
45. Multiple Vendor HTTP Response Splitting Vulnerability
BugTraq ID: 9804
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9804
Summary:
A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Related Topics) was released to describe various attacks that
target web users through web application, browser, web/application server
and proxy implementations. These attacks are described under the general
category of HTTP Response Splitting and involve abusing various input
validation flaws in these implementations to split HTTP responses into
multiple parts in such a way that response data may be misrepresented to
client users.
Exploitation would occur by injecting variations of CR/LF sequences into
parts of HTTP response headers that the attacker may control or influence.
The general consequences of exploitation are that an attacker may
misrepresent web content to the client, potentially enticing the user to
trust the content and take actions based on this false trust.
While the various implementations listed in the paper contribute to these
attacks, this issue will most likely be exposed through web applications
that do not properly account for CR/LF sequences when accepting
user-supplied input that may be returned in server responses.
This vulnerability could also aid in exploitation of cross-site scripting
vulnerabilities.
46. SmarterTools SmarterMail Multiple Vulnerabilities
BugTraq ID: 9805
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9805
Summary:
Multiple vulnerabilities have been identified in the software that may
allow an attacker to carry out directory traversal, cross-site scripting,
and denial of service attacks.
SmarterMail version 3.1 has been reported to be prone to these issues,
however, it is possible that other versions are affected as well.
47. Cisco Content Service Switch Management Port UDP Denial Of S...
BugTraq ID: 9806
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9806
Summary:
A problem in the handling of some types of malformed UDP network traffic
to the Cisco Content Service Switch management port has been identified.
Because of this, it may be possible for an attacker to deny service to
legitimate users of vulnerable systems.
48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
BugTraq ID: 9807
Remote: No
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9807
Summary:
It has been reported that DAWKCo POP3 Server Hosting Version with WebMAIL
Extension does not properly handle timed out sessions. Because of this, it
may be possible for a user regain access to a previous session.
This could potentially expose sessions, especially in situations where
other vulnerabilities facilitate session hijacking.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Feds: E-mail subpoena ruling hurts law enforcement
By: Kevin Poulsen
An appeals court refuses to reconsider a ruling that an overbroad subpoena
for stored e-mail can qualify as a computer intrusion, despite a plea from
the Justice Department to rethink the decision.
http://www.securityfocus.com/news/8199
2. Pranksters bedevil TV weather announcment system
By: Kevin Poulsen
Hacked newscast warns viewers: "All your base are belong to us."
http://www.securityfocus.com/news/8191
3. Alleged WebTV 911 hacker charged with cyberterrorism
By: Kevin Poulsen
Louisiana man is charged with endangering public safety for sending out a
malicious script that made set-top boxes call the police.
http://www.securityfocus.com/news/8136
4. Californian ISP sues Bob Vila site for spam
By: John Leyden, The Register
http://www.securityfocus.com/news/8198
5. Firms Look to Limit Liability for Online Security Breaches
By: Jonathan Krim, Washington Technology
http://www.securityfocus.com/news/8197
6. Virus writers in malicious code hide-and-seek
By: John Leyden, The Register
http://www.securityfocus.com/news/8196
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Prismstumbler v0.7.0
By: Florian Boor
Relevant URL: http://prismstumbler.sourceforge.net/
Platforms: Linux, POSIX
Summary:
Prismstumbler is software which finds 802.11 (W-LAN) networks. It comes
with an easy to use GTK2 frontend and is small enough to fit on a small
portable system. It is designed to be a flexible tool to find as much
information about wireless LAN installations as possible. Because of its
client-server architecture the scanner engine may be used for different
frontends.
2. The Backup Shell v1.7
By: The Anarcat
Relevant URL: http://anarcat.ath.cx/software/bksh.en.html
Platforms: FreeBSD, POSIX
Summary:
bksh is a simple program designed to be used as a shell by SSH. All it
does it to copy its input to a given backup file. Its goal is to allow
administrators to create backup-only accounts.
3. Rule-based Intrusion Detection System 1.0 (Default) v1.0
By: Pankaj Kumar Madhukar
Relevant URL: http://students.iiit.net/~pankaj_n/rids/index.html
Platforms: Linux
Summary:
RIDS is a machine learning rule-based intrusion detection system for
Linux.
4. The SSH library v0.1
By: Aris Adamantiadis
Relevant URL: http://www.0xbadc0de.be/projects/sshlib.html
Platforms: FreeBSD, Linux, NetBSD, OpenBSD
Summary:
The SSH library is a C library to authenticate in a simple manner to one
or more SSH servers. The goal of this project is to provide a library much
simpler to use than OpenSSH's one. A sample SSH client is provided.
5. OpenCA v0.9.2 RC3
By: Massimiliano Pala <madwolf (at) openca (dot) org [email concealed]>
Relevant URL: http://www.openca.org/openca/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Solaris
Summary:
The OpenCA Project is a collaborative effort to develop a robust,
full-featured and Open Source out-of-the-box Certification Authority
implementing the most used protocols with full-strength cryptography
world-wide. OpenCA is based on many Open-Source Projects. Among the
supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
6. MIMEDefang v2.40
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect Windows
clients from viruses. It can alter or delete various parts of a MIME
message according to a very flexible configuration file. It can also
bounce messages with unnaceptable attachments. MIMEDefang works with
Sendmail 8.11's new "Milter" API, which gives it much more flexibility
than procmail-based approaches.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Security Engineer Silicon Valley CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356554
2. Security Software Sales ? Detroit, MI (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356553
3. Senior Security Engineer for Windows Silicon Valley... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356552
4. Security Software Sales - Boston, MA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356551
5. Security Software Sales? Cleveland, OH (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356550
6. Business Development Mgr (Anti Virus) ? California (... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356549
7. Business Development Manager EMEA ? London, UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356548
8. Sales Engineer (CISSP) ? New York, Boston, Detroit, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356547
9. Management /Securiity Engineer - Lead (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356538
10. QA Manager - Networking/Security - Infoblox - Silico... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356536
11. looking for recruiters (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356535
12. Symantec in Redwood City is hiring a Technical Produ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356534
13. Director of Engineering (Networking) - Infoblox - Si... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356533
14. Identity Management - Web Services Architect (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356473
15. Identity Management - Systems Integrator (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356472
16. Identity Management - Capacity and Performance Engin... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356471
17. security jobs in nyc (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356470
18. Boston - kernel Principal Software Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356469
19. Network Management Solutions Sales - NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356336
20. application security engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356333
21. FW: Returned post for securityjobs (at) securityfocus (dot) com [email concealed] (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356331
22. Thanks! Job seeker advice (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356328
23. Sales Representative Need, AZ - Security Technologie... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356231
24. Job seeker advice (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356230
25. Network Security Analyst-Network Appliance (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356229
26. Information Systems Audit-Kansas City (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356227
27. Technical Director vacancy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356226
28. Firewall Security Engineer-Network Appliance (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356225
29. IT Auditor vacancy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356224
30. Sales Stud in the Northeast (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356223
31. seeking summer internship in US (cleared) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356221
32. Senior Inbound Product Manager Need - Security Solut... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356219
33. Senior Technical Security Consultant, ID Management,... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356179
34. Pre-Sales Security Consultant, ID Management, M4 Cor... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356078
35. Security Pro seeking CSO or Director of Security Pos... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356077
36. Full time Mid level Firewall Consultant position in ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/356023
37. Secure Messaging Solution Sales ( NYC) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355975
38. Road warrior found - parses syslog for fun - NJ log ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355895
39. QA Lab- Security - Bay Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355856
40. Regional Sales Manager - Midtow - NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355852
41. VP of Engineering--F/T NJ (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355850
42. NJ log guru-road warrior needed. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355849
43. Senior Software Engineers - Intrusec - Atlanta, GA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355848
44. Health Insurance Survey Results (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355846
45. Direct Sales Exec - Montreal/Quebec (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/355777
VI. INCIDENTS LIST SUMMARY
--------------------------
1. strange SMTP DoS traffic from Korea (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/356500
2. Strange Windows behavior / Spamming customers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/356435
3. port 544 sweeps (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/356319
4. Dead Thread: Releasing patches is bad for security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/356190
5. Blaster Recurrence (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/356189
6. Releasing patches is bad for security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/356188
7. A basic Question from a new bie!! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/355917
8. Project Honeynet Scan of the Month #30: Analysis Cha... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/355814
9. Nmap - 3.50 changes mstask.exe? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/355741
10. know your enemy (was: Releasing patches is bad for ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/355740
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Looking For Vulnerability Researchers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/356499
2. [SPAM] WbemScripting.SWbemLocator - createobject al... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/356388
3. WbemScripting.SWbemLocator - createobject allows... ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/356345
4. add to my previous post (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/356344
5. Announcing The Black Hat Briefings call for papers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/356271
6. VoIP Security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/355821
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Windows file move restriction (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356181
2. DHCP through RAS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356089
3. Article Announcements (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355974
4. SecurityFocus Microsoft Newsletter #178 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355926
5. Administrivia: Mass-mailing worms (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355818
6. FPSE Admin Listner on IIS 6.0 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355789
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. Administrivia X-Post: Farewell (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/356582
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Administrivia X-Post: Farewell (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/356494
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Reasoning Inc.
Enter to win a free application-level software security inspection. A
$20,000 value!
Reasoning will inspect up to 100,000 lines of your toughest C/C++ code.
Pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power application scanning and
dynamic testing tools can't match.
Enter to win a free software security inspection now:
http://sic-em.steelbrick.com/REA2302/securityfocus-corporate.jsp
------------------------------------------------------------------------
[ reply ]