SecurityFocus Newsletter #243
------------------------------
This Issue is Sponsored by: Core Security Technologies
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit us at:
http://www.securityfocus.com/sponsor/CoreSecurity_sf-news_040405
to learn more.
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dogs of War: Part Two
2. Host Integrity Monitoring: Best Practices for Deployment
3. Human Nature vs. Security
II. BUGTRAQ SUMMARY
1. OFTPD Port Argument Denial Of Service Vulnerability
2. NetSupport School Weak Password Encryption Vulnerability
3. AIX Invscoutd Symbolic Link Vulnerability
4. XMB Forum Multiple Vulnerabilities
5. PHPBB Privmsg.PHP SQL Injection Vulnerability
6. Multiple Local Linux Kernel Vulnerabilities
7. OpenSSH SCP Client File Corruption Vulnerability
8. EZ Publish Unspecified Template Editor Vulnerability
9. Gnome Gnome-Session Local Privilege Escalation Vulnerability
10. NSTX Remote Denial Of Service Vulnerability
11. Internet Security Systems BlackICE PC/Server Protection Weak...
12. FreeBSD IPv6 Socket Options Handling Local Memory Disclosure...
13. NessusWX Account Credentials Disclosure Vulnerability
14. All Enthusiast Photopost PHP Pro Multiple Input Validation V...
15. Web Fresh Fresh Guest Book HTML Injection Vulnerability
16. Cloisterblog Multiple Unspecified Cross-Site Scripting Vulne...
17. Alan Ward A-Cart Multiple Input Validation Vulnerabilities
18. Systrace Local Policy Bypass Vulnerability
19. WebCT Campus Edition HTML Injection Vulnerability
20. Cloisterblog Journal.pl Directory Traversal Vulnerability
21. Cloisterblog Administration Interface Authentication Weaknes...
22. cPanel Multiple Module Cross-Site Scripting Vulnerabilities
23. TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
24. TCPDump ISAKMP Identification Payload Integer Underflow Vuln...
25. Interchange Remote Information Disclosure Vulnerability
26. PSInclude Remote Arbitrary Command Execution Vulnerability
27. Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerabi...
28. MPlayer Remote HTTP Header Buffer Overflow Vulnerability
29. Oracle Single Sign-On Login Page Authentication Credential D...
30. LinBit Technologies LINBOX Officeserver Remote Authenticatio...
31. LinBit Technologies LinBox Plain Text Password Storage Weakn...
32. Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabili...
33. PHPKit Multiple HTML Injection Vulnerabilities
34. Prozilla Real Estate Payment.PHP Bypass Vulnerability
35. JamesOff QuoteEngine Multiple Parameter Unspecified SQL Inje...
36. MadBMS Unspecified Login Vulnerability
37. Cactusoft CactuShop SQL Injection Vulnerability
38. CactuSoft CactuShop Cross-Site Scripting Vulnerability
39. CDP Console CD Player PrintTOC Function Buffer Overflow Vuln...
40. Roger Wilco Server UDP Datagram Handling Denial Of Service V...
41. Microsoft Internet Explorer HTML Form Status Bar Misrepresen...
42. Roger Wilco Information Disclosure Vulnerability
43. Roger Wilco Server Unauthorized Audio Stream Denial Of Servi...
44. ADA IMGSVR Remote Directory Listing Vulnerability
45. ADA IMGSVR Remote File Download Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. The Internet surveillance cash cow
2. Would-be whistleblower indicted for keyboard tap
3. Report: Phishing attacks on the rise
4. Blaster body count '8m or above' - MS
5. Lawmakers Push Prison For Online Pirates
6. Security is our 'biggest ever challenge' - Gates
IV. SECURITYFOCUS TOP 6 TOOLS
1. GNUnet v0.6.1d
2. Fast Logging Project for Snort v1.2.0
3. WinBlox v6.0
4. Rootkit Hunter v1.04
5. Qryptix v0.2.1
6. NuFW v0.7.0
V. SECURITYJOBS LIST SUMMARY
1. Principal Consultant, EMEA (Thread)
2. Dir. of InfoSec Consulting Practice - Austin Tx Area (Thread)
3. Director Quality Assurance Silicon Valley (Thread)
4. Chief Security Officer - Raleigh, NC (Thread)
5. Professional Services- San Francisco CA (Thread)
6. Security Test Engineer-San Francisco CA (Thread)
7. Security Architect - Albany, NY (Thread)
8. Jr. Level Perimeter Security - St. Louis (Thread)
9. Director of Security Software Sales (CA, Bay Area) (Thread)
10. Cleared with 8 years experience (Thread)
11. Sales Engineer / New York Area / Web Services Securi... (Thread)
12. Senior Security Engineer ? Windows Specialist - Nash... (Thread)
13. Seeking Security or Windows 2000 Exchange position -... (Thread)
14. Senior Security Engineer ? Security Implementations ... (Thread)
15. JOB OPENING: MA, Network Security pre-sales engineer (Thread)
16. Senior Security Engineer/Windows Specialist - HCA - ... (Thread)
17. Director of Sales California (Thread)
18. ArcSight needs Sales Engineer for Boston or NY (Thread)
19. Information Security Officer (Thread)
20. www.Starpoint.com & Security Analyst position in Phi... (Thread)
21. Security Sales Engineer opening in UK (Thread)
22. Mainframe RACF Security Expertise (Thread)
23. consulting opportunity (Thread)
24. Director of Compliance - New Jersey (Thread)
25. 2 Security related opportunities in St. Louis, MO (Thread)
26. SVP IT Compliance for NJ/NYC (Thread)
27. Sr. Solutions Engineer- Smart cards Wash DC (Thread)
28. Security Sales Engineers-New York and San Francisco (Thread)
29. Senior Windows Security Researcher (Thread)
30. Information Quality Background/ Auditor needed in Ri... (Thread)
31. Information Security Advisor - Wash DC (Thread)
32. Senior Management position in Northern Virginia (Thread)
33. Network/Security/Project Consulting/Contract Positio... (Thread)
VI. INCIDENTS LIST SUMMARY
1. Agobot variant - with multi-vulnerability scanner (Thread)
2. Strange authentication attempts (Thread)
3. very weird traffic (Thread)
4. Scanning from source Port 220 for Port 21 (Thread)
5. [list-admin] Strange authentication attempts (Thread)
6. Interesting DNS update traffic (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Outlook Mailto URL:vulnerabilty (Thread)
2. Problem rlogin protocol (Thread)
3. IE Bug in Javascript Navigator Object (Thread)
4. Buffer Overflows (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. ISA Server Crash - More Information (Thread)
2. Fw: ISA Server Crash (Thread)
3. ISA Server Crash (Thread)
4. SecurityFocus Microsoft Newsletter #182 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NFS Over Private Network (Thread)
X. LINUX FOCUS LIST SUMMARY
1. nis : how to avoid user1 becoming user2 using local ... (Thread)
2. iptables firewall script for debian-woody, 2.4.24 (Thread)
3. Rewrite Rules, SSL, and .htaccess (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dogs of War: Securing Microsoft Groupware Environments with Unix(Part2)
By Bob Rudis
This article discusses the implementation of layered mail security using
Unix as an MTA in front of Microsoft groupware products. Part two
describes the use of Qmail, Qmail-Scanner, Clam AntiVirus and
SpamAssassin.
http://www.securityfocus.com/infocus/1772
2. Host Integrity Monitoring: Best Practices for Deployment
By Brian Wotring
The purpose of this article is to highlight the important steps and
concepts
involved in deploying a host integrity monitoring system. These
applications
can be very helpful with detecting unauthorized change, conducting damage
assessment,
and preventing future attacks.
http://www.securityfocus.com/infocus/1771
3. Human Nature vs. Security
By Daniel Hanson
Social engineering in the latest crop of viruses has people jumping
through hoops
to open malicious attachments. How do we change the pattern?
http://www.securityfocus.com/columnists/231
II. BUGTRAQ SUMMARY
-------------------
1. OFTPD Port Argument Denial Of Service Vulnerability
BugTraq ID: 9980
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9980
Summary:
oftpd is prone to a denial of service vulnerability that may be exploited
by remote, unauthenticated attackers. This issue is exposed when the
server receives an FTP PORT command with a value greater than 255 as an
argument.
2. NetSupport School Weak Password Encryption Vulnerability
BugTraq ID: 9981
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9981
Summary:
It has been reported that NetSupport School is prone to a password
encryption vulnerability. This issue is due to a failure of the
application to protect passwords with a sufficiently affective encryption
scheme.
This issue may allow a malicious user to gain access to user and
administrator passwords for the affected application.
3. AIX Invscoutd Symbolic Link Vulnerability
BugTraq ID: 9982
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9982
Summary:
Reportedly AIX invscoutd insecurely handles temporary files; this may
allow a local attacker to destroy data on vulnerable system. This issue
is due to a design error that allows a user to specify a log file that the
process writes to while holding escalated privileges.
This issue may allow a malicious user to corrupt arbitrary files on the
affected system, potentially leading to a system wide denial of service
condition. It has also been conjectured that this issue may be leveraged
to allow an attacker to gain escalated privileges, although this is
unconfirmed.
4. XMB Forum Multiple Vulnerabilities
BugTraq ID: 9983
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9983
Summary:
Multiple vulnerabilities have been reported in XMB Forum. The specific
issues include multiple cross-site scripting and SQL injection
vulnerabilities, in addition to an information disclosure issue.
Various consequences are associated with these issues, such as theft of
cookie-based authentication credentials, modification of SQL query logic
and structure and disclosure of sensitive information about the underlying
environment. Cumulatively, these issues could allow remote attackers to
hijack accounts, compromise the forum, mount attacks on the database and
gather information for further attacks against system resources.
5. PHPBB Privmsg.PHP SQL Injection Vulnerability
BugTraq ID: 9984
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9984
Summary:
Reportedly the 'privmsg.php' phpBB script is prone to a remote SQL
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user-supplied URI parameters before using
them to construct SQL queries to be issued to the underlying database.
This may allow a remote attacker to manipulate query logic, potentially
leading to access to sensitive information such as the administrator
password hash or corruption of database data. SQL injection attacks may
also potentially be used to exploit latent vulnerabilities in the
underlying database implementation.
6. Multiple Local Linux Kernel Vulnerabilities
BugTraq ID: 9985
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9985
Summary:
Multiple local vulnerabilities were reported in the Linux Kernel. These
issues could permit information disclosure via the ext3 filesystem, system
crash through buggy SoundBlaster code, a system crash via a bug in Kernel
DRI support and a denial of service via mremap.
These issues appear to affect the 2.4 Kernel. Few details are known at
this time.
7. OpenSSH SCP Client File Corruption Vulnerability
BugTraq ID: 9986
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9986
Summary:
A vulnerability has been reported in the OpenSSH scp utility. This issue
may permit a malicious scp server to corrupt files on a client system when
files are copied.
This issue is similar to BID 1742.
8. EZ Publish Unspecified Template Editor Vulnerability
BugTraq ID: 9987
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9987
Summary:
eZ publish 3.3-4 was released to address an unspecified security
vulnerability in the template editing module. This may likely be
exploited by an authenticated user with the privileges required to edit
templates.
9. Gnome Gnome-Session Local Privilege Escalation Vulnerability
BugTraq ID: 9988
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9988
Summary:
It has been reported that gnome-session is prone to a local privilege
escalation vulnerability. This issue is due to a problem with
initialization of the LD_LIBRARY_PATH environment variable upon session
start-up.
This issue may be leveraged locally to gain escalated privileges on the
affected system.
10. NSTX Remote Denial Of Service Vulnerability
BugTraq ID: 9989
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9989
Summary:
It has been reported that NSTX is prone to a remote denial of service
vulnerability. This issue is due to a failure of the application to
handle network strings of excessive length.
This issue may allow a remote attacker to cause the affected process to
crash, denying service to legitimate users.
11. Internet Security Systems BlackICE PC/Server Protection Weak...
BugTraq ID: 9990
Remote: Yes
Date Published: Mar 27 2004
Relevant URL: http://www.securityfocus.com/bid/9990
Summary:
BlackICE PC/Server Protection has been reported prone to a weak
configuration vulnerability. The issue presents itself due to a
misconfiguration in the default settings of BlackICE PC Protection; the
issue may result in a decrease in the level of protection that the
software provides.
12. FreeBSD IPv6 Socket Options Handling Local Memory Disclosure...
BugTraq ID: 9992
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9992
Summary:
It has been reported that FreeBSD may be prone to a local memory
disclosure vulnerability that may allow an attacker to access sensitive
memory locations without proper validation. This is a result of improper
handling of some IPv6 socket options.
FreeBSD employs the KAME Project IPv6 implementation, however, this issue
does not affect other operating systems.
FreeBSD 5.2-RELEASE is reported to be affected by this vulnerability.
13. NessusWX Account Credentials Disclosure Vulnerability
BugTraq ID: 9993
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9993
Summary:
It has been reported that NessusWX may be prone to an account credentials
disclosure vulnerability that may allow a local attacker to gain access to
accounts for remote services such as FTP, IMAP, POP2, POP3, NNTP, SNMP,
and SMB. The issue exists because the application stores credentials such
as usernames and passwords for remote hosts in plain text format on the
local system.
NessusWX versions 1.4.4 and prior may be prone to this issue.
14. All Enthusiast Photopost PHP Pro Multiple Input Validation V...
BugTraq ID: 9994
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9994
Summary:
Multiple SQL injection, cross-site scripting and HTML injection
vulnerabilities have been identified in the application, which may allow
an attacker to execute arbitrary HTML or script code in a user's browser
and/or influence SQL query logic to disclose sensitive information and
carry out other attacks.
Photopost PHP Pro 4.6.0 and prior may be prone to these issues.
15. Web Fresh Fresh Guest Book HTML Injection Vulnerability
BugTraq ID: 9995
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9995
Summary:
It has been reported that Fresh Guest Book is prone to a remote HTML
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied form input.
An attacker may exploit the aforementioned vulnerabilities to execute
arbitrary script code in the browser of an unsuspecting user. It may be
possible to steal the unsuspecting user's cookie-based authentication
credentials, as well as other sensitive information. Other attacks may
also be possible.
16. Cloisterblog Multiple Unspecified Cross-Site Scripting Vulne...
BugTraq ID: 9996
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9996
Summary:
Multiple unspecified cross-site scripting vulnerabilities have been
reported in Cloisterblog. These issues could permit theft of cookie-based
authentication credentials or other attacks.
This is due to insufficient sanitization of URI parameters, whose input
will be included in dynamically generated web pages.
An attacker could exploit these issues by enticing a victim user to follow
a malicious link to a vulnerable site.
17. Alan Ward A-Cart Multiple Input Validation Vulnerabilities
BugTraq ID: 9997
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9997
Summary:
Reportedly A-Cart is prone to multiple input validation vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user supplied input prior to its use in SQL queries and generation of
dynamic content.
The SQL injection issue may allow a remote attacker to manipulate SQL
query logic, potentially leading to access to sensitive information such
as the administrator password hash or corruption of database data. SQL
injection attacks may also potentially be used to exploit latent
vulnerabilities in the underlying database implementation.
The cross-site scripting issue could permit a remote attacker to create a
malicious link to the vulnerable application that includes hostile HTML
and script code. If this link were followed, the hostile code may be
rendered in the web browser of the victim user. This would occur in the
security context of the affected web site and may allow for theft of
cookie-based authentication credentials or other attacks.
18. Systrace Local Policy Bypass Vulnerability
BugTraq ID: 9998
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9998
Summary:
Systrace has been reported prone to a vulnerability that may permit an
application to completely bypass a Systrace policy. The issue presents
itself because Systrace does not perform sufficient sanity checks while
handling a process that is being traced with ptrace.
This issue is reported to have been silently patch in Systrace version
1.4, previous versions are believed to be prone to this vulnerability.
19. WebCT Campus Edition HTML Injection Vulnerability
BugTraq ID: 9999
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9999
Summary:
It has been reported that WebCT Campus Edition may be prone to an HTML
injection vulnerability that may allow a remote attacker to execute
arbitrary HTML or script code in the browser of an unsuspecting user. A
malicious user could supply malicious HTML or script code to the
application via the @import url() function of Microsoft Internet Explorer
when posting a message on a forum, which would then be rendered in the
browser of an unsuspecting user whenever the malicious message is viewed.
WebCT Campus Edition version 4.1 is reported to be affected by this issue.
20. Cloisterblog Journal.pl Directory Traversal Vulnerability
BugTraq ID: 10000
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/10000
Summary:
A vulnerability has been reported to exist in Cloisterblog that may allow
a remote attacker to access information outside the server root directory.
The problem exists due to insufficient sanitization of user-supplied data.
The issue may allow a remote attacker to traverse outside the server root
directory by using '../' character sequences.
Successful exploitation of this vulnerability may allow a remote attacker
to gain access to sensitive information that may be used to launch further
attacks against a vulnerable system.
21. Cloisterblog Administration Interface Authentication Weaknes...
BugTraq ID: 10001
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/10001
Summary:
Cloisterblog has been reported prone to an administration interface
authentication weakness. The issue presents itself in the journal_admin.pl
script, the script fails to check the username entered during
authentication to the administration interface. This may make it possible
for a remote attacker to brute force password attempts in order to
authenticate successfully to the Cloisterblog administration interface.
22. cPanel Multiple Module Cross-Site Scripting Vulnerabilities
BugTraq ID: 10002
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10002
Summary:
Multiple cross-site scripting vulnerabilities have been identified in
cPanel that may allow an attacker to execute arbitrary HTML or script code
in a user's browser. These issues exist due to a failure of the
application to properly validate user-supplied URI input.
The issues are reported to affect the 'account', 'db', 'login', 'email',
'dir', 'dns' and 'ip' parameters of 'ignorelist.html', 'showlog.html',
'repairdb.html', 'doaddftp.html', 'editmsg.html', 'testfile.html',
'erredit.html', 'dnslook.html', 'del.html' and 'index.html' scripts.
The issues have been reported to affect version 9.1.0-R85 of the software,
it is quite likely however that these issues affect previous versions of
the software as well.
23. TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
BugTraq ID: 10003
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10003
Summary:
tcpdump is prone to a remotely exploitable buffer overrun vulnerability.
This issue exists in tcpdump's ISAKMP packet display functions. This
issue affects how ISAKMP Delete payloads are handled. This may cause a
denial of service or potentially be leveraged to execute arbitrary code.
24. TCPDump ISAKMP Identification Payload Integer Underflow Vuln...
BugTraq ID: 10004
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10004
Summary:
tcpdump is prone to a denial of service vulnerability due to an integer
underflow.
This issue exists in tcpdump's ISAKMP packet display functions. This
issue affects how ISAKMP Identification payloads are handled. This may
cause a denial of service.
25. Interchange Remote Information Disclosure Vulnerability
BugTraq ID: 10005
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10005
Summary:
It has been reported that Interchange may be prone to a remote information
disclosure vulnerability allowing attackers to disclose contents of
arbitrary variables via URI requests.
This issue may allow an attacker to gain access to sensitive information
that may be used to launch further attacks against a system.
26. PSInclude Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 10006
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10006
Summary:
psInclude has been reported prone to a remote arbitrary command execution
vulnerability.
The psInclude cgi application receives and processes one URI parameter,
this parameter is named "template". Due to a lack of sufficient
sanitization performed on the "template" parameter, it is possible for an
attacker to supply shell metacharacters and commands as its value.
A remote attacker may exploit this condition to execute arbitrary commands
in the context of the web server that is hosting the vulnerable
application.
27. Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerabi...
BugTraq ID: 10007
Remote: No
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10007
Summary:
It has been reported that ClamAV may be prone to an arbitrary command
execution vulnerability that may allow a local attacker to execute
arbitrary commands in the context of the root user. The issue presents
itself when the 'VirusEvent' directive in the 'clamav.conf' configuration
file has been enabled and the 'Dazuko' module is used with the antivirus
software.
Although unconfirmed, all versions of the application are assumed to
vulnerable at the moment. This information will be updated as more
details become available.
28. MPlayer Remote HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 10008
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10008
Summary:
It has been reported that MPlayer is prone to a remote HTTP header buffer
overflow vulnerability. This issue is due to a failure of the application
to properly verify buffer bounds on the 'Location' HTTP header during
parsing.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system within the security context of the
user running the vulnerable process.
29. Oracle Single Sign-On Login Page Authentication Credential D...
BugTraq ID: 10009
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10009
Summary:
It has been reported that Oracle Single Sign-On login form is prone to an
authentication credential disclosure vulnerability that that may allow
remote attackers to disclose authentication credentials such as username
and passwords of vulnerable users.
Due to a lack to details further information cannot be provided at the
moment. This BID will be updated as more information becomes available.
30. LinBit Technologies LINBOX Officeserver Remote Authenticatio...
BugTraq ID: 10010
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10010
Summary:
It has been reported that LINBOX is prone to a remote authentication
bypass vulnerability. This issue is due to a design error that would
allow access to web based administration scripts without proper
authorization.
This issue may allow unauthorized user to gain access to the
administration scripts of the affected system.
31. LinBit Technologies LinBox Plain Text Password Storage Weakn...
BugTraq ID: 10011
Remote: No
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10011
Summary:
Reportedly LINBOX Officeserver is prone to a plain text password storage
weakness. This issue is due to a design error that may allow a user to
view plain text passwords on the affected system.
This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials. This poses an additional risk since users may recycle
credentials across multiple services.
32. Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabili...
BugTraq ID: 10012
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10012
Summary:
It has been reported that WinBlox may be prone to multiple buffer overflow
vulnerabilities. The issues allegedly exist due to improper bounds
checking of data passed to multiple sprintf() operations in the
'My_CreateFileW' function. WinBlox uses this function to provide a
run-time wrapper for the CreateFileW Windows API function.
It is likely that some applications on a system using WinBlox may present
an attack vector for both local and remote attackers, possibly allowing
for denial of service attacks or execution of arbitrary code in the
context of the application.
33. PHPKit Multiple HTML Injection Vulnerabilities
BugTraq ID: 10013
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10013
Summary:
It has been reported that PHPKIT is prone to multiple HTML injection
vulnerabilities. These issues are due to a failure of the application to
properly sanitize user supplied input.
An attacker may exploit the aforementioned vulnerabilities to execute
arbitrary script code in the browser of an unsuspecting user. It may be
possible to steal cookie-based authentication credentials, as well as
other sensitive information. Other attacks may also be possible.
34. Prozilla Real Estate Payment.PHP Bypass Vulnerability
BugTraq ID: 10015
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10015
Summary:
Prozilla Real Estate web site template has been reported prone to an
account payment bypass vulnerability. The issue is reported to present
itself when a user is registering a username. By taking several unexpected
actions while registering an account a user may reportedly bypass the
payment routines.
35. JamesOff QuoteEngine Multiple Parameter Unspecified SQL Inje...
BugTraq ID: 10017
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10017
Summary:
It has been reported that QuoteEngine may be prone to an SQL injection
vulnerability in various variables that may allow attackers to pass
malicious input to database queries. This vulnerability exists due to
insufficient sanitization of user-supplied input and may only be exploited
by users known to a victim's eggdrop.
This issue is reported to exist in QuoteEngine 1.1.0 and prior.
36. MadBMS Unspecified Login Vulnerability
BugTraq ID: 10018
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10018
Summary:
MadBMS 1.1.5 was released to address an unspecified security
vulnerability. This issue is related to how the software handles logins.
37. Cactusoft CactuShop SQL Injection Vulnerability
BugTraq ID: 10019
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10019
Summary:
Reportedly CactuShop is prone to a remote SQL injection vulnerability.
This issue is due to a failure to properly sanitize user-supplied URI
input before using it to craft an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.
38. CactuSoft CactuShop Cross-Site Scripting Vulnerability
BugTraq ID: 10020
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10020
Summary:
Reportedly CactuShop is prone to a remote cross-site scripting
vulnerability. This issue is due to a failure of the application to
properly sanitize user supplied URI input.
This issue could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
39. CDP Console CD Player PrintTOC Function Buffer Overflow Vuln...
BugTraq ID: 10021
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10021
Summary:
It has been reported that cdp may be prone to a buffer overflow
vulnerability that may allow an attacker to cause a denial of service
condition in the software. The issue exists due to insufficient boundary
checks performed by the printTOC() function. The buffer overflow
condition may occur if when a song with a track name exceeding 200 bytes
is accessed via the application.
If an attacker is able to overwrite sensitive memory locations, it may be
possible to execute arbitrary instructions in the context of the user
running cdp.
All versions of cdp are assumed to be vulnerable to this issue.
40. Roger Wilco Server UDP Datagram Handling Denial Of Service V...
BugTraq ID: 10022
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10022
Summary:
Roger Wilco Server has been reported prone to a remote denial of service
vulnerability. The issue is reported to exist due to a flaw when handling
malicious UDP payloads that are destined for the vulnerable server.
A remote attacker may exploit this condition to deny service to legitimate
users.
41. Microsoft Internet Explorer HTML Form Status Bar Misrepresen...
BugTraq ID: 10023
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10023
Summary:
A vulnerability has been identified in Microsoft Internet Explorer that
allows an attacker to misrepresent the status bar in the browser, allowing
vulnerable users to be mislead into following a link to a malicious site.
The issue presents itself when an attacker creates an HTML form with the
submit 'value' property set to a legitimate site and the 'action' property
set to the attacker-specified site. The malicious form could also be
embedded in a link using the HTML Anchor tag and specifying the legitimate
site as the 'href' property. This could aid in exploitation of other
known browser vulnerabilities as the attacker now has a means to
surreptitiously lure a victim user to a malicious site.
Microsoft Internet Explorer is vulnerable to this issue, however,
Microsoft Outlook Express can used to carry out a successful attack as
well since it relies on Internet Explorer to interpret HTML. It should
also be noted that although HTML content is rendered in the Restricted
Zone in Outlook Express, limiting the use of many HTML and DHTML tags,
forms are still permitted. This vulnerability would most likely be
exploited through HTML e-mail, though other attack vectors exist such as
HTML injection attacks in third-party web applications.
The issue is reported to affect Internet Explorer 6 and Outlook Express 6.
Other releases could also be affected.
42. Roger Wilco Information Disclosure Vulnerability
BugTraq ID: 10024
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10024
Summary:
Roger Wilco Server has been reported prone to an information disclosure
vulnerability. The issue presents itself in procedures used to negotiate
client connections. Specifically, when a client attempts to join a channel
on the affected server, the entire user ID's list and their corresponding
IP addresses are relayed to the client.
43. Roger Wilco Server Unauthorized Audio Stream Denial Of Servi...
BugTraq ID: 10025
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10025
Summary:
A vulnerability has been reported in the Roger Wilco Server, it is
reported that a user does not need to connect to the server over the TCP
port to have UDP based audio streams handled. Rather the attacker will
require knowledge of user ID's connected to a target channel. Because the
user ID's for a channel exist in a range of 0-127, the attacker may
transmit an audio stream to an affected server that will be heard by all
connected users, however the server administrator will have no control
over disconnecting or muting this audio stream.
44. ADA IMGSVR Remote Directory Listing Vulnerability
BugTraq ID: 10026
Remote: Yes
Date Published: Apr 01 2004
Relevant URL: http://www.securityfocus.com/bid/10026
Summary:
A vulnerability has been reported in the ImgSvr server software that may
allow a remote user to the disclose root directory listings. This issue
has also been reported to allow for listing of directories that reside
outside the server root as well.
An attacker may leverage this issue to gain access to sensitive
information by disclosing directory listings; information disclosed in
this way could lead to further attacks against the target system.
45. ADA IMGSVR Remote File Download Vulnerability
BugTraq ID: 10027
Remote: Yes
Date Published: Apr 01 2004
Relevant URL: http://www.securityfocus.com/bid/10027
Summary:
A vulnerability has been reported in the ImgSvr server software that may
allow a remote user to the retrieve arbitrary files from the web server
root directory and any subdirectories therein.
An attacker may leverage this issue to gain access to arbitrary scripts
contained within the server root directory.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. The Internet surveillance cash cow
By: Annalee Newitz
A few large companies and entrepreneurs stand to profit from the FBI's bid
for a wiretap-friendly Internet.
http://www.securityfocus.com/news/8394
2. Would-be whistleblower indicted for keyboard tap
By: Kevin Poulsen
The first U.S. prosecution for illegal use of a hardware key logger is
against an insurance company insider who claims he was gathering evidence
for state investigators. Did he go too far?
http://www.securityfocus.com/news/8329
3. Report: Phishing attacks on the rise
By: Kevin Poulsen
A new report finds a 60 percent increase in one month in the variety of
spammy scam mails sent by identity thieves.
http://www.securityfocus.com/news/8289
4. Blaster body count '8m or above' - MS
By: John Leyden, The Register
http://www.securityfocus.com/news/8393
5. Lawmakers Push Prison For Online Pirates
By: David McGuire, Washington Post
http://www.securityfocus.com/news/8377
6. Security is our 'biggest ever challenge' - Gates
By: John Leyden, The Register
http://www.securityfocus.com/news/8375
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. GNUnet v0.6.1d
By: Christian Grothoff
Relevant URL: http://www.ovmj.org/GNUnet/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX
Summary:
GNUnet is a peer-to-peer framework with focus on providing security. All
link-to-link messages in the network are confidential and authenticated.
The framework provides a transport abstraction layer and can currently
encapsulate the peer-to-peer traffic in UDP, TCP, or SMTP messages. GNUnet
supports accounting to provide contributing nodes with better service. The
primary service build on top of the core GNUnet framework is anonymous
file sharing.
2. Fast Logging Project for Snort v1.2.0
By: DG <Dirk (at) geschke.online (dot) de [email concealed]>
Relevant URL: http://www.geschke-online.de/FLoP
Platforms: Linux, Solaris, SunOS
Summary:
FLoP is designed to gather alerts with a payload from distributed Snort
sensors at a central server, and to store them in a database (PostgreSQL
and MySQL are supported). On the sensor, the output is written via a Unix
domain socket to a process called sockserv. This process is threaded; one
receives and buffers the alert packets, and the other thread forwards them
to a central server. With this approach, the output is decoupled from
Snort, which can proceed in sniffing instead of waiting for the output
plugins. At the central server, a process called servsock gathers all
alerts from the remote sensors and feeds them via a Unix domain socket to
the database. All alerts are buffered to avoid blocking due to a hanging
database access (or a slow network on the senor side). A short description
of alerts with high priority together with the database ID can be sent via
email to a list of recipients.
3. WinBlox v6.0
By: liudieyu (at) umbrella (dot) name [email concealed]
Relevant URL: http://umbrella.name/winblox/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
WinBlox monitors file operation and commandline execution on WINNT(Windows
2000 and later) system. Pattern matching in WinBlox is done by Regular
Expression to ensure flexiblity.
Rootkit Hunter scans files and systems for known and unknown rootkits,
backdoors, and sniffers. The package contains one shell script, a few
text-based databases, and optional Perl modules. It should run on almost
every Unix clone.
Qryptix consists of a PAM object and utilities for session- and
key-management for encrypted home directories using the International
Kernel (CryptoAPI) patches for Linux. It simplifies login/logout,
mounting/unmounting, and key generation and changing.
NuFW is a set of daemons providing filtering of packets at the user level.
On the client side, users have to run a client that sends authentication
packets to the gateway. On the server side, the gateway associates userids
to packets, thus enabling the possibility to filter packets on a user
basis. Furthermore, the server architecture is done to use external
authentication source such as an LDAP server.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Principal Consultant, EMEA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359324
2. Dir. of InfoSec Consulting Practice - Austin Tx Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359323
3. Director Quality Assurance Silicon Valley (Thread)
Relevant URL:
6. Interesting DNS update traffic (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359038
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Outlook Mailto URL:vulnerabilty (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359335
2. Problem rlogin protocol (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359334
3. IE Bug in Javascript Navigator Object (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359333
4. Buffer Overflows (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359283
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. ISA Server Crash - More Information (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359285
2. Fw: ISA Server Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359228
3. ISA Server Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359227
4. SecurityFocus Microsoft Newsletter #182 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/358977
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. NFS Over Private Network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/358971
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. nis : how to avoid user1 becoming user2 using local ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/359418
2. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/359401
3. Rewrite Rules, SSL, and .htaccess (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/359396
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Core Security Technologies
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit us at:
http://www.securityfocus.com/sponsor/CoreSecurity_sf-news_040405
to learn more.
------------------------------------------------------------------------
SecurityFocus Newsletter #243
------------------------------
This Issue is Sponsored by: Core Security Technologies
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit us at:
http://www.securityfocus.com/sponsor/CoreSecurity_sf-news_040405
to learn more.
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dogs of War: Part Two
2. Host Integrity Monitoring: Best Practices for Deployment
3. Human Nature vs. Security
II. BUGTRAQ SUMMARY
1. OFTPD Port Argument Denial Of Service Vulnerability
2. NetSupport School Weak Password Encryption Vulnerability
3. AIX Invscoutd Symbolic Link Vulnerability
4. XMB Forum Multiple Vulnerabilities
5. PHPBB Privmsg.PHP SQL Injection Vulnerability
6. Multiple Local Linux Kernel Vulnerabilities
7. OpenSSH SCP Client File Corruption Vulnerability
8. EZ Publish Unspecified Template Editor Vulnerability
9. Gnome Gnome-Session Local Privilege Escalation Vulnerability
10. NSTX Remote Denial Of Service Vulnerability
11. Internet Security Systems BlackICE PC/Server Protection Weak...
12. FreeBSD IPv6 Socket Options Handling Local Memory Disclosure...
13. NessusWX Account Credentials Disclosure Vulnerability
14. All Enthusiast Photopost PHP Pro Multiple Input Validation V...
15. Web Fresh Fresh Guest Book HTML Injection Vulnerability
16. Cloisterblog Multiple Unspecified Cross-Site Scripting Vulne...
17. Alan Ward A-Cart Multiple Input Validation Vulnerabilities
18. Systrace Local Policy Bypass Vulnerability
19. WebCT Campus Edition HTML Injection Vulnerability
20. Cloisterblog Journal.pl Directory Traversal Vulnerability
21. Cloisterblog Administration Interface Authentication Weaknes...
22. cPanel Multiple Module Cross-Site Scripting Vulnerabilities
23. TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
24. TCPDump ISAKMP Identification Payload Integer Underflow Vuln...
25. Interchange Remote Information Disclosure Vulnerability
26. PSInclude Remote Arbitrary Command Execution Vulnerability
27. Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerabi...
28. MPlayer Remote HTTP Header Buffer Overflow Vulnerability
29. Oracle Single Sign-On Login Page Authentication Credential D...
30. LinBit Technologies LINBOX Officeserver Remote Authenticatio...
31. LinBit Technologies LinBox Plain Text Password Storage Weakn...
32. Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabili...
33. PHPKit Multiple HTML Injection Vulnerabilities
34. Prozilla Real Estate Payment.PHP Bypass Vulnerability
35. JamesOff QuoteEngine Multiple Parameter Unspecified SQL Inje...
36. MadBMS Unspecified Login Vulnerability
37. Cactusoft CactuShop SQL Injection Vulnerability
38. CactuSoft CactuShop Cross-Site Scripting Vulnerability
39. CDP Console CD Player PrintTOC Function Buffer Overflow Vuln...
40. Roger Wilco Server UDP Datagram Handling Denial Of Service V...
41. Microsoft Internet Explorer HTML Form Status Bar Misrepresen...
42. Roger Wilco Information Disclosure Vulnerability
43. Roger Wilco Server Unauthorized Audio Stream Denial Of Servi...
44. ADA IMGSVR Remote Directory Listing Vulnerability
45. ADA IMGSVR Remote File Download Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. The Internet surveillance cash cow
2. Would-be whistleblower indicted for keyboard tap
3. Report: Phishing attacks on the rise
4. Blaster body count '8m or above' - MS
5. Lawmakers Push Prison For Online Pirates
6. Security is our 'biggest ever challenge' - Gates
IV. SECURITYFOCUS TOP 6 TOOLS
1. GNUnet v0.6.1d
2. Fast Logging Project for Snort v1.2.0
3. WinBlox v6.0
4. Rootkit Hunter v1.04
5. Qryptix v0.2.1
6. NuFW v0.7.0
V. SECURITYJOBS LIST SUMMARY
1. Principal Consultant, EMEA (Thread)
2. Dir. of InfoSec Consulting Practice - Austin Tx Area (Thread)
3. Director Quality Assurance Silicon Valley (Thread)
4. Chief Security Officer - Raleigh, NC (Thread)
5. Professional Services- San Francisco CA (Thread)
6. Security Test Engineer-San Francisco CA (Thread)
7. Security Architect - Albany, NY (Thread)
8. Jr. Level Perimeter Security - St. Louis (Thread)
9. Director of Security Software Sales (CA, Bay Area) (Thread)
10. Cleared with 8 years experience (Thread)
11. Sales Engineer / New York Area / Web Services Securi... (Thread)
12. Senior Security Engineer ? Windows Specialist - Nash... (Thread)
13. Seeking Security or Windows 2000 Exchange position -... (Thread)
14. Senior Security Engineer ? Security Implementations ... (Thread)
15. JOB OPENING: MA, Network Security pre-sales engineer (Thread)
16. Senior Security Engineer/Windows Specialist - HCA - ... (Thread)
17. Director of Sales California (Thread)
18. ArcSight needs Sales Engineer for Boston or NY (Thread)
19. Information Security Officer (Thread)
20. www.Starpoint.com & Security Analyst position in Phi... (Thread)
21. Security Sales Engineer opening in UK (Thread)
22. Mainframe RACF Security Expertise (Thread)
23. consulting opportunity (Thread)
24. Director of Compliance - New Jersey (Thread)
25. 2 Security related opportunities in St. Louis, MO (Thread)
26. SVP IT Compliance for NJ/NYC (Thread)
27. Sr. Solutions Engineer- Smart cards Wash DC (Thread)
28. Security Sales Engineers-New York and San Francisco (Thread)
29. Senior Windows Security Researcher (Thread)
30. Information Quality Background/ Auditor needed in Ri... (Thread)
31. Information Security Advisor - Wash DC (Thread)
32. Senior Management position in Northern Virginia (Thread)
33. Network/Security/Project Consulting/Contract Positio... (Thread)
VI. INCIDENTS LIST SUMMARY
1. Agobot variant - with multi-vulnerability scanner (Thread)
2. Strange authentication attempts (Thread)
3. very weird traffic (Thread)
4. Scanning from source Port 220 for Port 21 (Thread)
5. [list-admin] Strange authentication attempts (Thread)
6. Interesting DNS update traffic (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Outlook Mailto URL:vulnerabilty (Thread)
2. Problem rlogin protocol (Thread)
3. IE Bug in Javascript Navigator Object (Thread)
4. Buffer Overflows (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. ISA Server Crash - More Information (Thread)
2. Fw: ISA Server Crash (Thread)
3. ISA Server Crash (Thread)
4. SecurityFocus Microsoft Newsletter #182 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NFS Over Private Network (Thread)
X. LINUX FOCUS LIST SUMMARY
1. nis : how to avoid user1 becoming user2 using local ... (Thread)
2. iptables firewall script for debian-woody, 2.4.24 (Thread)
3. Rewrite Rules, SSL, and .htaccess (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dogs of War: Securing Microsoft Groupware Environments with Unix(Part2)
By Bob Rudis
This article discusses the implementation of layered mail security using
Unix as an MTA in front of Microsoft groupware products. Part two
describes the use of Qmail, Qmail-Scanner, Clam AntiVirus and
SpamAssassin.
http://www.securityfocus.com/infocus/1772
2. Host Integrity Monitoring: Best Practices for Deployment
By Brian Wotring
The purpose of this article is to highlight the important steps and
concepts
involved in deploying a host integrity monitoring system. These
applications
can be very helpful with detecting unauthorized change, conducting damage
assessment,
and preventing future attacks.
http://www.securityfocus.com/infocus/1771
3. Human Nature vs. Security
By Daniel Hanson
Social engineering in the latest crop of viruses has people jumping
through hoops
to open malicious attachments. How do we change the pattern?
http://www.securityfocus.com/columnists/231
II. BUGTRAQ SUMMARY
-------------------
1. OFTPD Port Argument Denial Of Service Vulnerability
BugTraq ID: 9980
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9980
Summary:
oftpd is prone to a denial of service vulnerability that may be exploited
by remote, unauthenticated attackers. This issue is exposed when the
server receives an FTP PORT command with a value greater than 255 as an
argument.
2. NetSupport School Weak Password Encryption Vulnerability
BugTraq ID: 9981
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9981
Summary:
It has been reported that NetSupport School is prone to a password
encryption vulnerability. This issue is due to a failure of the
application to protect passwords with a sufficiently affective encryption
scheme.
This issue may allow a malicious user to gain access to user and
administrator passwords for the affected application.
3. AIX Invscoutd Symbolic Link Vulnerability
BugTraq ID: 9982
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9982
Summary:
Reportedly AIX invscoutd insecurely handles temporary files; this may
allow a local attacker to destroy data on vulnerable system. This issue
is due to a design error that allows a user to specify a log file that the
process writes to while holding escalated privileges.
This issue may allow a malicious user to corrupt arbitrary files on the
affected system, potentially leading to a system wide denial of service
condition. It has also been conjectured that this issue may be leveraged
to allow an attacker to gain escalated privileges, although this is
unconfirmed.
4. XMB Forum Multiple Vulnerabilities
BugTraq ID: 9983
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9983
Summary:
Multiple vulnerabilities have been reported in XMB Forum. The specific
issues include multiple cross-site scripting and SQL injection
vulnerabilities, in addition to an information disclosure issue.
Various consequences are associated with these issues, such as theft of
cookie-based authentication credentials, modification of SQL query logic
and structure and disclosure of sensitive information about the underlying
environment. Cumulatively, these issues could allow remote attackers to
hijack accounts, compromise the forum, mount attacks on the database and
gather information for further attacks against system resources.
5. PHPBB Privmsg.PHP SQL Injection Vulnerability
BugTraq ID: 9984
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9984
Summary:
Reportedly the 'privmsg.php' phpBB script is prone to a remote SQL
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user-supplied URI parameters before using
them to construct SQL queries to be issued to the underlying database.
This may allow a remote attacker to manipulate query logic, potentially
leading to access to sensitive information such as the administrator
password hash or corruption of database data. SQL injection attacks may
also potentially be used to exploit latent vulnerabilities in the
underlying database implementation.
6. Multiple Local Linux Kernel Vulnerabilities
BugTraq ID: 9985
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9985
Summary:
Multiple local vulnerabilities were reported in the Linux Kernel. These
issues could permit information disclosure via the ext3 filesystem, system
crash through buggy SoundBlaster code, a system crash via a bug in Kernel
DRI support and a denial of service via mremap.
These issues appear to affect the 2.4 Kernel. Few details are known at
this time.
7. OpenSSH SCP Client File Corruption Vulnerability
BugTraq ID: 9986
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9986
Summary:
A vulnerability has been reported in the OpenSSH scp utility. This issue
may permit a malicious scp server to corrupt files on a client system when
files are copied.
This issue is similar to BID 1742.
8. EZ Publish Unspecified Template Editor Vulnerability
BugTraq ID: 9987
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9987
Summary:
eZ publish 3.3-4 was released to address an unspecified security
vulnerability in the template editing module. This may likely be
exploited by an authenticated user with the privileges required to edit
templates.
9. Gnome Gnome-Session Local Privilege Escalation Vulnerability
BugTraq ID: 9988
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9988
Summary:
It has been reported that gnome-session is prone to a local privilege
escalation vulnerability. This issue is due to a problem with
initialization of the LD_LIBRARY_PATH environment variable upon session
start-up.
This issue may be leveraged locally to gain escalated privileges on the
affected system.
10. NSTX Remote Denial Of Service Vulnerability
BugTraq ID: 9989
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9989
Summary:
It has been reported that NSTX is prone to a remote denial of service
vulnerability. This issue is due to a failure of the application to
handle network strings of excessive length.
This issue may allow a remote attacker to cause the affected process to
crash, denying service to legitimate users.
11. Internet Security Systems BlackICE PC/Server Protection Weak...
BugTraq ID: 9990
Remote: Yes
Date Published: Mar 27 2004
Relevant URL: http://www.securityfocus.com/bid/9990
Summary:
BlackICE PC/Server Protection has been reported prone to a weak
configuration vulnerability. The issue presents itself due to a
misconfiguration in the default settings of BlackICE PC Protection; the
issue may result in a decrease in the level of protection that the
software provides.
12. FreeBSD IPv6 Socket Options Handling Local Memory Disclosure...
BugTraq ID: 9992
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9992
Summary:
It has been reported that FreeBSD may be prone to a local memory
disclosure vulnerability that may allow an attacker to access sensitive
memory locations without proper validation. This is a result of improper
handling of some IPv6 socket options.
FreeBSD employs the KAME Project IPv6 implementation, however, this issue
does not affect other operating systems.
FreeBSD 5.2-RELEASE is reported to be affected by this vulnerability.
13. NessusWX Account Credentials Disclosure Vulnerability
BugTraq ID: 9993
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9993
Summary:
It has been reported that NessusWX may be prone to an account credentials
disclosure vulnerability that may allow a local attacker to gain access to
accounts for remote services such as FTP, IMAP, POP2, POP3, NNTP, SNMP,
and SMB. The issue exists because the application stores credentials such
as usernames and passwords for remote hosts in plain text format on the
local system.
NessusWX versions 1.4.4 and prior may be prone to this issue.
14. All Enthusiast Photopost PHP Pro Multiple Input Validation V...
BugTraq ID: 9994
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9994
Summary:
Multiple SQL injection, cross-site scripting and HTML injection
vulnerabilities have been identified in the application, which may allow
an attacker to execute arbitrary HTML or script code in a user's browser
and/or influence SQL query logic to disclose sensitive information and
carry out other attacks.
Photopost PHP Pro 4.6.0 and prior may be prone to these issues.
15. Web Fresh Fresh Guest Book HTML Injection Vulnerability
BugTraq ID: 9995
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9995
Summary:
It has been reported that Fresh Guest Book is prone to a remote HTML
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user supplied form input.
An attacker may exploit the aforementioned vulnerabilities to execute
arbitrary script code in the browser of an unsuspecting user. It may be
possible to steal the unsuspecting user's cookie-based authentication
credentials, as well as other sensitive information. Other attacks may
also be possible.
16. Cloisterblog Multiple Unspecified Cross-Site Scripting Vulne...
BugTraq ID: 9996
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9996
Summary:
Multiple unspecified cross-site scripting vulnerabilities have been
reported in Cloisterblog. These issues could permit theft of cookie-based
authentication credentials or other attacks.
This is due to insufficient sanitization of URI parameters, whose input
will be included in dynamically generated web pages.
An attacker could exploit these issues by enticing a victim user to follow
a malicious link to a vulnerable site.
17. Alan Ward A-Cart Multiple Input Validation Vulnerabilities
BugTraq ID: 9997
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9997
Summary:
Reportedly A-Cart is prone to multiple input validation vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user supplied input prior to its use in SQL queries and generation of
dynamic content.
The SQL injection issue may allow a remote attacker to manipulate SQL
query logic, potentially leading to access to sensitive information such
as the administrator password hash or corruption of database data. SQL
injection attacks may also potentially be used to exploit latent
vulnerabilities in the underlying database implementation.
The cross-site scripting issue could permit a remote attacker to create a
malicious link to the vulnerable application that includes hostile HTML
and script code. If this link were followed, the hostile code may be
rendered in the web browser of the victim user. This would occur in the
security context of the affected web site and may allow for theft of
cookie-based authentication credentials or other attacks.
18. Systrace Local Policy Bypass Vulnerability
BugTraq ID: 9998
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9998
Summary:
Systrace has been reported prone to a vulnerability that may permit an
application to completely bypass a Systrace policy. The issue presents
itself because Systrace does not perform sufficient sanity checks while
handling a process that is being traced with ptrace.
This issue is reported to have been silently patch in Systrace version
1.4, previous versions are believed to be prone to this vulnerability.
19. WebCT Campus Edition HTML Injection Vulnerability
BugTraq ID: 9999
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9999
Summary:
It has been reported that WebCT Campus Edition may be prone to an HTML
injection vulnerability that may allow a remote attacker to execute
arbitrary HTML or script code in the browser of an unsuspecting user. A
malicious user could supply malicious HTML or script code to the
application via the @import url() function of Microsoft Internet Explorer
when posting a message on a forum, which would then be rendered in the
browser of an unsuspecting user whenever the malicious message is viewed.
WebCT Campus Edition version 4.1 is reported to be affected by this issue.
20. Cloisterblog Journal.pl Directory Traversal Vulnerability
BugTraq ID: 10000
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/10000
Summary:
A vulnerability has been reported to exist in Cloisterblog that may allow
a remote attacker to access information outside the server root directory.
The problem exists due to insufficient sanitization of user-supplied data.
The issue may allow a remote attacker to traverse outside the server root
directory by using '../' character sequences.
Successful exploitation of this vulnerability may allow a remote attacker
to gain access to sensitive information that may be used to launch further
attacks against a vulnerable system.
21. Cloisterblog Administration Interface Authentication Weaknes...
BugTraq ID: 10001
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/10001
Summary:
Cloisterblog has been reported prone to an administration interface
authentication weakness. The issue presents itself in the journal_admin.pl
script, the script fails to check the username entered during
authentication to the administration interface. This may make it possible
for a remote attacker to brute force password attempts in order to
authenticate successfully to the Cloisterblog administration interface.
22. cPanel Multiple Module Cross-Site Scripting Vulnerabilities
BugTraq ID: 10002
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10002
Summary:
Multiple cross-site scripting vulnerabilities have been identified in
cPanel that may allow an attacker to execute arbitrary HTML or script code
in a user's browser. These issues exist due to a failure of the
application to properly validate user-supplied URI input.
The issues are reported to affect the 'account', 'db', 'login', 'email',
'dir', 'dns' and 'ip' parameters of 'ignorelist.html', 'showlog.html',
'repairdb.html', 'doaddftp.html', 'editmsg.html', 'testfile.html',
'erredit.html', 'dnslook.html', 'del.html' and 'index.html' scripts.
The issues have been reported to affect version 9.1.0-R85 of the software,
it is quite likely however that these issues affect previous versions of
the software as well.
23. TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
BugTraq ID: 10003
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10003
Summary:
tcpdump is prone to a remotely exploitable buffer overrun vulnerability.
This issue exists in tcpdump's ISAKMP packet display functions. This
issue affects how ISAKMP Delete payloads are handled. This may cause a
denial of service or potentially be leveraged to execute arbitrary code.
24. TCPDump ISAKMP Identification Payload Integer Underflow Vuln...
BugTraq ID: 10004
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10004
Summary:
tcpdump is prone to a denial of service vulnerability due to an integer
underflow.
This issue exists in tcpdump's ISAKMP packet display functions. This
issue affects how ISAKMP Identification payloads are handled. This may
cause a denial of service.
25. Interchange Remote Information Disclosure Vulnerability
BugTraq ID: 10005
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10005
Summary:
It has been reported that Interchange may be prone to a remote information
disclosure vulnerability allowing attackers to disclose contents of
arbitrary variables via URI requests.
This issue may allow an attacker to gain access to sensitive information
that may be used to launch further attacks against a system.
26. PSInclude Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 10006
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10006
Summary:
psInclude has been reported prone to a remote arbitrary command execution
vulnerability.
The psInclude cgi application receives and processes one URI parameter,
this parameter is named "template". Due to a lack of sufficient
sanitization performed on the "template" parameter, it is possible for an
attacker to supply shell metacharacters and commands as its value.
A remote attacker may exploit this condition to execute arbitrary commands
in the context of the web server that is hosting the vulnerable
application.
27. Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerabi...
BugTraq ID: 10007
Remote: No
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10007
Summary:
It has been reported that ClamAV may be prone to an arbitrary command
execution vulnerability that may allow a local attacker to execute
arbitrary commands in the context of the root user. The issue presents
itself when the 'VirusEvent' directive in the 'clamav.conf' configuration
file has been enabled and the 'Dazuko' module is used with the antivirus
software.
Although unconfirmed, all versions of the application are assumed to
vulnerable at the moment. This information will be updated as more
details become available.
28. MPlayer Remote HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 10008
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10008
Summary:
It has been reported that MPlayer is prone to a remote HTTP header buffer
overflow vulnerability. This issue is due to a failure of the application
to properly verify buffer bounds on the 'Location' HTTP header during
parsing.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system within the security context of the
user running the vulnerable process.
29. Oracle Single Sign-On Login Page Authentication Credential D...
BugTraq ID: 10009
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10009
Summary:
It has been reported that Oracle Single Sign-On login form is prone to an
authentication credential disclosure vulnerability that that may allow
remote attackers to disclose authentication credentials such as username
and passwords of vulnerable users.
Due to a lack to details further information cannot be provided at the
moment. This BID will be updated as more information becomes available.
30. LinBit Technologies LINBOX Officeserver Remote Authenticatio...
BugTraq ID: 10010
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10010
Summary:
It has been reported that LINBOX is prone to a remote authentication
bypass vulnerability. This issue is due to a design error that would
allow access to web based administration scripts without proper
authorization.
This issue may allow unauthorized user to gain access to the
administration scripts of the affected system.
31. LinBit Technologies LinBox Plain Text Password Storage Weakn...
BugTraq ID: 10011
Remote: No
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10011
Summary:
Reportedly LINBOX Officeserver is prone to a plain text password storage
weakness. This issue is due to a design error that may allow a user to
view plain text passwords on the affected system.
This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials. This poses an additional risk since users may recycle
credentials across multiple services.
32. Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabili...
BugTraq ID: 10012
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10012
Summary:
It has been reported that WinBlox may be prone to multiple buffer overflow
vulnerabilities. The issues allegedly exist due to improper bounds
checking of data passed to multiple sprintf() operations in the
'My_CreateFileW' function. WinBlox uses this function to provide a
run-time wrapper for the CreateFileW Windows API function.
It is likely that some applications on a system using WinBlox may present
an attack vector for both local and remote attackers, possibly allowing
for denial of service attacks or execution of arbitrary code in the
context of the application.
33. PHPKit Multiple HTML Injection Vulnerabilities
BugTraq ID: 10013
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10013
Summary:
It has been reported that PHPKIT is prone to multiple HTML injection
vulnerabilities. These issues are due to a failure of the application to
properly sanitize user supplied input.
An attacker may exploit the aforementioned vulnerabilities to execute
arbitrary script code in the browser of an unsuspecting user. It may be
possible to steal cookie-based authentication credentials, as well as
other sensitive information. Other attacks may also be possible.
34. Prozilla Real Estate Payment.PHP Bypass Vulnerability
BugTraq ID: 10015
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10015
Summary:
Prozilla Real Estate web site template has been reported prone to an
account payment bypass vulnerability. The issue is reported to present
itself when a user is registering a username. By taking several unexpected
actions while registering an account a user may reportedly bypass the
payment routines.
35. JamesOff QuoteEngine Multiple Parameter Unspecified SQL Inje...
BugTraq ID: 10017
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10017
Summary:
It has been reported that QuoteEngine may be prone to an SQL injection
vulnerability in various variables that may allow attackers to pass
malicious input to database queries. This vulnerability exists due to
insufficient sanitization of user-supplied input and may only be exploited
by users known to a victim's eggdrop.
This issue is reported to exist in QuoteEngine 1.1.0 and prior.
36. MadBMS Unspecified Login Vulnerability
BugTraq ID: 10018
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10018
Summary:
MadBMS 1.1.5 was released to address an unspecified security
vulnerability. This issue is related to how the software handles logins.
37. Cactusoft CactuShop SQL Injection Vulnerability
BugTraq ID: 10019
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10019
Summary:
Reportedly CactuShop is prone to a remote SQL injection vulnerability.
This issue is due to a failure to properly sanitize user-supplied URI
input before using it to craft an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.
38. CactuSoft CactuShop Cross-Site Scripting Vulnerability
BugTraq ID: 10020
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10020
Summary:
Reportedly CactuShop is prone to a remote cross-site scripting
vulnerability. This issue is due to a failure of the application to
properly sanitize user supplied URI input.
This issue could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
39. CDP Console CD Player PrintTOC Function Buffer Overflow Vuln...
BugTraq ID: 10021
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10021
Summary:
It has been reported that cdp may be prone to a buffer overflow
vulnerability that may allow an attacker to cause a denial of service
condition in the software. The issue exists due to insufficient boundary
checks performed by the printTOC() function. The buffer overflow
condition may occur if when a song with a track name exceeding 200 bytes
is accessed via the application.
If an attacker is able to overwrite sensitive memory locations, it may be
possible to execute arbitrary instructions in the context of the user
running cdp.
All versions of cdp are assumed to be vulnerable to this issue.
40. Roger Wilco Server UDP Datagram Handling Denial Of Service V...
BugTraq ID: 10022
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10022
Summary:
Roger Wilco Server has been reported prone to a remote denial of service
vulnerability. The issue is reported to exist due to a flaw when handling
malicious UDP payloads that are destined for the vulnerable server.
A remote attacker may exploit this condition to deny service to legitimate
users.
41. Microsoft Internet Explorer HTML Form Status Bar Misrepresen...
BugTraq ID: 10023
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10023
Summary:
A vulnerability has been identified in Microsoft Internet Explorer that
allows an attacker to misrepresent the status bar in the browser, allowing
vulnerable users to be mislead into following a link to a malicious site.
The issue presents itself when an attacker creates an HTML form with the
submit 'value' property set to a legitimate site and the 'action' property
set to the attacker-specified site. The malicious form could also be
embedded in a link using the HTML Anchor tag and specifying the legitimate
site as the 'href' property. This could aid in exploitation of other
known browser vulnerabilities as the attacker now has a means to
surreptitiously lure a victim user to a malicious site.
Microsoft Internet Explorer is vulnerable to this issue, however,
Microsoft Outlook Express can used to carry out a successful attack as
well since it relies on Internet Explorer to interpret HTML. It should
also be noted that although HTML content is rendered in the Restricted
Zone in Outlook Express, limiting the use of many HTML and DHTML tags,
forms are still permitted. This vulnerability would most likely be
exploited through HTML e-mail, though other attack vectors exist such as
HTML injection attacks in third-party web applications.
The issue is reported to affect Internet Explorer 6 and Outlook Express 6.
Other releases could also be affected.
42. Roger Wilco Information Disclosure Vulnerability
BugTraq ID: 10024
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10024
Summary:
Roger Wilco Server has been reported prone to an information disclosure
vulnerability. The issue presents itself in procedures used to negotiate
client connections. Specifically, when a client attempts to join a channel
on the affected server, the entire user ID's list and their corresponding
IP addresses are relayed to the client.
43. Roger Wilco Server Unauthorized Audio Stream Denial Of Servi...
BugTraq ID: 10025
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10025
Summary:
A vulnerability has been reported in the Roger Wilco Server, it is
reported that a user does not need to connect to the server over the TCP
port to have UDP based audio streams handled. Rather the attacker will
require knowledge of user ID's connected to a target channel. Because the
user ID's for a channel exist in a range of 0-127, the attacker may
transmit an audio stream to an affected server that will be heard by all
connected users, however the server administrator will have no control
over disconnecting or muting this audio stream.
44. ADA IMGSVR Remote Directory Listing Vulnerability
BugTraq ID: 10026
Remote: Yes
Date Published: Apr 01 2004
Relevant URL: http://www.securityfocus.com/bid/10026
Summary:
A vulnerability has been reported in the ImgSvr server software that may
allow a remote user to the disclose root directory listings. This issue
has also been reported to allow for listing of directories that reside
outside the server root as well.
An attacker may leverage this issue to gain access to sensitive
information by disclosing directory listings; information disclosed in
this way could lead to further attacks against the target system.
45. ADA IMGSVR Remote File Download Vulnerability
BugTraq ID: 10027
Remote: Yes
Date Published: Apr 01 2004
Relevant URL: http://www.securityfocus.com/bid/10027
Summary:
A vulnerability has been reported in the ImgSvr server software that may
allow a remote user to the retrieve arbitrary files from the web server
root directory and any subdirectories therein.
An attacker may leverage this issue to gain access to arbitrary scripts
contained within the server root directory.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. The Internet surveillance cash cow
By: Annalee Newitz
A few large companies and entrepreneurs stand to profit from the FBI's bid
for a wiretap-friendly Internet.
http://www.securityfocus.com/news/8394
2. Would-be whistleblower indicted for keyboard tap
By: Kevin Poulsen
The first U.S. prosecution for illegal use of a hardware key logger is
against an insurance company insider who claims he was gathering evidence
for state investigators. Did he go too far?
http://www.securityfocus.com/news/8329
3. Report: Phishing attacks on the rise
By: Kevin Poulsen
A new report finds a 60 percent increase in one month in the variety of
spammy scam mails sent by identity thieves.
http://www.securityfocus.com/news/8289
4. Blaster body count '8m or above' - MS
By: John Leyden, The Register
http://www.securityfocus.com/news/8393
5. Lawmakers Push Prison For Online Pirates
By: David McGuire, Washington Post
http://www.securityfocus.com/news/8377
6. Security is our 'biggest ever challenge' - Gates
By: John Leyden, The Register
http://www.securityfocus.com/news/8375
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. GNUnet v0.6.1d
By: Christian Grothoff
Relevant URL: http://www.ovmj.org/GNUnet/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX
Summary:
GNUnet is a peer-to-peer framework with focus on providing security. All
link-to-link messages in the network are confidential and authenticated.
The framework provides a transport abstraction layer and can currently
encapsulate the peer-to-peer traffic in UDP, TCP, or SMTP messages. GNUnet
supports accounting to provide contributing nodes with better service. The
primary service build on top of the core GNUnet framework is anonymous
file sharing.
2. Fast Logging Project for Snort v1.2.0
By: DG <Dirk (at) geschke.online (dot) de [email concealed]>
Relevant URL: http://www.geschke-online.de/FLoP
Platforms: Linux, Solaris, SunOS
Summary:
FLoP is designed to gather alerts with a payload from distributed Snort
sensors at a central server, and to store them in a database (PostgreSQL
and MySQL are supported). On the sensor, the output is written via a Unix
domain socket to a process called sockserv. This process is threaded; one
receives and buffers the alert packets, and the other thread forwards them
to a central server. With this approach, the output is decoupled from
Snort, which can proceed in sniffing instead of waiting for the output
plugins. At the central server, a process called servsock gathers all
alerts from the remote sensors and feeds them via a Unix domain socket to
the database. All alerts are buffered to avoid blocking due to a hanging
database access (or a slow network on the senor side). A short description
of alerts with high priority together with the database ID can be sent via
email to a list of recipients.
3. WinBlox v6.0
By: liudieyu (at) umbrella (dot) name [email concealed]
Relevant URL: http://umbrella.name/winblox/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
WinBlox monitors file operation and commandline execution on WINNT(Windows
2000 and later) system. Pattern matching in WinBlox is done by Regular
Expression to ensure flexiblity.
4. Rootkit Hunter v1.04
By: M. Boelen
Relevant URL: http://www.rootkit.nl/
Platforms: UNIX
Summary:
Rootkit Hunter scans files and systems for known and unknown rootkits,
backdoors, and sniffers. The package contains one shell script, a few
text-based databases, and optional Perl modules. It should run on almost
every Unix clone.
5. Qryptix v0.2.1
By: Sivasankar Chander
Relevant URL: http://www.sourceforge.net/projects/qryptix
Platforms: Linux
Summary:
Qryptix consists of a PAM object and utilities for session- and
key-management for encrypted home directories using the International
Kernel (CryptoAPI) patches for Linux. It simplifies login/logout,
mounting/unmounting, and key generation and changing.
6. NuFW v0.7.0
By: regit
Relevant URL: http://www.nufw.org
Platforms: Linux, POSIX
Summary:
NuFW is a set of daemons providing filtering of packets at the user level.
On the client side, users have to run a client that sends authentication
packets to the gateway. On the server side, the gateway associates userids
to packets, thus enabling the possibility to filter packets on a user
basis. Furthermore, the server architecture is done to use external
authentication source such as an LDAP server.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Principal Consultant, EMEA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359324
2. Dir. of InfoSec Consulting Practice - Austin Tx Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359323
3. Director Quality Assurance Silicon Valley (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359322
4. Chief Security Officer - Raleigh, NC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359295
5. Professional Services- San Francisco CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359294
6. Security Test Engineer-San Francisco CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359292
7. Security Architect - Albany, NY (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359291
8. Jr. Level Perimeter Security - St. Louis (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359238
9. Director of Security Software Sales (CA, Bay Area) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359237
10. Cleared with 8 years experience (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359217
11. Sales Engineer / New York Area / Web Services Securi... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359216
12. Senior Security Engineer ? Windows Specialist - Nash... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359213
13. Seeking Security or Windows 2000 Exchange position -... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359210
14. Senior Security Engineer ? Security Implementations ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359209
15. JOB OPENING: MA, Network Security pre-sales engineer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359204
16. Senior Security Engineer/Windows Specialist - HCA - ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359161
17. Director of Sales California (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359160
18. ArcSight needs Sales Engineer for Boston or NY (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359124
19. Information Security Officer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359123
20. www.Starpoint.com & Security Analyst position in Phi... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359116
21. Security Sales Engineer opening in UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359115
22. Mainframe RACF Security Expertise (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359060
23. consulting opportunity (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359055
24. Director of Compliance - New Jersey (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359054
25. 2 Security related opportunities in St. Louis, MO (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359053
26. SVP IT Compliance for NJ/NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359047
27. Sr. Solutions Engineer- Smart cards Wash DC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359046
28. Security Sales Engineers-New York and San Francisco (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359045
29. Senior Windows Security Researcher (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359044
30. Information Quality Background/ Auditor needed in Ri... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/359043
31. Information Security Advisor - Wash DC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358912
32. Senior Management position in Northern Virginia (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358904
33. Network/Security/Project Consulting/Contract Positio... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/358893
VI. INCIDENTS LIST SUMMARY
--------------------------
1. Agobot variant - with multi-vulnerability scanner (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359440
2. Strange authentication attempts (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359319
3. very weird traffic (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359318
4. Scanning from source Port 220 for Port 21 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359288
5. [list-admin] Strange authentication attempts (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359108
6. Interesting DNS update traffic (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/359038
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Outlook Mailto URL:vulnerabilty (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359335
2. Problem rlogin protocol (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359334
3. IE Bug in Javascript Navigator Object (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359333
4. Buffer Overflows (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/359283
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. ISA Server Crash - More Information (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359285
2. Fw: ISA Server Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359228
3. ISA Server Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359227
4. SecurityFocus Microsoft Newsletter #182 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/358977
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. NFS Over Private Network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/358971
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. nis : how to avoid user1 becoming user2 using local ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/359418
2. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/359401
3. Rewrite Rules, SSL, and .htaccess (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/359396
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Core Security Technologies
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit us at:
http://www.securityfocus.com/sponsor/CoreSecurity_sf-news_040405
to learn more.
------------------------------------------------------------------------
[ reply ]