Introducing the world's first and only complete Internal Security Gateway:
Check Point InterSpect.
Built specifically to protect internal networks, Check Point InterSpect
provides intelligent worm defense, network zone segmentation, quarantine
capabilities, and LAN protocol protection - all in one easy to deploy
appliance that protects your network from threats within.
Learn more about Check Point InterSpect at:
http://www.securityfocus.com/sponsor/CheckPoint_sf-news_040315
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dogs of War: Securing Microsoft Groupware Environments with Unix (Pt.1)
2. Security Patches by Modem? Forget it!
3. When Gaming is a Gamble
II. BUGTRAQ SUMMARY
1. Belchior Foundry VCard Authentication Bypass Vulnerability
2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
3. Symantec Norton Internet Security/Personal Firewall Remote D...
4. Internet Security Systems Protocol Analysis Module ICQ Parsi...
5. Apple Mac OS X Server Administration Service Undisclosed Rem...
6. Symantec Norton Internet Security WrapNISUM Class Remote Com...
7. Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun ...
8. Jetty Unspecified Denial Of Service Vulnerability
9. Clever's Games Terminator 3: War of the Machines Remote Clie...
10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
11. NullSoft Winamp Long File Name Denial of Service Vulnerabili...
12. Apache Connection Blocking Denial Of Service Vulnerability
13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
14. NullSoft Winamp Malformed File Name Denial of Service Vulner...
15. Microsoft Windows XP Explorer.EXE Remote Denial of Service V...
16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
20. Borland Interbase Database User Privilege Escalation Vulnera...
21. Apache Error Log Escape Sequence Injection Vulnerability
22. Expinion.net Member Management System ID Parameter SQL Injec...
23. Expinion.net Member Management System Multiple Cross-Site Sc...
24. Apache mod_disk_cache Module Client Authentication Credentia...
25. Novell NetWare Admin/Install Password Disclosure Vulnerabili...
26. Expinion.net News Manager Lite Multiple Vulnerabilities
27. XWeb Directory Traversal Vulnerability
28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
29. Xine Bug Reporting Script Insecure Temporary File Creation V...
30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
32. phpBB Multiple Input Validation Vulnerabilities
33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
34. Invision Gallery Multiple SQL Injection Vulnerabilities
35. Invision Power Top Site List Comments function id Parameter ...
36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
39. Centrinity FirstClass HTTP Server TargetName Parameter Cross...
40. ReGet Software ReGet Directory Traversal Vulnerability
41. Ethereal Multiple Vulnerabilities
42. Ipswitch WS_FTP Multiple Vulnerabilities
43. Foxmail Remote Buffer Overflow Vulnerability
44. Hibyte HiGuest Message Field HTML Injection Vulnerability
45. SSH Communications SSH Tectia Server Private Key Disclosure ...
46. DameWare Mini Remote Control Server Weak Random Key Generati...
47. Common Desktop Environment DTLogin Unspecified Remote Double...
48. DameWare Mini Remote Control Server Clear Text Encryption Ke...
49. Mythic Entertainment Dark Age of Camelot Encryption Key Sign...
50. FluidGames The Rage Game Server Remote Denial of Service Vul...
51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
52. Microsoft Visual C++ MFC ISAPI Extension Denial Of Service V...
53. Kerio WinRoute Firewall Unspecified Malformed HTTP Header De...
54. CPanel Multiple Cross-Site Scripting Vulnerabilities
55. Trend Micro Interscan Viruswall localweb Directory Traversal...
56. Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injec...
57. rident.pl Symbolic Link Vulnerability
58. PicoPhone Internet Phone Remote Buffer Overflow Vulnerabilit...
59. NexGen FTP Server Remote Directory Traversal Vulnerability
60. HP Web Jetadmin Printer Firmware Update Script Arbitrary Fil...
61. HP Web Jetadmin setinfo.hts Script Directory Traversal Vulne...
62. HP Web Jetadmin Remote Arbitrary Command Execution Vulnerabi...
III. SECURITYFOCUS NEWS ARTICLES
1. Would-be whistleblower indicted for keyboard tap
2. Report: Phishing attacks on the rise
3. Anti-piracy vigilantes track file sharers
4. Former security czar morphs into Rasputin
5. UK small.biz is lousy at virus protection
6. Campaigners fight biometric passports
IV. SECURITYFOCUS TOP 6 TOOLS
1. ZoneCD v0.2-4gui
2. Ethereal v0.10.3
3. Luneta v0.5
4. Dazuko v2.0.1-pre2
5. Securepoint Firewall and VPN Server v4.0 (S4)
6. Snort2Pf v3.1
V. SECURITYJOBS LIST SUMMARY
1. Security Software Engineer - Bay Area, CA - Greythor... (Thread)
2. Positions Opened in San Diego, CA (Thread)
3. Security Risk Assessment (Thread)
4. PGP Corporation Cert Progam Manager (Thread)
5. VP of Channel Sales - Security Technologies (Thread)
6. Validation of Clearance (Thread)
7. Information Security Operations Intelligence Analyst (Thread)
8. Director Quality Assurance Silicon Valley (Thread)
9. Security Test Engineer4 (Thread)
10. [job] Eastern Regional Sales Manager (NY, NJ. PA) (Thread)
11. Security Software Engineer (Thread)
12. [job] Western Regional Sales Manager (Thread)
13. Information Security Officer- Iowa (Thread)
14. 6+ months Network Engineer contract position - $500/... (Thread)
15. Full time Security Consultant position in Pittsburgh... (Thread)
16. Sr. SWE, Team Lead, Burlington, MA (Thread)
17. Network or Application Security Architect - Seattle,... (Thread)
18. Manager, Security and Technology Solutions Practice,... (Thread)
19. Security and audit professional available for volunt... (Thread)
20. Security Technical Consultant-San Francisco, CA (Thread)
21. Security openings with Ernst and Young LLP (Thread)
22. Senior Manager, Security and Technology Solutions pr... (Thread)
23. Cyber Incident Specialist #869JS - Boston, MA - 80k-... (Thread)
24. Security Assessment - 2-3 week engagement - Portland... (Thread)
25. Unix Security Assessment/Audit Position - San Diego/... (Thread)
26. job market in DFW? (Thread)
27. Three Security Trainier vacancies (Thread)
28. Business Security Advisor vacancy (Thread)
29. IT Risk and LAN Security Manager vacancy (Thread)
30. Global Disaster Recovery Officer vacancy (Thread)
31. Canada - QA Manager with Rising Star in Network Secu... (Thread)
32. Information Security Specialist / Project Manager #8... (Thread)
33. Looking for recruiter referrals (Thread)
34. Canada - Senior S/W Engineer with Rising Star in Net... (Thread)
35. IDS Consultants with ISS implementation experience -... (Thread)
36. IDS Security Consultants Needed (Thread)
37. Auditor Positions - Alexandria/Quantico VA area (Thread)
38. Pre Sales Security Engineer Silicon Valley (Thread)
39. Product Manager - Enterprise Products (Thread)
40. Security and Systems Engineering Work - San Diego Ar... (Thread)
41. BIOMETRIC FINGERPRINT Secuirty pro needed-- (Thread)
42. Senior Security Consultant - United Kingdom (Souther... (Thread)
43. Security Engineer (Thread)
44. Security Engineer PKI (Thread)
45. Authorization Architect (Thread)
46. Security Engineer HIPAA (Thread)
47. Certification & Accreditation Consultants -- Washin... (Thread)
48. Senior Network and Security Engineer Position -- Was... (Thread)
49. Help me find a System Administrator or Security Engi... (Thread)
50. Risk Assessment Consultants-- Washington, DC (Thread)
51. Security Policy Consultant for Federal Govt. Project... (Thread)
52. IDS Expert Needed-Washington DC (Thread)
53. SecurityGuys, a securityjobs-like list for Brazil (Thread)
VI. INCIDENTS LIST SUMMARY
1. IIS Search Method Overflow being revisted? (Thread)
2. unusual traffic - port 60295 (Thread)
3. new variant of witty worm ???? (Thread)
4. ICMP Scan (Thread)
5. iptables/netfilter logs viewer/analyzer (Thread)
6. Possible break in (Thread)
7. Article Announcement: Forensic Analysis of a Live Li... (Thread)
8. very weird traffic (Thread)
9. New virus? (Thread)
10. Release of Rootkit Hunter 1.0.0 (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. ISS 'Witty' Worm Analyzed (Thread)
2. Analysis of the Exploitation Processes (.pdf) (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. process tracking (Thread)
2. Hardening TCP/IP Stack; conflicting sources (Thread)
3. security tools (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NFS Over Private Network (Thread)
X. LINUX FOCUS LIST SUMMARY
1. how to avoid user1 becoming user2 using local root ? (Thread)
2. nis : how to avoid user1 becoming user2 using local ... (Thread)
3. Rewrite Rules, SSL, and .htaccess (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dogs of War: Securing Microsoft Groupware Environments with Unix (Pt.1)
By Bob Rudis
This article discusses the implementation of layered mail security using
Unix as MTA in front of Microsoft groupware products. Part one describes
the use of Sendmail, MIMEDefang and SpamAssassin.
http://www.securityfocus.com/infocus/1770
2. Security Patches by Modem? Forget it!
By Scott Granneman
Let's face it - there is no way for dial-up users on any major operating
system to keep their computers up-to-date and patched. OK, maybe "no way"
is an exaggeration. How about, "a difficult, burdensome, time-consuming,
very prone to failure way?"
http://www.securityfocus.com/columnists/230
3. When Gaming is a Gamble
By Mark Rasch
A new Justice Department policy threatens to jail security professionals
who help lock down online gambling sites anywhere in the world.
http://www.securityfocus.com/columnists/229
II. BUGTRAQ SUMMARY
-------------------
1. Belchior Foundry VCard Authentication Bypass Vulnerability
BugTraq ID: 9910
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9910
Summary:
It has been reported that vCard is prone to a remote authentication bypass
vulnerability. This issue is due to a design error that would allow a
malicious user access to certain admin functionality without having to
first authenticate to the application.
This issue may be leveraged to manipulate the application database,
potentially destroying data.
2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
BugTraq ID: 9911
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9911
Summary:
It has been reported that Error Manager is prone to multiple
vulnerabilities. These issues are due to failure to validate user input,
failure to handle exceptional conditions and simple design errors.
These issues may be leveraged to carry out cross-site scripting attacks,
reveal information about the application configuration and initiate HTML
injection attacks against the affected system.
3. Symantec Norton Internet Security/Personal Firewall Remote D...
BugTraq ID: 9912
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9912
Summary:
eEye Digital Security has reported an unspecified remotely exploitable
denial of service vulnerability in Symantec Norton Internet Security 2004
and Norton Personal Firewall 2004 products.
4. Internet Security Systems Protocol Analysis Module ICQ Parsi...
BugTraq ID: 9913
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9913
Summary:
It has been reported that the Internet Security Systems (ISS) Protocol
Analysis Module is prone to a remote buffer overflow vulnerability when
parsing the ICQ protocol. This issue exists due to insufficient bounds
checking performed on certain unspecified ICQ protocol fields supplied in
ICQ response data.
Successful exploitation of this issue may allow a remote attacker to
execute arbitrary code on a vulnerable system in order to gain
unauthorized access. This attack would occur in the context of the
vulnerable process.
This module is used to parse network protocols and is included in a number
of products provided by ISS, including various RealSecure and BlackICE
releases.
5. Apple Mac OS X Server Administration Service Undisclosed Rem...
BugTraq ID: 9914
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9914
Summary:
An undisclosed buffer overflow vulnerability has been reported in Apple
Mac OS X Server Administration service. This service has been reported to
be exclusively associated with port 660.
The reports indicate that when this service handles a request that is 2056
bytes long the service will crash and restart.
This BID will be updated as further details regarding this issue are
disclosed.
6. Symantec Norton Internet Security WrapNISUM Class Remote Com...
BugTraq ID: 9915
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9915
Summary:
Symantec Norton Internet Security is prone to a vulnerability that may
potentially allow for remote command execution.
This vulnerability is exposed via the WrapNISUM Class ActiveX component.
This component may potentially be invoked to launch a resource via a UNC
path from malicious web page or HTML e-mail. This resource would likely
be a malicious attacker-supplied executable.
7. Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun ...
BugTraq ID: 9916
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9916
Summary:
Symantec Norton AntiSpam has been reported prone to a remotely exploitable
buffer overrun vulnerability.
This issue exists in the SymSpamHelper Class ActiveX component, which
could be invoked from a web page or HTML e-mail with malformed parameters
sufficient to trigger the condition. This could be exploited to execute
arbitrary code with the privileges of the client user.
8. Jetty Unspecified Denial Of Service Vulnerability
BugTraq ID: 9917
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9917
Summary:
An unspecified denial of service vulnerability has been reported in Jetty
Java HTTP Servlet Server. It is conjectured that this may be exploited
remotely.
9. Clever's Games Terminator 3: War of the Machines Remote Clie...
BugTraq ID: 9918
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9918
Summary:
It has been reported that Terminator 3: War of the Machines game client
may be prone to a buffer overflow vulnerability that may allow remote
attackers to execute arbitrary code on a vulnerable system in order to
gain unauthorized access. This vulnerability can be reproduced by sending
server information of over 200 characters via the 'ServerInfo' variable to
a vulnerable client. When the client reads in the string, sensitive
regions of memory may be corrupted with attacker-supplied values.
Terminator 3: War of the Machines version 1.0 is reported to be affected
by this issue.
10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
BugTraq ID: 9919
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9919
Summary:
Reportedly SquidGaurd is prone to a remote NULL URL character unauthorized
access vulnerability. This issue is due to a failure of the application
to properly filter out invalid URIs.
Successful exploitation of this issue may allow a remote attacker to
bypass access controls resulting in unauthorized access to
attacker-specified resources. This may allow the attacker to gain
unauthorized access to sensitive resources.
Although it has not been confirmed, this issue may be related to the issue
defined in BID 9778.
11. NullSoft Winamp Long File Name Denial of Service Vulnerabili...
BugTraq ID: 9920
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9920
Summary:
It has been reported that Winamp may be prone to a denial of service
vulnerability when processing files with a name exceeding 246 characters.
Immediate consequences of this issue may result in the application
crashing. Although unconfirmed, due to the nature of this vulnerability
an attack could result in a buffer overflow condition and may lead to
arbitrary code execution. Any code execution would occur in the context
of the user running the application.
Winamp 5.02 was identified as the vulnerable version, however, it is
possible that other versions are affected as well.
Conflicting reports have surfaced regarding this issue. It is possible
that this issue may not be valid. This BID will be updated or retired as
more information becomes available.
12. Apache Connection Blocking Denial Of Service Vulnerability
BugTraq ID: 9921
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9921
Summary:
Apache is prone to an issue that may permit remote attackers to cause a
denial of service issue via a listening socket on a rarely accessed port.
This will reportedly block out new connections to the server until another
connection on the rarely accessed socket is initiated.
The functionality that exposes this issue is reportedly enabled by default
on all platforms except Windows.
13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
BugTraq ID: 9922
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9922
Summary:
It has been reported that the FVWM fvwm_make_browse_menu.sh script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.
14. NullSoft Winamp Malformed File Name Denial of Service Vulner...
BugTraq ID: 9923
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9923
Summary:
It has been reported that Winamp may be prone to a denial of service
vulnerability when processing malformed file names. This issue is
reported to present itself when a file with a malformed file name is
processed by the application. Specifically, if the file name contains an
excessive amount of characters and has '.mid' extension.
Winamp 5.01 an prior were reported to be prone to this issue, however, it
is possible that other versions are affected as well.
15. Microsoft Windows XP Explorer.EXE Remote Denial of Service V...
BugTraq ID: 9924
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9924
Summary:
Microsoft Windows Explorer for Windows XP has been reported to be prone to
a remote denial of service vulnerability.
This issue is due to a failure of the application to properly validate
user-supplied input via the 'shell:' command. The 'shell:' command is a
parameter that a user can specify when including a URI in an HTML tag.
This command allows the HTML script to potentially execute any program
specified after the 'shell:' command.
Successful exploitation of this issue would cause the affected application
to crash, denying service to legitimate users.
16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
BugTraq ID: 9925
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9925
Summary:
It has been reported that the FVWM 'fvwm_make_directory_menu.sh' script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.
17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
BugTraq ID: 9926
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9926
Summary:
It has been reported that the 'smbprint-new.sh' sample Samba script is
prone to a local insecure temporary file handling symbolic link
vulnerability. This issue is due to a design error that allows the
application to insecurely write to a temporary file that is created with a
predictable file name.
An attacker may exploit this issue to corrupt arbitrary files. This
corruption may potentially result in the elevation of privileges, or in a
system wide denial of service.
It should be noted that the 'smbprint-new.sh' is a sample script located
in the 'examples' directory. This script is not intended for commercial
use. The 'smbprint' script included in the 'packaging' directory is not
vulnerable to this issue. Individual package distributions may vary.
18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
BugTraq ID: 9927
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9927
Summary:
Reportedly the 'ttaarchives.cgi' script bundled with Tarantella Enterprise
3 is prone to a remote cross-site scripting vulnerability. This issue is
due to a failure of the application to sufficiently sanitize user supplied
URI input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.
19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
BugTraq ID: 9928
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9928
Summary:
Reportedly the 'ttacab.cgi' script bundled with Tarantella Enterprise 3 is
prone to a remote cross-site scripting vulnerability. This issue is due
to a failure of the application to sufficiently sanitize user supplied URI
input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.
20. Borland Interbase Database User Privilege Escalation Vulnera...
BugTraq ID: 9929
Remote: No
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9929
Summary:
By default, insecure permissions are set on the file storing the user
database that is shipped with Borland Interbase. The permissions, 0666,
permit all users to write to the file. This configuration error can be
exploited to gain administrative access within the database. The
consequences of this flaw may extend further if the database supports
applications.
21. Apache Error Log Escape Sequence Injection Vulnerability
BugTraq ID: 9930
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9930
Summary:
It has been reported that the Apache web server is prone to a remote error
log escape sequence injection vulnerability. This issue is due to an
input validation error that may allow escape character sequences to be
injected into apache log files.
This may facilitate exploitation of issues such as those found in BIDs
6936 and 6938.
This issue may allow an attacker to carry out a number of actions
including arbitrary file creation and code execution on the affected
system.
22. Expinion.net Member Management System ID Parameter SQL Injec...
BugTraq ID: 9931
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9931
Summary:
It has been reported that Member Management System may be prone to a SQL
injection vulnerability that may allow a remote attacker to inject
malicious SQL syntax into database queries. The problem is reported to
exist in the 'ID' parameter contained within the 'resend.asp' and
'news_view.asp' scripts.
Member Management System version 2.1 has been reported to be affected by
this issue, however, other versions may be vulnerable as well.
23. Expinion.net Member Management System Multiple Cross-Site Sc...
BugTraq ID: 9932
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9932
Summary:
It has been reported that a number of Member Management System scripts are
prone to cross-site scripting vulnerabilities. These issues are reportedly
due to a failure to sanitize user input and so allow HTML and script code
that may facilitate cross-site scripting attacks. The issues are reported
to affect the 'err' parameter of 'error.asp' script and the 'register.asp'
script.
Member Management System version 2.1 has been reported to be affected by
this issue, however, other versions may be vulnerable as well.
24. Apache mod_disk_cache Module Client Authentication Credentia...
BugTraq ID: 9933
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9933
Summary:
It has been reported that Apache mod_disk_cache module may be prone to a
weakness that could result in an attacker gaining access to proxy or
standard authentication credentials. The mod_disk_cache module is
reported to store HTTP Hop-by-hop headers including user login and
password information in plaintext format on disk.
This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials. Successful exploitation of this issue may lead to further
attacks agains vulnerable users of the affected host.
Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed
to be affected by this issue.
25. Novell NetWare Admin/Install Password Disclosure Vulnerabili...
BugTraq ID: 9934
Remote: No
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9934
Summary:
Novell has reported a vulnerability in Novell NetWare 6.5 Support Pack 1.1
that may allow an attacker to gain access to the administrator password.
According to Novell this vulnerability only affects users who meet the
following conditions:
1) Performed installations or upgrades (locally or remotely) using the
NetWare 6.5 Support Pack 1.1 Overlay CDs.
2) Selected Custom Installation and selected the OpenSSH component.
The admin/install password is stored in the 'NIOUTPUT.TXT' and 'NI.LOG'
files. The likelihood of successful exploitation of this issue is
relatively small as these files are usually protected by the operating
system via the administrator's access controls.
26. Expinion.net News Manager Lite Multiple Vulnerabilities
BugTraq ID: 9935
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9935
Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to carry out SQL injection, cross-site scripting, and
account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp',
'category_news_headline.asp', 'more.asp', 'category_news.asp', and
'ews_sort.asp' scripts. Further more a cookie account hijacking issue was
also discovered in the application that may allow a remote attacker to
gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however,
other versions may be affected as well.
27. XWeb Directory Traversal Vulnerability
BugTraq ID: 9937
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9937
Summary:
XWeb is reportedly prone to directory traversal attacks. Remote attackers
may exploit this issue to gain access to sensitive files outside of the
server root. This would occur in the context of the server, i.e.: any
files the server could access would also be accessible to the attacker.
28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
BugTraq ID: 9938
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9938
Summary:
It has been reported that phpBB may be prone to a cross-site scripting
vulnerability that may allow an attacker to execute arbitrary HTML or
script code in a user's browser. The issue exists due to insufficient
sanitization of user-supplied input via the 'avatarselect' form parameter
of 'profile.php' script.
phpBB 2.0.6d has been reported to be prone to this issue, however, other
versions could be affected as well.
29. Xine Bug Reporting Script Insecure Temporary File Creation V...
BugTraq ID: 9939
Remote: No
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9939
Summary:
The xine bug reporting scripts (xine-bugreport and xine-check) create
temporary files in an insecure manner. A malicious local user could take
advantage of this issue by mounting a symbolic link attack to corrupt
other system files, most likely resulting in destruction of data.
Privilege escalation is also theoretically possible. This issue is only
exposed when the vulnerable scripts are run to submit a bug report to the
vendor.
It should be noted that xine-bugreport and xine-check are separate
instances of the same script.
30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
BugTraq ID: 9940
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9940
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'ptivate.php' script. This issue is reportedly due to
a failure to sanitize user input and so allow for injection of HTML and
script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.
31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
BugTraq ID: 9941
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9941
Summary:
Mod_Survey is prone to HTML injection attacks via survey input fields.
They may permit remote attackers to persistently inject HTML and script
code into surveys, which may be rendered in the web browser of
administrative or other users.
Exploitation could permit for theft of cookie-based authentication
credentials. Other attacks are also possible.
32. phpBB Multiple Input Validation Vulnerabilities
BugTraq ID: 9942
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9942
Summary:
It has been reported that phpBB may be prone to multiple vulnerabilities
that could allow an attacker to carry out SQL injection and cross-site
scripting attacks. These vulnerabilities result from insufficient
sanitization of user-supplied input via the 'id' parameter of
'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles'
module.
phpBB versions 2.0.7a and prior are reported to be prone to these issues.
33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
BugTraq ID: 9943
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9943
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'index.php' script in both the 'admincp' and 'modcp'
application directories. This issue is reportedly due to a failure to
sanitize user input and so allow for injection of HTML and script code
that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.
34. Invision Gallery Multiple SQL Injection Vulnerabilities
BugTraq ID: 9944
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9944
Summary:
It has been reported that Invision Gallery may be prone to multiple sql
injection vulnerabilities, allowing an attacker to influence SQL query
logic. The issues exist due to insufficient sanitization of user-supplied
data via the 'img', 'cat', 'sort_key', 'order_key', 'user' and 'album'
parameters of the gallery module accessed via the 'index.php' script.
Invision Gallery is a gallery system that can be used as a plugin for
Invision Power Board. Invision Gallery 1.0.1 is reported to be prone to
these issues, however, other versions could be affected as well.
35. Invision Power Top Site List Comments function id Parameter ...
BugTraq ID: 9945
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9945
Summary:
It has been reported that Top Site List may be prone to an SQL injection
vulnerability that may allow remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other
attacks. The issue exists due to insufficient sanitizing of the 'id' URI
parameter when using the 'comments' feature in 'index.php' script.
Invision Power Top Site List versions 1.1 RC 2 and prior are reported
prone to this issue.
36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
BugTraq ID: 9946
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9946
Summary:
Reportedly MS-Analysis is prone to a remote information disclosure
vulnerability. This issue is due to a design error that displays
sensitive system information when certain errors are triggered.
The problem presents itself when an error condition is triggered in all
scripts residing in the 'scripts' directory of the MS-Analysis directory.
It has also been reported that this issue affects the 'mstrack.php' and
'title.php' scripts in the MS-Analysis root directory.
These issues may be leveraged to gain sensitive information about the
affected system potentially aiding an attacker in mounting further
attacks.
37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
BugTraq ID: 9947
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9947
Summary:
It has been reported that MS-Analysis is prone to a multiple cross-site
scripting vulnerabilities. These issues are due to a failure of the
application to properly sanitize user supplied URI parameters.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
BugTraq ID: 9948
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9948
Summary:
Reportedly the MS-Analysis module is prone to a remote SQL injection
vulnerability. This issue is due to a failure to properly sanitize user
supplied HTTP header input before using it in an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.
39. Centrinity FirstClass HTTP Server TargetName Parameter Cross...
BugTraq ID: 9950
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9950
Summary:
It has been reported that FirstClass HTTP Server may be prone to a
cross-site scripting vulnerability that may allow a remote attacker to
execute arbitrary HTML or script code in a user's browser. The issue
presents itself due to insufficient sanitization of user-supplied data via
the 'TargetName' parameter of 'Upload.shtml' script.
Since this vulnerability affects the web server there is a possibility of
an attacker crossing domains if multiple domains are hosted on one web
server. The vendor has reported that this vulnerability only affects the
'standard' template set. The 'webmail' and 'mobile' template sets do not
contain the 'Upload.shtml' script.
Centrinity FirstClass versions 7.1 and prior may be vulnerable to this
issue.
40. ReGet Software ReGet Directory Traversal Vulnerability
BugTraq ID: 9951
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9951
Summary:
It has been reported that ReGet may be prone to a directory traversal
vulnerability that may allow remote attackers to upload files to arbitrary
locations on a target system. The attacker may supply encoded directory
traversal sequences in the URI parameter so that the requested file is
saved outside of the default download directory specified by the user.
ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue,
however, other versions could be affected as well.
41. Ethereal Multiple Vulnerabilities
BugTraq ID: 9952
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9952
Summary:
Ethereal 0.10.3 has been released to address multiple vulnerabilities.
These issues include:
- Thirteen stack-based buffer overruns in various protocol dissectors
(NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP).
- A denial of service that is triggered by a zero length Presentation
protocol selector.
- Specially crafted RADIUS packets may cause a crash in Ethereal.
- Corrupt color filter files may cause a crash in Ethereal.
These issues may result in a denial of service or potentially be leveraged
to execute arbitrary code in the instance of the buffer overruns.
42. Ipswitch WS_FTP Multiple Vulnerabilities
BugTraq ID: 9953
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9953
Summary:
Multiple vulnerabilities have been identified in the WS_FTP Server and
client applications. These vulnerabilities may allow remote attackers to
execute arbitrary code, cause denial of service attacks and gain
administrative level access to a server.
The issues include two remote buffer overflow vulnerabilities in the
client, a denial of service vulnerability in the server and an access
validation issue in the server leading to remote command execution with
SYSTEM privileges.
These issues are undergoing further analysis. This BID will be divided
into separate issues as analysis is completed.
43. Foxmail Remote Buffer Overflow Vulnerability
BugTraq ID: 9954
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9954
Summary:
It has been reported that Foxmail is prone to a remote buffer overflow
vulnerability. This issue is due to a failure of the application to
verify buffer boundaries when processing user supplied email headers.
A remote attacker may potentially exploit this issue to cause the email
client to crash, denying service to the victim user. It is also possible
to further leverage this issue in order to execute arbitrary code; this
code would be executed in the security context of the user running the
affected email client.
44. Hibyte HiGuest Message Field HTML Injection Vulnerability
BugTraq ID: 9955
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9955
Summary:
Hibyte's HiGuest guestbook software is prone to HTML injection attacks.
This issue is exposed via the message form field in the guestbook entry
submission form.
Exploitation could permit remote attackers to persistently inject hostile
HTML and script code into guestbook content. This could allow for theft
of cookie-based authentications or other attacks, such as those which
misrepresent guestbook content.
45. SSH Communications SSH Tectia Server Private Key Disclosure ...
BugTraq ID: 9956
Remote: No
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9956
Summary:
It has been reported that SSH Tectia Server may be prone to a private key
disclosure vulnerability due to an unspecified weakness in the password
change mechanism functionality employed by the server. Because of this, a
local attacker may be able to gain access to the private host key of a
vulnerable system. It has been reported that the password change
mechanism is not enabled by default.
SSH Tectia Server for Unix versions 4.0.3 and 4.0.4 are affected by this
issue. Tectia Server for Windows is not vulnerable to this issue.
46. DameWare Mini Remote Control Server Weak Random Key Generati...
BugTraq ID: 9957
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9957
Summary:
It has been reported that DameWare Mini Remote Control Server may prone to
a weak random key generation weakness that could allow an attacker to
determine the key and therefore ultimately expose encrypted authentication
credentials. This issue exists due to a weak random bit generator is
being used to generate encryption keys. These keys are used by the
application to encrypt user credentials.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by
this issue, however, it is possible that prior versions are vulnerable as
well.
47. Common Desktop Environment DTLogin Unspecified Remote Double...
BugTraq ID: 9958
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9958
Summary:
It has been reported that a double free vulnerability exists in the
dtlogon process of CDE. This issue presents itself due to the free()
function being called on the same allocated chunk of memory more than
once. This problem occurs prior to any authorization.
Successful exploitation of this issue could lead to the corruption of an
arbitrary location in memory, ultimately allowing for the attacker to
control the execution flow of the affected process.
48. DameWare Mini Remote Control Server Clear Text Encryption Ke...
BugTraq ID: 9959
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9959
Summary:
It has been reported that DameWare Mini Remote Control Server may be prone
to a clear text encryption key disclosure vulnerability. The issue
presents itself because the file encryption key is sent over the network
in plain text format.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by
this issue, however, it is possible that prior versions are vulnerable as
well.
49. Mythic Entertainment Dark Age of Camelot Encryption Key Sign...
BugTraq ID: 9960
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9960
Summary:
An encryption key signing vulnerability has been reported to exist in Dark
Age of Camelot. This issue is due to a design error in the application
that carries out encryption without having the encryption key signed or
verified by the affected server.
This issue may allow for an attacker to carry out man-in-the-middle
attacks against a vulnerable system. Successful exploitation may allow an
attacker to gain access to sensitive information transmitted between the
client and the games server.
50. FluidGames The Rage Game Server Remote Denial of Service Vul...
BugTraq ID: 9961
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9961
Summary:
It has been reported that The Rage is prone to a denial of service
vulnerability when processing client request packets containing 0 for the
values of the client IP address and Port number. This issue results in an
exceptional condition causing the server to enter an infinite loop leading
to a hang.
The Rage 1.01 and prior are reported to be affected by this issue.
51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
BugTraq ID: 9962
Remote: No
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9962
Summary:
It has been reported that Sun Solaris may be prone to a local privilege
escalation vulnerability that may allow an attacker to gain root access to
a vulnerable system. The issue exists due to insufficient sanitization of
user-supplied data via the vfs_getvfssw() function in the Solaris kernel.
An attacker can load a user-specified kernel modules by using directory
traversal sequences and employing the mount() or sysfs() system calls.
52. Microsoft Visual C++ MFC ISAPI Extension Denial Of Service V...
BugTraq ID: 9963
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9963
Summary:
It has been reported that ISAPI (Internet Server Application Programming
Interface) extensions that are built using the MFC (Microsoft Foundation
Classes) static library in Microsoft Visual C++ are prone to a denial of
service vulnerability. This could occur during POST requests when the
ISAPI extension is under heavy load.
Microsoft Visual C++ is included in Microsoft Visual Studio. This
reportedly affects Microsoft Visual C++/Studio 6.
53. Kerio WinRoute Firewall Unspecified Malformed HTTP Header De...
BugTraq ID: 9964
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9964
Summary:
It has been reported that WinRoute Firewall may be prone to an unspecified
remote denial of service vulnerability that may allow an attacker to cause
the firewall process to crash or hang. This issue occurs when the
application parses malformed HTTP headers.
WinRoute Firewall versions 5.1.9 and prior are reported prone to this
issue.
Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes available.
54. CPanel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 9965
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9965
Summary:
Reportedly cPanel is prone to multiple cross-site scripting
vulnerabilities. These issues are due to a failure of the application to
properly validate user supplied URI input.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
55. Trend Micro Interscan Viruswall localweb Directory Traversal...
BugTraq ID: 9966
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9966
Summary:
It has been reported that InterScan VirusWall may to a directory traversal
vulnerability that may allow an attacker to request files from the
'/ishttp/localweb' directory and any sub directories of 'localweb' with
directory traversal strings such as '../'.
56. Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injec...
BugTraq ID: 9967
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9967
Summary:
It has been reported that the VP-ASP Shopping Cart is prone to a remote
SQL injection vulnerability. This issue is due to a failure of the
application to properly sanitize user input before using it in an SQL
query.
It may be possible for an attacker to leverage this issue to disclose the
administrator password hash, or other sensitive information contained
within the database by exploiting this issue.
57. rident.pl Symbolic Link Vulnerability
BugTraq ID: 9968
Remote: No
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9968
Summary:
It has been reported that rident.pl may be prone to a symbolic link
vulnerability that may allow an attacker to corrupt or overwrite arbitrary
files. This issue exists because the script writes output to a temporary
file as 'rident.pid' in 'tmp' directory.
It has been reported that a user will require root privileges to invoke
the affected script; this may increase the impact of this vulnerability.
58. PicoPhone Internet Phone Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 9969
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9969
Summary:
It has been reported that Picophone is prone to a remote buffer overflow
vulnerability. This issue is due to the application failing to verify the
size of user input before storing it in a finite buffer.
Successful exploitation of this issue will cause a denial of service
condition to be triggered. The attacker may also leverage this issue to
execute arbitrary code; this code would be executed in the security
context of the user running the affected process.
59. NexGen FTP Server Remote Directory Traversal Vulnerability
BugTraq ID: 9970
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9970
Summary:
It has been reported that the Nexgen FTP server is prone to a remote
directory traversal vulnerability. This issue is due to a failure of the
application to properly sanitize file request strings from authenticated
users.
Successful exploitation of this vulnerability may allow a remote attacker
to gain access to sensitive information that may be used to launch further
attacks against a vulnerable system.
60. HP Web Jetadmin Printer Firmware Update Script Arbitrary Fil...
BugTraq ID: 9971
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9971
Summary:
HP Web Jetadmin is prone to an issue which may permit remote users to
upload arbitrary files to the management server.
This issue exists in the printer firmware update script. Given the
ability to place arbitrary files on the server to an attacker-specified
location, it may be possible to execute arbitrary code, though this will
require exploitation of other known vulnerabilities, such as BID 9972 "HP
Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".
Authentication, if it has been enabled, would be required to exploit this
issue.
This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows
platform. Other versions may be similarly affected.
61. HP Web Jetadmin setinfo.hts Script Directory Traversal Vulne...
BugTraq ID: 9972
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9972
Summary:
It has been reported that HP Web JetAdmin may be prone to a directory
traversal vulnerability allowing remote attackers to access information
outside the server root directory. The problem exists due to insufficient
sanitization of user-supplied data passed via the 'setinclude' parameter
of 'setinfo.hts' script.
This vulnerability can be combined with HP Web Jetadmin Firmware Update
Script Arbitrary File Upload Weakness (BID 9971) to upload malicious files
to a vulnerable server in order to gain unauthorized access to a host.
This issue has been tested with an authenticated account on HP Web
Jetadmin version 7.5.2546 running on a Windows platform.
62. HP Web Jetadmin Remote Arbitrary Command Execution Vulnerabi...
BugTraq ID: 9973
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9973
Summary:
Reportedly HP web Jetadmin is prone to a remote arbitrary command
execution vulnerability. This issue is due to a failure of the
application to properly validate and sanitize user supplied input.
Successful exploitation of this issue will allow a malicious user to
execute arbitrary commands on the affected system.
This issue has been tested with an authenticated account on HP Web
Jetadmin version 7.5.2546 running on a Windows platform.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Would-be whistleblower indicted for keyboard tap
By: Kevin Poulsen
The first U.S. prosecution for illegal use of a hardware key logger is
against an insurance company insider who claims he was gathering evidence
for state investigators. Did he go too far?
http://www.securityfocus.com/news/8329
2. Report: Phishing attacks on the rise
By: Kevin Poulsen
A new report finds a 60 percent increase in one month in the variety of
spammy scam mails sent by identity thieves.
http://www.securityfocus.com/news/8289
3. Anti-piracy vigilantes track file sharers
By: Kevin Poulsen
Crime-busting coders spark controversy when they circulate a Trojan horse
on peer-to-peer networks designed to chastise pirates, and report back to
a public website.
http://www.securityfocus.com/news/8279
4. Former security czar morphs into Rasputin
By: Thomas C. Greene, The Register
http://www.securityfocus.com/news/8353
5. UK small.biz is lousy at virus protection
By: John Oates, The Register
http://www.securityfocus.com/news/8352
6. Campaigners fight biometric passports
By: John Leyden, The Register
http://www.securityfocus.com/news/8351
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. ZoneCD v0.2-4gui
By: The Public IP ZoneCD has been created to help implement safe, free,
wifi hotspots. NoCat dynamic fir
Relevant URL: http://www.publicip.net/
Platforms: N/A
Summary:
The Public IP ZoneCD has been created to help implement safe, free, wifi
hotspots. NoCat dynamic firewall rules are used for user access and
authentication. A transparent proxy sends all "Public" requests from NoCat
through a content filter (Dansguardian) to block porn, hacker sites,
extreme violence, illegal drugs, and other obscene and explicit Web sites.
The content filter also blocks files extensions to protect your network
from viruses, and restricts file sizes to save bandwidth.
Ethereal is a network protocol analyzer, or "packet sniffer", that lets
you capture and interactively browse the contents of network frames. The
goal of the project is to create a commercial-quality packet analyzer for
Unix, and the most useful packet analyzer on any platform.
Luneta is a Web-based host and system monitor which uses SNMP.
4. Dazuko v2.0.1-pre2
By: John Ogness
Relevant URL: http://www.dazuko.org/
Platforms: FreeBSD, Linux
Summary:
This project provides a kernel module which provides 3rd-party
applications with an interface for file access control. It was originally
developed for on-access virus scanning. Other uses include a file-access
monitor/logger or external security implementations. It operates by
intercepting file-access calls and passing the file information to a
3rd-party application. The 3rd-party application then has the opportunity
to tell the kernel module to allow or deny the file-access. The 3rd-party
application also receives information about the file, such as type of
access, process ID, user ID, etc.
5. Securepoint Firewall and VPN Server v4.0 (S4)
By: Lutz Hausmann
Relevant URL: http://www.securepoint.cc/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Securepoint Firewall and VPN Server is a high-performance application
designed to offer full protection for network assets. The Security Manager
offers a graphical user interface with many features, different
configurations, and advanced reporting functions. The Securepoint server
is a complete firewall and VPN software system with an operating system
based on a secure Linux. VPN operation supports PPTP and IPSec (X.509
certificates, preshared, RSA signature). You can use the firewall on a
standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN).
It is very easy to install and administer. The Securepoint Security
Manager is available in English, German, and Spanish, and works in online
and offline mode.
Snort2Pf is a small Perl daemon which greps the snort Alertfile and blocks
the IP addresses of attackers for a given span of time. It only works a
systems with pf installed (OpenBSD and others).
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Security Software Engineer - Bay Area, CA - Greythor... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358796
2. Positions Opened in San Diego, CA (Thread)
Relevant URL:
SecurityFocus Newsletter #242
------------------------------
This Issue is Sponsored by: Check Point
Introducing the world's first and only complete Internal Security Gateway:
Check Point InterSpect.
Built specifically to protect internal networks, Check Point InterSpect
provides intelligent worm defense, network zone segmentation, quarantine
capabilities, and LAN protocol protection - all in one easy to deploy
appliance that protects your network from threats within.
Learn more about Check Point InterSpect at:
http://www.securityfocus.com/sponsor/CheckPoint_sf-news_040315
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dogs of War: Securing Microsoft Groupware Environments with Unix (Pt.1)
2. Security Patches by Modem? Forget it!
3. When Gaming is a Gamble
II. BUGTRAQ SUMMARY
1. Belchior Foundry VCard Authentication Bypass Vulnerability
2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
3. Symantec Norton Internet Security/Personal Firewall Remote D...
4. Internet Security Systems Protocol Analysis Module ICQ Parsi...
5. Apple Mac OS X Server Administration Service Undisclosed Rem...
6. Symantec Norton Internet Security WrapNISUM Class Remote Com...
7. Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun ...
8. Jetty Unspecified Denial Of Service Vulnerability
9. Clever's Games Terminator 3: War of the Machines Remote Clie...
10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
11. NullSoft Winamp Long File Name Denial of Service Vulnerabili...
12. Apache Connection Blocking Denial Of Service Vulnerability
13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
14. NullSoft Winamp Malformed File Name Denial of Service Vulner...
15. Microsoft Windows XP Explorer.EXE Remote Denial of Service V...
16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
20. Borland Interbase Database User Privilege Escalation Vulnera...
21. Apache Error Log Escape Sequence Injection Vulnerability
22. Expinion.net Member Management System ID Parameter SQL Injec...
23. Expinion.net Member Management System Multiple Cross-Site Sc...
24. Apache mod_disk_cache Module Client Authentication Credentia...
25. Novell NetWare Admin/Install Password Disclosure Vulnerabili...
26. Expinion.net News Manager Lite Multiple Vulnerabilities
27. XWeb Directory Traversal Vulnerability
28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
29. Xine Bug Reporting Script Insecure Temporary File Creation V...
30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
32. phpBB Multiple Input Validation Vulnerabilities
33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
34. Invision Gallery Multiple SQL Injection Vulnerabilities
35. Invision Power Top Site List Comments function id Parameter ...
36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
39. Centrinity FirstClass HTTP Server TargetName Parameter Cross...
40. ReGet Software ReGet Directory Traversal Vulnerability
41. Ethereal Multiple Vulnerabilities
42. Ipswitch WS_FTP Multiple Vulnerabilities
43. Foxmail Remote Buffer Overflow Vulnerability
44. Hibyte HiGuest Message Field HTML Injection Vulnerability
45. SSH Communications SSH Tectia Server Private Key Disclosure ...
46. DameWare Mini Remote Control Server Weak Random Key Generati...
47. Common Desktop Environment DTLogin Unspecified Remote Double...
48. DameWare Mini Remote Control Server Clear Text Encryption Ke...
49. Mythic Entertainment Dark Age of Camelot Encryption Key Sign...
50. FluidGames The Rage Game Server Remote Denial of Service Vul...
51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
52. Microsoft Visual C++ MFC ISAPI Extension Denial Of Service V...
53. Kerio WinRoute Firewall Unspecified Malformed HTTP Header De...
54. CPanel Multiple Cross-Site Scripting Vulnerabilities
55. Trend Micro Interscan Viruswall localweb Directory Traversal...
56. Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injec...
57. rident.pl Symbolic Link Vulnerability
58. PicoPhone Internet Phone Remote Buffer Overflow Vulnerabilit...
59. NexGen FTP Server Remote Directory Traversal Vulnerability
60. HP Web Jetadmin Printer Firmware Update Script Arbitrary Fil...
61. HP Web Jetadmin setinfo.hts Script Directory Traversal Vulne...
62. HP Web Jetadmin Remote Arbitrary Command Execution Vulnerabi...
III. SECURITYFOCUS NEWS ARTICLES
1. Would-be whistleblower indicted for keyboard tap
2. Report: Phishing attacks on the rise
3. Anti-piracy vigilantes track file sharers
4. Former security czar morphs into Rasputin
5. UK small.biz is lousy at virus protection
6. Campaigners fight biometric passports
IV. SECURITYFOCUS TOP 6 TOOLS
1. ZoneCD v0.2-4gui
2. Ethereal v0.10.3
3. Luneta v0.5
4. Dazuko v2.0.1-pre2
5. Securepoint Firewall and VPN Server v4.0 (S4)
6. Snort2Pf v3.1
V. SECURITYJOBS LIST SUMMARY
1. Security Software Engineer - Bay Area, CA - Greythor... (Thread)
2. Positions Opened in San Diego, CA (Thread)
3. Security Risk Assessment (Thread)
4. PGP Corporation Cert Progam Manager (Thread)
5. VP of Channel Sales - Security Technologies (Thread)
6. Validation of Clearance (Thread)
7. Information Security Operations Intelligence Analyst (Thread)
8. Director Quality Assurance Silicon Valley (Thread)
9. Security Test Engineer4 (Thread)
10. [job] Eastern Regional Sales Manager (NY, NJ. PA) (Thread)
11. Security Software Engineer (Thread)
12. [job] Western Regional Sales Manager (Thread)
13. Information Security Officer- Iowa (Thread)
14. 6+ months Network Engineer contract position - $500/... (Thread)
15. Full time Security Consultant position in Pittsburgh... (Thread)
16. Sr. SWE, Team Lead, Burlington, MA (Thread)
17. Network or Application Security Architect - Seattle,... (Thread)
18. Manager, Security and Technology Solutions Practice,... (Thread)
19. Security and audit professional available for volunt... (Thread)
20. Security Technical Consultant-San Francisco, CA (Thread)
21. Security openings with Ernst and Young LLP (Thread)
22. Senior Manager, Security and Technology Solutions pr... (Thread)
23. Cyber Incident Specialist #869JS - Boston, MA - 80k-... (Thread)
24. Security Assessment - 2-3 week engagement - Portland... (Thread)
25. Unix Security Assessment/Audit Position - San Diego/... (Thread)
26. job market in DFW? (Thread)
27. Three Security Trainier vacancies (Thread)
28. Business Security Advisor vacancy (Thread)
29. IT Risk and LAN Security Manager vacancy (Thread)
30. Global Disaster Recovery Officer vacancy (Thread)
31. Canada - QA Manager with Rising Star in Network Secu... (Thread)
32. Information Security Specialist / Project Manager #8... (Thread)
33. Looking for recruiter referrals (Thread)
34. Canada - Senior S/W Engineer with Rising Star in Net... (Thread)
35. IDS Consultants with ISS implementation experience -... (Thread)
36. IDS Security Consultants Needed (Thread)
37. Auditor Positions - Alexandria/Quantico VA area (Thread)
38. Pre Sales Security Engineer Silicon Valley (Thread)
39. Product Manager - Enterprise Products (Thread)
40. Security and Systems Engineering Work - San Diego Ar... (Thread)
41. BIOMETRIC FINGERPRINT Secuirty pro needed-- (Thread)
42. Senior Security Consultant - United Kingdom (Souther... (Thread)
43. Security Engineer (Thread)
44. Security Engineer PKI (Thread)
45. Authorization Architect (Thread)
46. Security Engineer HIPAA (Thread)
47. Certification & Accreditation Consultants -- Washin... (Thread)
48. Senior Network and Security Engineer Position -- Was... (Thread)
49. Help me find a System Administrator or Security Engi... (Thread)
50. Risk Assessment Consultants-- Washington, DC (Thread)
51. Security Policy Consultant for Federal Govt. Project... (Thread)
52. IDS Expert Needed-Washington DC (Thread)
53. SecurityGuys, a securityjobs-like list for Brazil (Thread)
VI. INCIDENTS LIST SUMMARY
1. IIS Search Method Overflow being revisted? (Thread)
2. unusual traffic - port 60295 (Thread)
3. new variant of witty worm ???? (Thread)
4. ICMP Scan (Thread)
5. iptables/netfilter logs viewer/analyzer (Thread)
6. Possible break in (Thread)
7. Article Announcement: Forensic Analysis of a Live Li... (Thread)
8. very weird traffic (Thread)
9. New virus? (Thread)
10. Release of Rootkit Hunter 1.0.0 (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. ISS 'Witty' Worm Analyzed (Thread)
2. Analysis of the Exploitation Processes (.pdf) (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. process tracking (Thread)
2. Hardening TCP/IP Stack; conflicting sources (Thread)
3. security tools (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NFS Over Private Network (Thread)
X. LINUX FOCUS LIST SUMMARY
1. how to avoid user1 becoming user2 using local root ? (Thread)
2. nis : how to avoid user1 becoming user2 using local ... (Thread)
3. Rewrite Rules, SSL, and .htaccess (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dogs of War: Securing Microsoft Groupware Environments with Unix (Pt.1)
By Bob Rudis
This article discusses the implementation of layered mail security using
Unix as MTA in front of Microsoft groupware products. Part one describes
the use of Sendmail, MIMEDefang and SpamAssassin.
http://www.securityfocus.com/infocus/1770
2. Security Patches by Modem? Forget it!
By Scott Granneman
Let's face it - there is no way for dial-up users on any major operating
system to keep their computers up-to-date and patched. OK, maybe "no way"
is an exaggeration. How about, "a difficult, burdensome, time-consuming,
very prone to failure way?"
http://www.securityfocus.com/columnists/230
3. When Gaming is a Gamble
By Mark Rasch
A new Justice Department policy threatens to jail security professionals
who help lock down online gambling sites anywhere in the world.
http://www.securityfocus.com/columnists/229
II. BUGTRAQ SUMMARY
-------------------
1. Belchior Foundry VCard Authentication Bypass Vulnerability
BugTraq ID: 9910
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9910
Summary:
It has been reported that vCard is prone to a remote authentication bypass
vulnerability. This issue is due to a design error that would allow a
malicious user access to certain admin functionality without having to
first authenticate to the application.
This issue may be leveraged to manipulate the application database,
potentially destroying data.
2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
BugTraq ID: 9911
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9911
Summary:
It has been reported that Error Manager is prone to multiple
vulnerabilities. These issues are due to failure to validate user input,
failure to handle exceptional conditions and simple design errors.
These issues may be leveraged to carry out cross-site scripting attacks,
reveal information about the application configuration and initiate HTML
injection attacks against the affected system.
3. Symantec Norton Internet Security/Personal Firewall Remote D...
BugTraq ID: 9912
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9912
Summary:
eEye Digital Security has reported an unspecified remotely exploitable
denial of service vulnerability in Symantec Norton Internet Security 2004
and Norton Personal Firewall 2004 products.
4. Internet Security Systems Protocol Analysis Module ICQ Parsi...
BugTraq ID: 9913
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9913
Summary:
It has been reported that the Internet Security Systems (ISS) Protocol
Analysis Module is prone to a remote buffer overflow vulnerability when
parsing the ICQ protocol. This issue exists due to insufficient bounds
checking performed on certain unspecified ICQ protocol fields supplied in
ICQ response data.
Successful exploitation of this issue may allow a remote attacker to
execute arbitrary code on a vulnerable system in order to gain
unauthorized access. This attack would occur in the context of the
vulnerable process.
This module is used to parse network protocols and is included in a number
of products provided by ISS, including various RealSecure and BlackICE
releases.
5. Apple Mac OS X Server Administration Service Undisclosed Rem...
BugTraq ID: 9914
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9914
Summary:
An undisclosed buffer overflow vulnerability has been reported in Apple
Mac OS X Server Administration service. This service has been reported to
be exclusively associated with port 660.
The reports indicate that when this service handles a request that is 2056
bytes long the service will crash and restart.
This BID will be updated as further details regarding this issue are
disclosed.
6. Symantec Norton Internet Security WrapNISUM Class Remote Com...
BugTraq ID: 9915
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9915
Summary:
Symantec Norton Internet Security is prone to a vulnerability that may
potentially allow for remote command execution.
This vulnerability is exposed via the WrapNISUM Class ActiveX component.
This component may potentially be invoked to launch a resource via a UNC
path from malicious web page or HTML e-mail. This resource would likely
be a malicious attacker-supplied executable.
7. Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun ...
BugTraq ID: 9916
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9916
Summary:
Symantec Norton AntiSpam has been reported prone to a remotely exploitable
buffer overrun vulnerability.
This issue exists in the SymSpamHelper Class ActiveX component, which
could be invoked from a web page or HTML e-mail with malformed parameters
sufficient to trigger the condition. This could be exploited to execute
arbitrary code with the privileges of the client user.
8. Jetty Unspecified Denial Of Service Vulnerability
BugTraq ID: 9917
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9917
Summary:
An unspecified denial of service vulnerability has been reported in Jetty
Java HTTP Servlet Server. It is conjectured that this may be exploited
remotely.
9. Clever's Games Terminator 3: War of the Machines Remote Clie...
BugTraq ID: 9918
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9918
Summary:
It has been reported that Terminator 3: War of the Machines game client
may be prone to a buffer overflow vulnerability that may allow remote
attackers to execute arbitrary code on a vulnerable system in order to
gain unauthorized access. This vulnerability can be reproduced by sending
server information of over 200 characters via the 'ServerInfo' variable to
a vulnerable client. When the client reads in the string, sensitive
regions of memory may be corrupted with attacker-supplied values.
Terminator 3: War of the Machines version 1.0 is reported to be affected
by this issue.
10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
BugTraq ID: 9919
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9919
Summary:
Reportedly SquidGaurd is prone to a remote NULL URL character unauthorized
access vulnerability. This issue is due to a failure of the application
to properly filter out invalid URIs.
Successful exploitation of this issue may allow a remote attacker to
bypass access controls resulting in unauthorized access to
attacker-specified resources. This may allow the attacker to gain
unauthorized access to sensitive resources.
Although it has not been confirmed, this issue may be related to the issue
defined in BID 9778.
11. NullSoft Winamp Long File Name Denial of Service Vulnerabili...
BugTraq ID: 9920
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9920
Summary:
It has been reported that Winamp may be prone to a denial of service
vulnerability when processing files with a name exceeding 246 characters.
Immediate consequences of this issue may result in the application
crashing. Although unconfirmed, due to the nature of this vulnerability
an attack could result in a buffer overflow condition and may lead to
arbitrary code execution. Any code execution would occur in the context
of the user running the application.
Winamp 5.02 was identified as the vulnerable version, however, it is
possible that other versions are affected as well.
Conflicting reports have surfaced regarding this issue. It is possible
that this issue may not be valid. This BID will be updated or retired as
more information becomes available.
12. Apache Connection Blocking Denial Of Service Vulnerability
BugTraq ID: 9921
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9921
Summary:
Apache is prone to an issue that may permit remote attackers to cause a
denial of service issue via a listening socket on a rarely accessed port.
This will reportedly block out new connections to the server until another
connection on the rarely accessed socket is initiated.
The functionality that exposes this issue is reportedly enabled by default
on all platforms except Windows.
13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
BugTraq ID: 9922
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9922
Summary:
It has been reported that the FVWM fvwm_make_browse_menu.sh script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.
14. NullSoft Winamp Malformed File Name Denial of Service Vulner...
BugTraq ID: 9923
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9923
Summary:
It has been reported that Winamp may be prone to a denial of service
vulnerability when processing malformed file names. This issue is
reported to present itself when a file with a malformed file name is
processed by the application. Specifically, if the file name contains an
excessive amount of characters and has '.mid' extension.
Winamp 5.01 an prior were reported to be prone to this issue, however, it
is possible that other versions are affected as well.
15. Microsoft Windows XP Explorer.EXE Remote Denial of Service V...
BugTraq ID: 9924
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9924
Summary:
Microsoft Windows Explorer for Windows XP has been reported to be prone to
a remote denial of service vulnerability.
This issue is due to a failure of the application to properly validate
user-supplied input via the 'shell:' command. The 'shell:' command is a
parameter that a user can specify when including a URI in an HTML tag.
This command allows the HTML script to potentially execute any program
specified after the 'shell:' command.
Successful exploitation of this issue would cause the affected application
to crash, denying service to legitimate users.
16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
BugTraq ID: 9925
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9925
Summary:
It has been reported that the FVWM 'fvwm_make_directory_menu.sh' script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.
17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
BugTraq ID: 9926
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9926
Summary:
It has been reported that the 'smbprint-new.sh' sample Samba script is
prone to a local insecure temporary file handling symbolic link
vulnerability. This issue is due to a design error that allows the
application to insecurely write to a temporary file that is created with a
predictable file name.
An attacker may exploit this issue to corrupt arbitrary files. This
corruption may potentially result in the elevation of privileges, or in a
system wide denial of service.
It should be noted that the 'smbprint-new.sh' is a sample script located
in the 'examples' directory. This script is not intended for commercial
use. The 'smbprint' script included in the 'packaging' directory is not
vulnerable to this issue. Individual package distributions may vary.
18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
BugTraq ID: 9927
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9927
Summary:
Reportedly the 'ttaarchives.cgi' script bundled with Tarantella Enterprise
3 is prone to a remote cross-site scripting vulnerability. This issue is
due to a failure of the application to sufficiently sanitize user supplied
URI input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.
19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
BugTraq ID: 9928
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9928
Summary:
Reportedly the 'ttacab.cgi' script bundled with Tarantella Enterprise 3 is
prone to a remote cross-site scripting vulnerability. This issue is due
to a failure of the application to sufficiently sanitize user supplied URI
input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.
20. Borland Interbase Database User Privilege Escalation Vulnera...
BugTraq ID: 9929
Remote: No
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9929
Summary:
By default, insecure permissions are set on the file storing the user
database that is shipped with Borland Interbase. The permissions, 0666,
permit all users to write to the file. This configuration error can be
exploited to gain administrative access within the database. The
consequences of this flaw may extend further if the database supports
applications.
21. Apache Error Log Escape Sequence Injection Vulnerability
BugTraq ID: 9930
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9930
Summary:
It has been reported that the Apache web server is prone to a remote error
log escape sequence injection vulnerability. This issue is due to an
input validation error that may allow escape character sequences to be
injected into apache log files.
This may facilitate exploitation of issues such as those found in BIDs
6936 and 6938.
This issue may allow an attacker to carry out a number of actions
including arbitrary file creation and code execution on the affected
system.
22. Expinion.net Member Management System ID Parameter SQL Injec...
BugTraq ID: 9931
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9931
Summary:
It has been reported that Member Management System may be prone to a SQL
injection vulnerability that may allow a remote attacker to inject
malicious SQL syntax into database queries. The problem is reported to
exist in the 'ID' parameter contained within the 'resend.asp' and
'news_view.asp' scripts.
Member Management System version 2.1 has been reported to be affected by
this issue, however, other versions may be vulnerable as well.
23. Expinion.net Member Management System Multiple Cross-Site Sc...
BugTraq ID: 9932
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9932
Summary:
It has been reported that a number of Member Management System scripts are
prone to cross-site scripting vulnerabilities. These issues are reportedly
due to a failure to sanitize user input and so allow HTML and script code
that may facilitate cross-site scripting attacks. The issues are reported
to affect the 'err' parameter of 'error.asp' script and the 'register.asp'
script.
Member Management System version 2.1 has been reported to be affected by
this issue, however, other versions may be vulnerable as well.
24. Apache mod_disk_cache Module Client Authentication Credentia...
BugTraq ID: 9933
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9933
Summary:
It has been reported that Apache mod_disk_cache module may be prone to a
weakness that could result in an attacker gaining access to proxy or
standard authentication credentials. The mod_disk_cache module is
reported to store HTTP Hop-by-hop headers including user login and
password information in plaintext format on disk.
This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials. Successful exploitation of this issue may lead to further
attacks agains vulnerable users of the affected host.
Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed
to be affected by this issue.
25. Novell NetWare Admin/Install Password Disclosure Vulnerabili...
BugTraq ID: 9934
Remote: No
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9934
Summary:
Novell has reported a vulnerability in Novell NetWare 6.5 Support Pack 1.1
that may allow an attacker to gain access to the administrator password.
According to Novell this vulnerability only affects users who meet the
following conditions:
1) Performed installations or upgrades (locally or remotely) using the
NetWare 6.5 Support Pack 1.1 Overlay CDs.
2) Selected Custom Installation and selected the OpenSSH component.
The admin/install password is stored in the 'NIOUTPUT.TXT' and 'NI.LOG'
files. The likelihood of successful exploitation of this issue is
relatively small as these files are usually protected by the operating
system via the administrator's access controls.
26. Expinion.net News Manager Lite Multiple Vulnerabilities
BugTraq ID: 9935
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9935
Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to carry out SQL injection, cross-site scripting, and
account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp',
'category_news_headline.asp', 'more.asp', 'category_news.asp', and
'ews_sort.asp' scripts. Further more a cookie account hijacking issue was
also discovered in the application that may allow a remote attacker to
gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however,
other versions may be affected as well.
27. XWeb Directory Traversal Vulnerability
BugTraq ID: 9937
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9937
Summary:
XWeb is reportedly prone to directory traversal attacks. Remote attackers
may exploit this issue to gain access to sensitive files outside of the
server root. This would occur in the context of the server, i.e.: any
files the server could access would also be accessible to the attacker.
28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
BugTraq ID: 9938
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9938
Summary:
It has been reported that phpBB may be prone to a cross-site scripting
vulnerability that may allow an attacker to execute arbitrary HTML or
script code in a user's browser. The issue exists due to insufficient
sanitization of user-supplied input via the 'avatarselect' form parameter
of 'profile.php' script.
phpBB 2.0.6d has been reported to be prone to this issue, however, other
versions could be affected as well.
29. Xine Bug Reporting Script Insecure Temporary File Creation V...
BugTraq ID: 9939
Remote: No
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9939
Summary:
The xine bug reporting scripts (xine-bugreport and xine-check) create
temporary files in an insecure manner. A malicious local user could take
advantage of this issue by mounting a symbolic link attack to corrupt
other system files, most likely resulting in destruction of data.
Privilege escalation is also theoretically possible. This issue is only
exposed when the vulnerable scripts are run to submit a bug report to the
vendor.
It should be noted that xine-bugreport and xine-check are separate
instances of the same script.
30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
BugTraq ID: 9940
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9940
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'ptivate.php' script. This issue is reportedly due to
a failure to sanitize user input and so allow for injection of HTML and
script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.
31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
BugTraq ID: 9941
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9941
Summary:
Mod_Survey is prone to HTML injection attacks via survey input fields.
They may permit remote attackers to persistently inject HTML and script
code into surveys, which may be rendered in the web browser of
administrative or other users.
Exploitation could permit for theft of cookie-based authentication
credentials. Other attacks are also possible.
32. phpBB Multiple Input Validation Vulnerabilities
BugTraq ID: 9942
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9942
Summary:
It has been reported that phpBB may be prone to multiple vulnerabilities
that could allow an attacker to carry out SQL injection and cross-site
scripting attacks. These vulnerabilities result from insufficient
sanitization of user-supplied input via the 'id' parameter of
'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles'
module.
phpBB versions 2.0.7a and prior are reported to be prone to these issues.
33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
BugTraq ID: 9943
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9943
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'index.php' script in both the 'admincp' and 'modcp'
application directories. This issue is reportedly due to a failure to
sanitize user input and so allow for injection of HTML and script code
that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.
34. Invision Gallery Multiple SQL Injection Vulnerabilities
BugTraq ID: 9944
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9944
Summary:
It has been reported that Invision Gallery may be prone to multiple sql
injection vulnerabilities, allowing an attacker to influence SQL query
logic. The issues exist due to insufficient sanitization of user-supplied
data via the 'img', 'cat', 'sort_key', 'order_key', 'user' and 'album'
parameters of the gallery module accessed via the 'index.php' script.
Invision Gallery is a gallery system that can be used as a plugin for
Invision Power Board. Invision Gallery 1.0.1 is reported to be prone to
these issues, however, other versions could be affected as well.
35. Invision Power Top Site List Comments function id Parameter ...
BugTraq ID: 9945
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9945
Summary:
It has been reported that Top Site List may be prone to an SQL injection
vulnerability that may allow remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other
attacks. The issue exists due to insufficient sanitizing of the 'id' URI
parameter when using the 'comments' feature in 'index.php' script.
Invision Power Top Site List versions 1.1 RC 2 and prior are reported
prone to this issue.
36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
BugTraq ID: 9946
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9946
Summary:
Reportedly MS-Analysis is prone to a remote information disclosure
vulnerability. This issue is due to a design error that displays
sensitive system information when certain errors are triggered.
The problem presents itself when an error condition is triggered in all
scripts residing in the 'scripts' directory of the MS-Analysis directory.
It has also been reported that this issue affects the 'mstrack.php' and
'title.php' scripts in the MS-Analysis root directory.
These issues may be leveraged to gain sensitive information about the
affected system potentially aiding an attacker in mounting further
attacks.
37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
BugTraq ID: 9947
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9947
Summary:
It has been reported that MS-Analysis is prone to a multiple cross-site
scripting vulnerabilities. These issues are due to a failure of the
application to properly sanitize user supplied URI parameters.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
BugTraq ID: 9948
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9948
Summary:
Reportedly the MS-Analysis module is prone to a remote SQL injection
vulnerability. This issue is due to a failure to properly sanitize user
supplied HTTP header input before using it in an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.
39. Centrinity FirstClass HTTP Server TargetName Parameter Cross...
BugTraq ID: 9950
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9950
Summary:
It has been reported that FirstClass HTTP Server may be prone to a
cross-site scripting vulnerability that may allow a remote attacker to
execute arbitrary HTML or script code in a user's browser. The issue
presents itself due to insufficient sanitization of user-supplied data via
the 'TargetName' parameter of 'Upload.shtml' script.
Since this vulnerability affects the web server there is a possibility of
an attacker crossing domains if multiple domains are hosted on one web
server. The vendor has reported that this vulnerability only affects the
'standard' template set. The 'webmail' and 'mobile' template sets do not
contain the 'Upload.shtml' script.
Centrinity FirstClass versions 7.1 and prior may be vulnerable to this
issue.
40. ReGet Software ReGet Directory Traversal Vulnerability
BugTraq ID: 9951
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9951
Summary:
It has been reported that ReGet may be prone to a directory traversal
vulnerability that may allow remote attackers to upload files to arbitrary
locations on a target system. The attacker may supply encoded directory
traversal sequences in the URI parameter so that the requested file is
saved outside of the default download directory specified by the user.
ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue,
however, other versions could be affected as well.
41. Ethereal Multiple Vulnerabilities
BugTraq ID: 9952
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9952
Summary:
Ethereal 0.10.3 has been released to address multiple vulnerabilities.
These issues include:
- Thirteen stack-based buffer overruns in various protocol dissectors
(NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP).
- A denial of service that is triggered by a zero length Presentation
protocol selector.
- Specially crafted RADIUS packets may cause a crash in Ethereal.
- Corrupt color filter files may cause a crash in Ethereal.
These issues may result in a denial of service or potentially be leveraged
to execute arbitrary code in the instance of the buffer overruns.
42. Ipswitch WS_FTP Multiple Vulnerabilities
BugTraq ID: 9953
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9953
Summary:
Multiple vulnerabilities have been identified in the WS_FTP Server and
client applications. These vulnerabilities may allow remote attackers to
execute arbitrary code, cause denial of service attacks and gain
administrative level access to a server.
The issues include two remote buffer overflow vulnerabilities in the
client, a denial of service vulnerability in the server and an access
validation issue in the server leading to remote command execution with
SYSTEM privileges.
These issues are undergoing further analysis. This BID will be divided
into separate issues as analysis is completed.
43. Foxmail Remote Buffer Overflow Vulnerability
BugTraq ID: 9954
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9954
Summary:
It has been reported that Foxmail is prone to a remote buffer overflow
vulnerability. This issue is due to a failure of the application to
verify buffer boundaries when processing user supplied email headers.
A remote attacker may potentially exploit this issue to cause the email
client to crash, denying service to the victim user. It is also possible
to further leverage this issue in order to execute arbitrary code; this
code would be executed in the security context of the user running the
affected email client.
44. Hibyte HiGuest Message Field HTML Injection Vulnerability
BugTraq ID: 9955
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9955
Summary:
Hibyte's HiGuest guestbook software is prone to HTML injection attacks.
This issue is exposed via the message form field in the guestbook entry
submission form.
Exploitation could permit remote attackers to persistently inject hostile
HTML and script code into guestbook content. This could allow for theft
of cookie-based authentications or other attacks, such as those which
misrepresent guestbook content.
45. SSH Communications SSH Tectia Server Private Key Disclosure ...
BugTraq ID: 9956
Remote: No
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9956
Summary:
It has been reported that SSH Tectia Server may be prone to a private key
disclosure vulnerability due to an unspecified weakness in the password
change mechanism functionality employed by the server. Because of this, a
local attacker may be able to gain access to the private host key of a
vulnerable system. It has been reported that the password change
mechanism is not enabled by default.
SSH Tectia Server for Unix versions 4.0.3 and 4.0.4 are affected by this
issue. Tectia Server for Windows is not vulnerable to this issue.
46. DameWare Mini Remote Control Server Weak Random Key Generati...
BugTraq ID: 9957
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9957
Summary:
It has been reported that DameWare Mini Remote Control Server may prone to
a weak random key generation weakness that could allow an attacker to
determine the key and therefore ultimately expose encrypted authentication
credentials. This issue exists due to a weak random bit generator is
being used to generate encryption keys. These keys are used by the
application to encrypt user credentials.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by
this issue, however, it is possible that prior versions are vulnerable as
well.
47. Common Desktop Environment DTLogin Unspecified Remote Double...
BugTraq ID: 9958
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9958
Summary:
It has been reported that a double free vulnerability exists in the
dtlogon process of CDE. This issue presents itself due to the free()
function being called on the same allocated chunk of memory more than
once. This problem occurs prior to any authorization.
Successful exploitation of this issue could lead to the corruption of an
arbitrary location in memory, ultimately allowing for the attacker to
control the execution flow of the affected process.
48. DameWare Mini Remote Control Server Clear Text Encryption Ke...
BugTraq ID: 9959
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9959
Summary:
It has been reported that DameWare Mini Remote Control Server may be prone
to a clear text encryption key disclosure vulnerability. The issue
presents itself because the file encryption key is sent over the network
in plain text format.
Dameware Mini Remote Control version 4.1.0.0 is reported to be affected by
this issue, however, it is possible that prior versions are vulnerable as
well.
49. Mythic Entertainment Dark Age of Camelot Encryption Key Sign...
BugTraq ID: 9960
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9960
Summary:
An encryption key signing vulnerability has been reported to exist in Dark
Age of Camelot. This issue is due to a design error in the application
that carries out encryption without having the encryption key signed or
verified by the affected server.
This issue may allow for an attacker to carry out man-in-the-middle
attacks against a vulnerable system. Successful exploitation may allow an
attacker to gain access to sensitive information transmitted between the
client and the games server.
50. FluidGames The Rage Game Server Remote Denial of Service Vul...
BugTraq ID: 9961
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9961
Summary:
It has been reported that The Rage is prone to a denial of service
vulnerability when processing client request packets containing 0 for the
values of the client IP address and Port number. This issue results in an
exceptional condition causing the server to enter an infinite loop leading
to a hang.
The Rage 1.01 and prior are reported to be affected by this issue.
51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
BugTraq ID: 9962
Remote: No
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9962
Summary:
It has been reported that Sun Solaris may be prone to a local privilege
escalation vulnerability that may allow an attacker to gain root access to
a vulnerable system. The issue exists due to insufficient sanitization of
user-supplied data via the vfs_getvfssw() function in the Solaris kernel.
An attacker can load a user-specified kernel modules by using directory
traversal sequences and employing the mount() or sysfs() system calls.
52. Microsoft Visual C++ MFC ISAPI Extension Denial Of Service V...
BugTraq ID: 9963
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9963
Summary:
It has been reported that ISAPI (Internet Server Application Programming
Interface) extensions that are built using the MFC (Microsoft Foundation
Classes) static library in Microsoft Visual C++ are prone to a denial of
service vulnerability. This could occur during POST requests when the
ISAPI extension is under heavy load.
Microsoft Visual C++ is included in Microsoft Visual Studio. This
reportedly affects Microsoft Visual C++/Studio 6.
53. Kerio WinRoute Firewall Unspecified Malformed HTTP Header De...
BugTraq ID: 9964
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9964
Summary:
It has been reported that WinRoute Firewall may be prone to an unspecified
remote denial of service vulnerability that may allow an attacker to cause
the firewall process to crash or hang. This issue occurs when the
application parses malformed HTTP headers.
WinRoute Firewall versions 5.1.9 and prior are reported prone to this
issue.
Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes available.
54. CPanel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 9965
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9965
Summary:
Reportedly cPanel is prone to multiple cross-site scripting
vulnerabilities. These issues are due to a failure of the application to
properly validate user supplied URI input.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
55. Trend Micro Interscan Viruswall localweb Directory Traversal...
BugTraq ID: 9966
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9966
Summary:
It has been reported that InterScan VirusWall may to a directory traversal
vulnerability that may allow an attacker to request files from the
'/ishttp/localweb' directory and any sub directories of 'localweb' with
directory traversal strings such as '../'.
56. Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injec...
BugTraq ID: 9967
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9967
Summary:
It has been reported that the VP-ASP Shopping Cart is prone to a remote
SQL injection vulnerability. This issue is due to a failure of the
application to properly sanitize user input before using it in an SQL
query.
It may be possible for an attacker to leverage this issue to disclose the
administrator password hash, or other sensitive information contained
within the database by exploiting this issue.
57. rident.pl Symbolic Link Vulnerability
BugTraq ID: 9968
Remote: No
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9968
Summary:
It has been reported that rident.pl may be prone to a symbolic link
vulnerability that may allow an attacker to corrupt or overwrite arbitrary
files. This issue exists because the script writes output to a temporary
file as 'rident.pid' in 'tmp' directory.
It has been reported that a user will require root privileges to invoke
the affected script; this may increase the impact of this vulnerability.
58. PicoPhone Internet Phone Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 9969
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9969
Summary:
It has been reported that Picophone is prone to a remote buffer overflow
vulnerability. This issue is due to the application failing to verify the
size of user input before storing it in a finite buffer.
Successful exploitation of this issue will cause a denial of service
condition to be triggered. The attacker may also leverage this issue to
execute arbitrary code; this code would be executed in the security
context of the user running the affected process.
59. NexGen FTP Server Remote Directory Traversal Vulnerability
BugTraq ID: 9970
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9970
Summary:
It has been reported that the Nexgen FTP server is prone to a remote
directory traversal vulnerability. This issue is due to a failure of the
application to properly sanitize file request strings from authenticated
users.
Successful exploitation of this vulnerability may allow a remote attacker
to gain access to sensitive information that may be used to launch further
attacks against a vulnerable system.
60. HP Web Jetadmin Printer Firmware Update Script Arbitrary Fil...
BugTraq ID: 9971
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9971
Summary:
HP Web Jetadmin is prone to an issue which may permit remote users to
upload arbitrary files to the management server.
This issue exists in the printer firmware update script. Given the
ability to place arbitrary files on the server to an attacker-specified
location, it may be possible to execute arbitrary code, though this will
require exploitation of other known vulnerabilities, such as BID 9972 "HP
Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".
Authentication, if it has been enabled, would be required to exploit this
issue.
This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows
platform. Other versions may be similarly affected.
61. HP Web Jetadmin setinfo.hts Script Directory Traversal Vulne...
BugTraq ID: 9972
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9972
Summary:
It has been reported that HP Web JetAdmin may be prone to a directory
traversal vulnerability allowing remote attackers to access information
outside the server root directory. The problem exists due to insufficient
sanitization of user-supplied data passed via the 'setinclude' parameter
of 'setinfo.hts' script.
This vulnerability can be combined with HP Web Jetadmin Firmware Update
Script Arbitrary File Upload Weakness (BID 9971) to upload malicious files
to a vulnerable server in order to gain unauthorized access to a host.
This issue has been tested with an authenticated account on HP Web
Jetadmin version 7.5.2546 running on a Windows platform.
62. HP Web Jetadmin Remote Arbitrary Command Execution Vulnerabi...
BugTraq ID: 9973
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9973
Summary:
Reportedly HP web Jetadmin is prone to a remote arbitrary command
execution vulnerability. This issue is due to a failure of the
application to properly validate and sanitize user supplied input.
Successful exploitation of this issue will allow a malicious user to
execute arbitrary commands on the affected system.
This issue has been tested with an authenticated account on HP Web
Jetadmin version 7.5.2546 running on a Windows platform.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Would-be whistleblower indicted for keyboard tap
By: Kevin Poulsen
The first U.S. prosecution for illegal use of a hardware key logger is
against an insurance company insider who claims he was gathering evidence
for state investigators. Did he go too far?
http://www.securityfocus.com/news/8329
2. Report: Phishing attacks on the rise
By: Kevin Poulsen
A new report finds a 60 percent increase in one month in the variety of
spammy scam mails sent by identity thieves.
http://www.securityfocus.com/news/8289
3. Anti-piracy vigilantes track file sharers
By: Kevin Poulsen
Crime-busting coders spark controversy when they circulate a Trojan horse
on peer-to-peer networks designed to chastise pirates, and report back to
a public website.
http://www.securityfocus.com/news/8279
4. Former security czar morphs into Rasputin
By: Thomas C. Greene, The Register
http://www.securityfocus.com/news/8353
5. UK small.biz is lousy at virus protection
By: John Oates, The Register
http://www.securityfocus.com/news/8352
6. Campaigners fight biometric passports
By: John Leyden, The Register
http://www.securityfocus.com/news/8351
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. ZoneCD v0.2-4gui
By: The Public IP ZoneCD has been created to help implement safe, free,
wifi hotspots. NoCat dynamic fir
Relevant URL: http://www.publicip.net/
Platforms: N/A
Summary:
The Public IP ZoneCD has been created to help implement safe, free, wifi
hotspots. NoCat dynamic firewall rules are used for user access and
authentication. A transparent proxy sends all "Public" requests from NoCat
through a content filter (Dansguardian) to block porn, hacker sites,
extreme violence, illegal drugs, and other obscene and explicit Web sites.
The content filter also blocks files extensions to protect your network
from viruses, and restricts file sizes to save bandwidth.
2. Ethereal v0.10.3
By: Gerald Combs, <gerald (at) ethereal (dot) com [email concealed]>
Relevant URL: http://www.ethereal.com/
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, SCO,
Solaris, True64 UNIX
Summary:
Ethereal is a network protocol analyzer, or "packet sniffer", that lets
you capture and interactively browse the contents of network frames. The
goal of the project is to create a commercial-quality packet analyzer for
Unix, and the most useful packet analyzer on any platform.
3. Luneta v0.5
By: Glaucius Djalma Pereira Junior <glaucius (at) intnet.com (dot) br [email concealed]>
Relevant URL: http://luneta.intnet.com.br/
Platforms: Os Independent
Summary:
Luneta is a Web-based host and system monitor which uses SNMP.
4. Dazuko v2.0.1-pre2
By: John Ogness
Relevant URL: http://www.dazuko.org/
Platforms: FreeBSD, Linux
Summary:
This project provides a kernel module which provides 3rd-party
applications with an interface for file access control. It was originally
developed for on-access virus scanning. Other uses include a file-access
monitor/logger or external security implementations. It operates by
intercepting file-access calls and passing the file information to a
3rd-party application. The 3rd-party application then has the opportunity
to tell the kernel module to allow or deny the file-access. The 3rd-party
application also receives information about the file, such as type of
access, process ID, user ID, etc.
5. Securepoint Firewall and VPN Server v4.0 (S4)
By: Lutz Hausmann
Relevant URL: http://www.securepoint.cc/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Securepoint Firewall and VPN Server is a high-performance application
designed to offer full protection for network assets. The Security Manager
offers a graphical user interface with many features, different
configurations, and advanced reporting functions. The Securepoint server
is a complete firewall and VPN software system with an operating system
based on a secure Linux. VPN operation supports PPTP and IPSec (X.509
certificates, preshared, RSA signature). You can use the firewall on a
standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN).
It is very easy to install and administer. The Securepoint Security
Manager is available in English, German, and Spanish, and works in online
and offline mode.
6. Snort2Pf v3.1
By: Stephan Schmieder <ssc@thinknerd .org>
Relevant URL: http://www.unix-geek.info/codedocs/snort2pf.html
Platforms: OpenBSD
Summary:
Snort2Pf is a small Perl daemon which greps the snort Alertfile and blocks
the IP addresses of attackers for a given span of time. It only works a
systems with pf installed (OpenBSD and others).
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Security Software Engineer - Bay Area, CA - Greythor... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358796
2. Positions Opened in San Diego, CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358795
3. Security Risk Assessment (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358794
4. PGP Corporation Cert Progam Manager (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358792
5. VP of Channel Sales - Security Technologies (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358748
6. Validation of Clearance (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358745
7. Information Security Operations Intelligence Analyst (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358744
8. Director Quality Assurance Silicon Valley (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358742
9. Security Test Engineer4 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358740
10. [job] Eastern Regional Sales Manager (NY, NJ. PA) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358739
11. Security Software Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358738
12. [job] Western Regional Sales Manager (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358737
13. Information Security Officer- Iowa (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358651
14. 6+ months Network Engineer contract position - $500/... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358645
15. Full time Security Consultant position in Pittsburgh... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358643
16. Sr. SWE, Team Lead, Burlington, MA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358564
17. Network or Application Security Architect - Seattle,... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358560
18. Manager, Security and Technology Solutions Practice,... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358510
19. Security and audit professional available for volunt... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358508
20. Security Technical Consultant-San Francisco, CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358503
21. Security openings with Ernst and Young LLP (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358500
22. Senior Manager, Security and Technology Solutions pr... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358499
23. Cyber Incident Specialist #869JS - Boston, MA - 80k-... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358497
24. Security Assessment - 2-3 week engagement - Portland... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358481
25. Unix Security Assessment/Audit Position - San Diego/... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358480
26. job market in DFW? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358477
27. Three Security Trainier vacancies (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358466
28. Business Security Advisor vacancy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358465
29. IT Risk and LAN Security Manager vacancy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358458
30. Global Disaster Recovery Officer vacancy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358456
31. Canada - QA Manager with Rising Star in Network Secu... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358455
32. Information Security Specialist / Project Manager #8... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358454
33. Looking for recruiter referrals (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358453
34. Canada - Senior S/W Engineer with Rising Star in Net... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358452
35. IDS Consultants with ISS implementation experience -... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358449
36. IDS Security Consultants Needed (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358396
37. Auditor Positions - Alexandria/Quantico VA area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358393
38. Pre Sales Security Engineer Silicon Valley (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358390
39. Product Manager - Enterprise Products (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358362
40. Security and Systems Engineering Work - San Diego Ar... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358354
41. BIOMETRIC FINGERPRINT Secuirty pro needed-- (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358294
42. Senior Security Consultant - United Kingdom (Souther... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358287
43. Security Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358258
44. Security Engineer PKI (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358240
45. Authorization Architect (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358239
46. Security Engineer HIPAA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358235
47. Certification & Accreditation Consultants -- Washin... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358193
48. Senior Network and Security Engineer Position -- Was... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358192
49. Help me find a System Administrator or Security Engi... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358186
50. Risk Assessment Consultants-- Washington, DC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358184
51. Security Policy Consultant for Federal Govt. Project... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358182
52. IDS Expert Needed-Washington DC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358181
53. SecurityGuys, a securityjobs-like list for Brazil (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358112
VI. INCIDENTS LIST SUMMARY
--------------------------
1. IIS Search Method Overflow being revisted? (Thread)
Relevant
[ reply ]