This Issue is Sponsored By: International Trade & Technology Summit
Who Turned Out the Lights? Addressing the Risk of Cyber Terrorism
We are now faced with the threat of cyber terrorism to our essential
services - electricity, petroleum production, water, transportation and
communications - and proactive leadership is needed if we want to prevent
this new threat to our way of life. Hear the solutions to this and other
important pressing issues at the International Trade & Technology Summit
in Calgary, Alberta June 23-25, 2004. To learn more visit
http://www.securityfocus.com/sponsor/CalgarySummit_sf-news_040525
I. FRONT AND CENTER
1. Malware Analysis for Administrators
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
3. Weighing Profits against Peril
II. BUGTRAQ SUMMARY
1. NetChat Web Server Remote Buffer Overflow Vulnerability
2. LHA Multiple extract_one Buffer Overflow Vulnerabilities
3. Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflo...
4. Apple Mac OS X Help Protocol Remote Code Execution Vulnerabi...
5. WebCT Campus Edition HTML Tags HTML Injection Vulnerabilitie...
6. KDE Multiple URI Handler Vulnerabilities
7. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
8. GNU LibTASN1 Undisclosed Vulnerability
9. WGet Insecure File Creation Race Condition Vulnerability
10. VBulletin Index.PHP Remote File Include Vulnerability
11. Microsoft Windows XP Self-Executing Folder Vulnerability
12. osCommerce File Manager Directory Traversal Vulnerability
13. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
14. Alt-N MDaemon Remote Status Command Buffer Overflow Vulnerab...
15. PHP-Nuke Multiple Input Validation Vulnerabilities
16. LibUser Multiple Unspecified Vulnerabilities
17. Microsoft Outlook 2003 Media File Script Execution Vulnerabi...
18. Mandrake Linux passwd Potential Vulnerabilities
19. Blue Coat Systems SGOS Private Key Disclosure Vulnerability
20. SGI IRIX rpc.mountd Remote Denial of Service Vulnerability
21. Secure Computing Sidewinder G2 Multiple Unspecified Denial O...
22. phpMyFAQ Action Parameter Arbitrary File Disclosure Vulnerab...
23. Multiple Perl Implementation System Function Call Buffer Ove...
24. Omnicron OmniHTTPD Get Request Buffer Overflow Vulnerability
25. phpMyFAQ Lang Parameter Directory Traversal Vulnerability
26. Zen Cart Login.PHP SQL Injection Vulnerability
27. Multiple Perl Implementation Duplication Operator Integer Ov...
28. DSM Light Explorer.EXE Directory Traversal Vulnerability
29. Microsoft Internet Explorer CSS Style Sheet Memory Corruptio...
30. KDE Konqueror Embedded Image URI Obfuscation Weakness
31. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
32. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
33. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
34. Java Secure Socket Extension Certificate Validation Vulnerab...
35. F5 BIG-IP Syncookie Denial Of Service Vulnerability
36. Netscape Navigator Embedded Image URI Obfuscation Weakness
37. Netenberg Fantastico De Luxe Predictable Username Brute Forc...
38. Symantec Norton AntiVirus ActiveX Control Remote Code Execut...
39. Hummingbird Exceed Xconfig Access Validation Vulnerability
40. Vsftpd Listener Denial of Service Vulnerability
41. e107 Website System Log.PHP HTML Injection Vulnerability
42. UCD-SNMPD Command Line Parsing Local Buffer Overflow Vulnera...
43. SquirrelMail Unspecified SQL Injection Vulnerability
44. Qualcomm Eudora To: Field Memory Corruption Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Apple patches critical Mac OS X hole
2. 'Patriot' hacker pleads guilty
3. Sasser suspect has fans
4. Beware of 'IBM laptop order' email
5. Computer virus researcher looks to biology for clues
6. As identity theft jumps, so do costly monitoring services
IV. SECURITYFOCUS TOP 6 TOOLS
1. php-syslog-ng v2.5
2. Ettercap v0.7.0 pre2
3. Pubcookie 3.1.0
4. Linux Intrusion Detection System (LIDS) v2.6.6
5. Syhunt TS Security Scanner 6.7 Build 96
6. Astaro Security Linux (Stable 5.x) v5.007
V. SECURITYJOBS LIST SUMMARY
1. IDS Application Rollout Practice Manager (Seattle) (Thread)
2. Firewall Practice Manager (Seattle) (Thread)
3. seeking new opportunity. (Thread)
4. Multiple Computer Systems Security Analyst position ... (Thread)
5. Computer Incident Response Co-ordinator-UK (Thread)
6. Security Systems Engineers - Channel Focused (Thread)
7. Contract Position - Security Architect/Admin; LDAP, ... (Thread)
8. Senior Security Researcher/Engineer - Bay Area, CA -... (Thread)
9. Security Engineer VA (Thread)
10. Security team lead in Herndon Va. (Thread)
11. Vice President of Federal Sales- DC Metro (Thread)
12. VP North American Marketing (Thread)
13. Symantec Response Team-Senior Principal Software Eng... (Thread)
14. Windows Driver and Application Developer needed in M... (Thread)
15. Large e-commerce company seeks Manager, Information ... (Thread)
16. Product Marketing Managers and Product Managers (Thread)
17. Experienced Infosec Consultant/Instructor (Thread)
18. Security Engineering Team Incident Response Lead (Thread)
19. infosec analyst looking for job. specialises in open... (Thread)
20. Security Program Manager: Yuma, AZ (Thread)
21. Security Engineering Team - Incident Response Lead (Thread)
22. 6+ months Network Engineer position at Mexico City $... (Thread)
23. ArcSight is hiring! One Principal Security Evangelis... (Thread)
24. Vulnerability Research Engineer - Atlanta, Austin (Thread)
25. Fw: Mid-west search (Thread)
26. Business Development Consultant ? Sydney, Australia (Thread)
27. Contract Opportunities - Information Security Consu... (Thread)
28. FW: AE - Chicago (Thread)
29. FW: AE - Bay Area (Thread)
30. AE - D.C. Federal (Thread)
31. Symantec-Windows Development Managers-Santa Monica, ... (Thread)
32. Sr. Manager of Security Professional Services (L.A. ... (Thread)
33. Sales Engineer--Network Security (Bay Area) (Thread)
34. Symantec-Windows/COM Engineers-Santa Monica, CA (Thread)
35. IT Security Manager , UK (Thread)
36. San Diego Area - Security Engineering/IA Position Op... (Thread)
37. Dallas, TX - Manager of IT Security Compliance (Thread)
38. Software Engineer- Southern California (714) (Thread)
39. TS/SCI cleared Getting out of military soon (Thread)
VI. INCIDENTS LIST SUMMARY
1. Turnitinbot exploits webserver vulnerabilities? (Thread)
2. TCP port 5000 syn increasing (Thread)
3. New article announcment: Malware Analysis for Admini... (Thread)
4. queries for MX of sexnet.com (Thread)
5. [Securityfocus-incidents] RE: TCP port 5000 syn incr... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. [Format String vulnerabilities] (Thread)
2. Re[2]: Stealing NT passwords through WiFi? (Thread)
3. Stealing NT passwords through WiFi? (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Workstation service deletes itself?? (Thread)
2. Search NTFS share permissions (Thread)
3. Article Announcement: Busted (Thread)
4. SV: Search NTFS share permissions (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Suspicious Activity with program sleep() states (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Problem with my wireless network (Thread)
2. Secure Form Script? (Thread)
3. looking for wireless linux security book (Thread)
4. iptables firewall script for debian-woody, 2.4.24 (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Malware Analysis for Administrators
By S. G. Masood
The purpose of this article is to help administrators and power users use
behavioral analysis to determine if a binary is harmful malware, by
analyzing it in a lab environment without the use of anti-virus software,
debuggers, or code disassembly.
http://www.securityfocus.com/infocus/1780
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
By Bob Rudis
This is the second of a two-part series that focuses on the centralized
management of security for mobile users. Part two completes the
discussion by presenting additional layers of defence to help protect
valuable, mobile data.
http://www.securityfocus.com/infocus/1781
3. Weighing Profits against Peril
By Mark Rasch
Denying XP pirates the SP2 upgrade would hurt the Internet to protect
Microsoft's bottom line.
http://www.securityfocus.com/columnists/243
II. BUGTRAQ SUMMARY
-------------------
1. NetChat Web Server Remote Buffer Overflow Vulnerability
BugTraq ID: 10353
Remote: Yes
Date Published: May 15 2004
Relevant URL: http://www.securityfocus.com/bid/10353
Summary:
The NetChat web server implementation is affected by a stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the size of network-based user input when transferring it to process memory.
This issue could be leveraged to manipulate process memory, allowing an attacker to execute arbitrary code in the security context of the affected process and resulting in a user level compromise.
2. LHA Multiple extract_one Buffer Overflow Vulnerabilities
BugTraq ID: 10354
Remote: Yes
Date Published: May 15 2004
Relevant URL: http://www.securityfocus.com/bid/10354
Summary:
LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. These issues are triggered in the 'extract_one()' and are due to a failure of the application to properly validate string lengths in offending files.
These issues might allow an attacker to execute code in the context of a user invoking the affected utility.
3. Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflo...
BugTraq ID: 10355
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10355
Summary:
A stack-based buffer overflow has been reported in the Apache mod_ssl module.
This issue is exposed in utility code for uuencoding binary data.
This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
4. Apple Mac OS X Help Protocol Remote Code Execution Vulnerabi...
BugTraq ID: 10356
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10356
Summary:
It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system.
The issue presents itself due to the 'help:' protocol implemented by the Mac OS X help application. It has been reported that the 'help:' protocol can be invoked remotely by the Safari web browser. This could allow an attacker to craft a malicious link and entice a user to follow the link in order to execute script code via the help application. It has been reported that this issue can be exploited to execute arbitrary code with minimal user interaction. Reportedly, an attacker can exploit this issue by simply enticing a user to visit a malicious site.
An attacker can also use HTML email as an attack vector to exploit this vulnerability. For example, an attacker can embed HTML into Apple Mail and send it as a link to a vulnerable user. If the user follows the link, script code will be executed.
Successful exploitation of this issue may allow a remote attacker to gain unauthorized access to a vulnerable system in the context of an affected user.
Mac OS X 10.3 is reported to be prone to this issue, however, it is possible that prior versions are affected as well. Other web browsers that support the 'help:' protocol may also present an attack vector for this issue.
5. WebCT Campus Edition HTML Tags HTML Injection Vulnerabilitie...
BugTraq ID: 10357
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10357
Summary:
WebCT Campus Edition is reportedly affected by multiple HTML tag HTML injection vulnerabilities. These issues are due to a failure of the application to properly validate and sanitize user input.
It has been reported that this issue can be exploited to steal authentication credentials and other sensitive information; giving an attacker full control of an unsuspecting user's account. Other attacks may also be possible.
6. KDE Multiple URI Handler Vulnerabilities
BugTraq ID: 10358
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10358
Summary:
It has been reported that KDE is prone to multiple input validation vulnerabilities in various URI handlers. The issues are reported to exist due to insufficient sanitization of user-supplied input by the telnet, rlogin, ssh and mailto URI handlers. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the programs to carry out an attack.
7. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
BugTraq ID: 10359
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10359
Summary:
It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks.
The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site.
These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible.
8. GNU LibTASN1 Undisclosed Vulnerability
BugTraq ID: 10360
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10360
Summary:
GNU Utils Libtasn1 has been reported prone to an undisclosed vulnerability. The issue is reported to present itself in the DER parsing functions of Libtasn1.
This BID will be updated as soon as further information regarding this vulnerability becomes available.
Libtasn1 versions prior to 0.1.2 and 0.2.7 are reported prone to this vulnerability.
9. WGet Insecure File Creation Race Condition Vulnerability
BugTraq ID: 10361
Remote: No
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10361
Summary:
wget has been reported prone to a race condition vulnerability. The issue exists because wget does not lock files that it creates and writes to during file downloads.
A local attacker may exploit this condition to corrupt files with the privileges of the victim who is running the vulnerable version of wget.
10. VBulletin Index.PHP Remote File Include Vulnerability
BugTraq ID: 10362
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10362
Summary:
A vulnerability has been reported to exist in the software that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The issue exists due to improper validation of user-supplied data. The problem exists in the 'loc' parameter of 'index.php' script.
11. Microsoft Windows XP Self-Executing Folder Vulnerability
BugTraq ID: 10363
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10363
Summary:
A vulnerability has been reported in Microsoft Windows XP that may result in execution of malicious code in the context of the currently logged in user. The flaw exists in Windows Explorer and may allow for executable content that is referenced from inside of a folder to be executed automatically when the folder is accessed.
This vulnerability poses a security risk since it is assumed that opening a folder is a safe action and that executable content cannot be run when a folder is accessed. Additionally, it has been reported that this issue may be exploitable remotely if the malicious folder is accessed from an SMB share.
A proof of concept exploit has been provided that executes NetMeeting and installs a keylogger on a vulnerable system.
12. osCommerce File Manager Directory Traversal Vulnerability
BugTraq ID: 10364
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10364
Summary:
It is reported that osCommerce has a directory traversal vulnerability that allows a remote attacker to possibly gain access to sensitive information. The software improperly sanitizes user-supplied input and allows '../' directory traversal character sequences when serving files.
This allows an attacker to access files outside of the application document root, potentially allowing the attacker to view files that contain sensitive information or aid them in further attacks on the computer.
13. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
BugTraq ID: 10365
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10365
Summary:
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
14. Alt-N MDaemon Remote Status Command Buffer Overflow Vulnerab...
BugTraq ID: 10366
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10366
Summary:
Alt-N MDaemon is reportedly prone to a remote stack-based buffer overflow vulnerability. This vulnerability is due to a failure of the application to properly validate buffer sizes when processing input.
It should be noted that this issue can only be exploited by clients authenticated to the affected IMAP server; any user with an email account can leverage this issue.
This issue can be leveraged to cause the affected process to crash, denying service to legitimate users. It has been reported that this issue can also be leveraged to execute arbitrary code with the privileges of the user running the server on an affected computer.
15. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10367
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10367
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks.
16. LibUser Multiple Unspecified Vulnerabilities
BugTraq ID: 10368
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10368
Summary:
Libuser implements a standardized interface for manipulating and administering user and group accounts one Unix systems.
It has been reported that several vulnerabilities exist in this library. Attackers could possibly crash applications that are linked to this library, or possibly cause the applications to write 4GB files containing garbage to disk.
These issues could possibly lead to a denial of service condition, causing legitimate users to be unable to access resources.
17. Microsoft Outlook 2003 Media File Script Execution Vulnerabi...
BugTraq ID: 10369
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10369
Summary:
Microsoft Outlook is reportedly prone to a media file script execution vulnerability. This issue is due to a design error that would allow for the execution of scripts located in media files regardless of security settings.
This issue might allow an attacker to execute arbitrary files on the affected computer. Leveraging other issues, such as the Microsoft Outlook 2003 Predictable File Location Weakness (BID 10307), it might be possible for an attacker to execute arbitrary, attacker-supplied code.
18. Mandrake Linux passwd Potential Vulnerabilities
BugTraq ID: 10370
Remote: Unknown
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10370
Summary:
Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.
19. Blue Coat Systems SGOS Private Key Disclosure Vulnerability
BugTraq ID: 10371
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10371
Summary:
Blue Coat Systems Security Gateway OS (SGOS) 3.x devices are prone to a vulnerability that could cause the private encryption key to be disclosed to unauthorized parties.
The issue reportedly occurs when the private key is imported through the web-based administrative interface. This will cause the private key and passphrase to logged in plaintext, potentially exposing this issue to other local users.
It is also reported that certain administrative actions or configurations could also expose this information to other unauthorized parties, though specific details have not been publicized at this time.
20. SGI IRIX rpc.mountd Remote Denial of Service Vulnerability
BugTraq ID: 10372
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10372
Summary:
SGI IRIX is prone to a remote denial of service vulnerability. The issue presents itself due to an unspecified error in rpc.mountd, when the process parses certain RPC requests.
SGI IRIX 6.5.24 is affected by this issue, however, it is possible that other versions of IRIX are affected as well.
21. Secure Computing Sidewinder G2 Multiple Unspecified Denial O...
BugTraq ID: 10373
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10373
Summary:
It has been reported that the Sidewinder G2 is prone to multiple unspecified denial of service vulnerabilities.
The T.120, RTSP and SMTP proxies, and the mail filter all have been reported to contain denial of service vulnerabilities.
These vulnerabilities could be exploited by a remote attacker to deny service to legitimate users.
22. phpMyFAQ Action Parameter Arbitrary File Disclosure Vulnerab...
BugTraq ID: 10374
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10374
Summary:
phpMyFAQ is prone to an arbitrary file disclosure vulnerability that can allow a remote attacker to gain access to potentially sensitive information. This vulnerability exists due to insufficient sanitization of user-supplied data via the 'action' parameter. An attacker can disclose files by passing a relative path to a file and concatenating the path with a '\0' string terminator.
phpMyFAQ version 1.3.12 is prone to this issue.
23. Multiple Perl Implementation System Function Call Buffer Ove...
BugTraq ID: 10375
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10375
Summary:
ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability.
The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that is passed to a Perl system() function call. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Arbitrary code execution will occur in the context of the user who is running the malicious Perl script.
24. Omnicron OmniHTTPD Get Request Buffer Overflow Vulnerability
BugTraq ID: 10376
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10376
Summary:
Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input.
This issue could allow an attacker to execute arbitrary code with the privileges of the affected web server.
25. phpMyFAQ Lang Parameter Directory Traversal Vulnerability
BugTraq ID: 10377
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10377
Summary:
phpMyFAQ is prone to a directory traversal vulnerability. The issue occurs if a remote attacker sends a request for a file containing directory traversal character sequences to the application. If successful, the attacker can access arbitrary files on a vulnerable computer in the context of the affected server.
phpMyFAQ 1.4.0-alpha1 is prone to this issue.
26. Zen Cart Login.PHP SQL Injection Vulnerability
BugTraq ID: 10378
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10378
Summary:
Zen Cart has been reported prone to an SQL injection vulnerability. This is due to an input validation error that fails to validate user input before using it in SQL queries.
This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
27. Multiple Perl Implementation Duplication Operator Integer Ov...
BugTraq ID: 10380
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10380
Summary:
ActiveState Perl is reported to be prone to an integer overflow vulnerability. It is revealed through testing that other implementations are also vulnerable.
The issue is reported to exist due to a lack of sufficient bounds checking that is performed on multiplier data that is passed to a Perl duplicator statement. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Failed exploit attempts will result in a denial of service.
28. DSM Light Explorer.EXE Directory Traversal Vulnerability
BugTraq ID: 10381
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10381
Summary:
DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue would allow an attacker to view arbitrary, web-readable files on the affected computer. This may aid an attacker in conducting further attacks against the vulnerable computer.
29. Microsoft Internet Explorer CSS Style Sheet Memory Corruptio...
BugTraq ID: 10382
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10382
Summary:
A vulnerability identified in Internet Explorer may allow an attacker to cause the application to crash. The issue presents itself when the browser attempts to process an HTML page containing a table and loads a css style sheet from a file.
This issue could be exploited by a remote attacker to cause a denial of service condition in the browser.
30. KDE Konqueror Embedded Image URI Obfuscation Weakness
BugTraq ID: 10383
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10383
Summary:
It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
31. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
BugTraq ID: 10384
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10384
Summary:
CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution.
CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue.
32. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
BugTraq ID: 10385
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10385
Summary:
Neon WebDAV client library is prone to a heap overflow vulnerability. This issue exists due to improper boundary checks performed on user-supplied data. Reportedly a malformed string value may cause a sscanf() string overflow into static heap variables.
Neon 0.24.5 and prior are prone to this issue.
33. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
BugTraq ID: 10386
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10386
Summary:
Subversion is prone to a buffer overflow vulnerability. This issue exists in one of the data parsing functions of the application. Specifically, Subversion calls an sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application.
Subversion versions 1.0.2 and prior are prone to this issue.
34. Java Secure Socket Extension Certificate Validation Vulnerab...
BugTraq ID: 10387
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10387
Summary:
Java Secure Socket Extension (JSSE) is prone to a security vulnerability. JSSE may incorrectly validate certificates provided by a website. This would permit an untrusted Web site to appear as trusted with regards to SSL.
It should be noted that the JSSE included in the Java JRE/SDK 1.4.x is not affected by this issue.
35. F5 BIG-IP Syncookie Denial Of Service Vulnerability
BugTraq ID: 10388
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10388
Summary:
It has been reported that the switch is susceptible to a denial of service condition, whereby a remote attacker is able to panic the kernel. Once the kernel is in a panic condition, the switch is rendered completely incapacitated, denying access to legitimate users.
The fault lies in a race condition in the syncookie evaluation code. A remote attacker could exploit this vulnerability by simple SYN flooding an affected switch. These switches are designed to add reliability to network applications, this could be a significant denial of service.
The vulnerability functionality was included in version 4.5. Versions prior to 4.5 are not vulnerable to the issue.
36. Netscape Navigator Embedded Image URI Obfuscation Weakness
BugTraq ID: 10389
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10389
Summary:
It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
37. Netenberg Fantastico De Luxe Predictable Username Brute Forc...
BugTraq ID: 10390
Remote: No
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10390
Summary:
Fantastico De Luxe is prone to a vulnerability that could allow an attacker to brute force user accounts and potentially gain unauthorized access. This issue presents itself when the application is used in combination with a MySQL database. The vulnerability occurs when Fantastico De Luxe creates database files for users by using valid user names.
Successful exploitation of this issue can allow an attacker to ultimately gain access to user credentials and therefore potentially gain access to accounts.
38. Symantec Norton AntiVirus ActiveX Control Remote Code Execut...
BugTraq ID: 10392
Remote: Yes
Date Published: May 20 2004
Relevant URL: http://www.securityfocus.com/bid/10392
Summary:
Symantec Norton AntiVirus is prone to a remote code execution vulnerability. This issue presents itself in an ActiveX control used by the application and could allow an attacker to execute arbitrary executables, launch URI pop-up windows, and carry out denial of service attacks against the antivirus application.
Norton AntiVirus 2004 is prone to this vulnerability.
39. Hummingbird Exceed Xconfig Access Validation Vulnerability
BugTraq ID: 10393
Remote: No
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10393
Summary:
Exceed is prone to a vulnerability that can allow a local attacker to bypass certain access restrictions and edit various configuration settings. The issue occurs as an attacker can bypass restrictions on 'xconfig.exe' program.
A successful attack may allow an attacker to modify configuration settings that can lead to further attacks against the application or the computer.
This issue presents itself in the 'xconfig' application supplied with Exceed 9.0.0.
40. Vsftpd Listener Denial of Service Vulnerability
BugTraq ID: 10394
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10394
Summary:
According to the vendor, vsftpd is prone to a denial of service condition in the connection handling code. Vsftpd's listener process can become unstable under extreme loads, denying service to legitimate users.
The issue apparently arises from reentering malloc and free, possibly corrupting memory. Vsftpd calls non-reentrant functions inappropriately, thus leading to a denial of service vulnerability.
41. e107 Website System Log.PHP HTML Injection Vulnerability
BugTraq ID: 10395
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10395
Summary:
It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input.
The problem presents itself when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application stores the injected HTML code, which is then rendered in the browser of an unsuspecting user whenever the log page of the affected site is viewed.
42. UCD-SNMPD Command Line Parsing Local Buffer Overflow Vulnera...
BugTraq ID: 10396
Remote: No
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10396
Summary:
It is reported that the UCD-SNMP 'snmpd' daemon is prone to a command line parsing buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the size of user-supplied argument strings before copying them into a finite buffer. This issue may permit a local attacker to influence execution flow of the affected snmpd daemon, and ultimately execute arbitrary instructions in the context of the process.
This vulnerability is reported to affect UCD-SNMP versions up to an including version 4.2.6.
43. SquirrelMail Unspecified SQL Injection Vulnerability
BugTraq ID: 10397
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10397
Summary:
Reportedly, SquirrelMail is prone to an unspecified SQL injection vulnerability. The vulnerability results from insufficient sanitization of user-supplied data.
This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the user password hashes or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
Due to a lack of information, further details are not currently available. This BID will be updated as more information becomes available.
SquirrelMail 1.4.2 and prior versions are affected by this issue.
44. Qualcomm Eudora To: Field Memory Corruption Vulnerability
BugTraq ID: 10398
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10398
Summary:
Eudora is prone to a memory corruption vulnerability. It is reported that this issue occurs when the application processes email messages with a 'To:' field that is larger than 240 characters. An attacker could send a message with a large 'from:' or 'Reply To:' field and this issue could be triggered when the user replies to the message.
Successful exploitation of this issue could result in a denial of service condition due to possible memory corruption. It is possible that this issue could be leveraged to execute arbitrary code, however, this is not confirmed at the moment.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Apple patches critical Mac OS X hole
By: Kevin Poulsen
The company claims customers were never put at risk by the well-known and easily exploited bug.
http://www.securityfocus.com/news/8742
2. 'Patriot' hacker pleads guilty
By: Kevin Poulsen
Twenty-two-year-old faces two years or more in prison after publicly cracking government systems and warning of cyber terror risks.
http://www.securityfocus.com/news/8717
3. Sasser suspect has fans
By: Kevin Poulsen
Free Jaschan site pops up in record time, and quickly begins raising money.
http://www.securityfocus.com/news/8581
4. Beware of 'IBM laptop order' email
By: John Leyden, The Register
Hackers tried to trick users into visiting a maliciously-constructed website using a blizzard of spam emails last week. The assault attempted to exploit a previously unknown vulnerability with Internet Explorer to seize control of the maximum number of Windows PCs.
http://www.securityfocus.com/news/8765
5. Computer virus researcher looks to biology for clues
By: Michael Hill, The Associated Press
http://www.securityfocus.com/news/8753
6. As identity theft jumps, so do costly monitoring services
By: Brian Bergstein, The Associated Press
http://www.securityfocus.com/news/8744
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. php-syslog-ng v2.5
By: mearls
Relevant URL: http://www.vermeer.org/syslog
Platforms: PHP
Summary:
php-syslog-ng is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, and date.
2. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Pubcookie is an Open Source package for intra-institutional, single sign-on, end-user Web authentication. More generally, it is an approach to identifying users as they browse to an institution's many websites that require authentication. It helps an institution reuse existing authentication services (like Kerberos, LDAP, or NIS), and it limits the exposure of end-user passwords by ensuring they're only sent to a trusted login service.
4. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg (at) gem.ncic.ac (dot) cn [email concealed]
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
5. Syhunt TS Security Scanner 6.7 Build 96
By: Syhunt
Relevant URL: http://www.syhunt.com/section.php?id=scanner
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Syhunt TS Security Scanner is able to find the unfindable, not only known vulnerabilities, but also potential new ones. The new version can identify and exploit vulnerabilities in a matter of minutes and is a key tool for security professionals and administrators.
Astaro Security Linux is a firewall solution. It does stateful packet inspection filtering, content filtering, user authentication, virus scanning, VPN with IPSec and PPTP, and much more. With its Web-based management tool, WebAdmin, and the ability to pull updates via the Internet, it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. IDS Application Rollout Practice Manager (Seattle) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364147
2. Firewall Practice Manager (Seattle) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364146
3. seeking new opportunity. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364145
4. Multiple Computer Systems Security Analyst position ... (Thread)
Relevant URL:
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. Suspicious Activity with program sleep() states (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/364049
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Problem with my wireless network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364058
2. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364050
3. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363966
4. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363883
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: International Trade & Technology Summit
Who Turned Out the Lights? Addressing the Risk of Cyber Terrorism
We are now faced with the threat of cyber terrorism to our essential
services - electricity, petroleum production, water, transportation and
communications - and proactive leadership is needed if we want to prevent
this new threat to our way of life. Hear the solutions to this and other
important pressing issues at the International Trade & Technology Summit
in Calgary, Alberta June 23-25, 2004. To learn more visit
http://www.securityfocus.com/sponsor/CalgarySummit_sf-news_040525
------------------------------
This Issue is Sponsored By: International Trade & Technology Summit
Who Turned Out the Lights? Addressing the Risk of Cyber Terrorism
We are now faced with the threat of cyber terrorism to our essential
services - electricity, petroleum production, water, transportation and
communications - and proactive leadership is needed if we want to prevent
this new threat to our way of life. Hear the solutions to this and other
important pressing issues at the International Trade & Technology Summit
in Calgary, Alberta June 23-25, 2004. To learn more visit
http://www.securityfocus.com/sponsor/CalgarySummit_sf-news_040525
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Malware Analysis for Administrators
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
3. Weighing Profits against Peril
II. BUGTRAQ SUMMARY
1. NetChat Web Server Remote Buffer Overflow Vulnerability
2. LHA Multiple extract_one Buffer Overflow Vulnerabilities
3. Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflo...
4. Apple Mac OS X Help Protocol Remote Code Execution Vulnerabi...
5. WebCT Campus Edition HTML Tags HTML Injection Vulnerabilitie...
6. KDE Multiple URI Handler Vulnerabilities
7. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
8. GNU LibTASN1 Undisclosed Vulnerability
9. WGet Insecure File Creation Race Condition Vulnerability
10. VBulletin Index.PHP Remote File Include Vulnerability
11. Microsoft Windows XP Self-Executing Folder Vulnerability
12. osCommerce File Manager Directory Traversal Vulnerability
13. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
14. Alt-N MDaemon Remote Status Command Buffer Overflow Vulnerab...
15. PHP-Nuke Multiple Input Validation Vulnerabilities
16. LibUser Multiple Unspecified Vulnerabilities
17. Microsoft Outlook 2003 Media File Script Execution Vulnerabi...
18. Mandrake Linux passwd Potential Vulnerabilities
19. Blue Coat Systems SGOS Private Key Disclosure Vulnerability
20. SGI IRIX rpc.mountd Remote Denial of Service Vulnerability
21. Secure Computing Sidewinder G2 Multiple Unspecified Denial O...
22. phpMyFAQ Action Parameter Arbitrary File Disclosure Vulnerab...
23. Multiple Perl Implementation System Function Call Buffer Ove...
24. Omnicron OmniHTTPD Get Request Buffer Overflow Vulnerability
25. phpMyFAQ Lang Parameter Directory Traversal Vulnerability
26. Zen Cart Login.PHP SQL Injection Vulnerability
27. Multiple Perl Implementation Duplication Operator Integer Ov...
28. DSM Light Explorer.EXE Directory Traversal Vulnerability
29. Microsoft Internet Explorer CSS Style Sheet Memory Corruptio...
30. KDE Konqueror Embedded Image URI Obfuscation Weakness
31. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
32. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
33. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
34. Java Secure Socket Extension Certificate Validation Vulnerab...
35. F5 BIG-IP Syncookie Denial Of Service Vulnerability
36. Netscape Navigator Embedded Image URI Obfuscation Weakness
37. Netenberg Fantastico De Luxe Predictable Username Brute Forc...
38. Symantec Norton AntiVirus ActiveX Control Remote Code Execut...
39. Hummingbird Exceed Xconfig Access Validation Vulnerability
40. Vsftpd Listener Denial of Service Vulnerability
41. e107 Website System Log.PHP HTML Injection Vulnerability
42. UCD-SNMPD Command Line Parsing Local Buffer Overflow Vulnera...
43. SquirrelMail Unspecified SQL Injection Vulnerability
44. Qualcomm Eudora To: Field Memory Corruption Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Apple patches critical Mac OS X hole
2. 'Patriot' hacker pleads guilty
3. Sasser suspect has fans
4. Beware of 'IBM laptop order' email
5. Computer virus researcher looks to biology for clues
6. As identity theft jumps, so do costly monitoring services
IV. SECURITYFOCUS TOP 6 TOOLS
1. php-syslog-ng v2.5
2. Ettercap v0.7.0 pre2
3. Pubcookie 3.1.0
4. Linux Intrusion Detection System (LIDS) v2.6.6
5. Syhunt TS Security Scanner 6.7 Build 96
6. Astaro Security Linux (Stable 5.x) v5.007
V. SECURITYJOBS LIST SUMMARY
1. IDS Application Rollout Practice Manager (Seattle) (Thread)
2. Firewall Practice Manager (Seattle) (Thread)
3. seeking new opportunity. (Thread)
4. Multiple Computer Systems Security Analyst position ... (Thread)
5. Computer Incident Response Co-ordinator-UK (Thread)
6. Security Systems Engineers - Channel Focused (Thread)
7. Contract Position - Security Architect/Admin; LDAP, ... (Thread)
8. Senior Security Researcher/Engineer - Bay Area, CA -... (Thread)
9. Security Engineer VA (Thread)
10. Security team lead in Herndon Va. (Thread)
11. Vice President of Federal Sales- DC Metro (Thread)
12. VP North American Marketing (Thread)
13. Symantec Response Team-Senior Principal Software Eng... (Thread)
14. Windows Driver and Application Developer needed in M... (Thread)
15. Large e-commerce company seeks Manager, Information ... (Thread)
16. Product Marketing Managers and Product Managers (Thread)
17. Experienced Infosec Consultant/Instructor (Thread)
18. Security Engineering Team Incident Response Lead (Thread)
19. infosec analyst looking for job. specialises in open... (Thread)
20. Security Program Manager: Yuma, AZ (Thread)
21. Security Engineering Team - Incident Response Lead (Thread)
22. 6+ months Network Engineer position at Mexico City $... (Thread)
23. ArcSight is hiring! One Principal Security Evangelis... (Thread)
24. Vulnerability Research Engineer - Atlanta, Austin (Thread)
25. Fw: Mid-west search (Thread)
26. Business Development Consultant ? Sydney, Australia (Thread)
27. Contract Opportunities - Information Security Consu... (Thread)
28. FW: AE - Chicago (Thread)
29. FW: AE - Bay Area (Thread)
30. AE - D.C. Federal (Thread)
31. Symantec-Windows Development Managers-Santa Monica, ... (Thread)
32. Sr. Manager of Security Professional Services (L.A. ... (Thread)
33. Sales Engineer--Network Security (Bay Area) (Thread)
34. Symantec-Windows/COM Engineers-Santa Monica, CA (Thread)
35. IT Security Manager , UK (Thread)
36. San Diego Area - Security Engineering/IA Position Op... (Thread)
37. Dallas, TX - Manager of IT Security Compliance (Thread)
38. Software Engineer- Southern California (714) (Thread)
39. TS/SCI cleared Getting out of military soon (Thread)
VI. INCIDENTS LIST SUMMARY
1. Turnitinbot exploits webserver vulnerabilities? (Thread)
2. TCP port 5000 syn increasing (Thread)
3. New article announcment: Malware Analysis for Admini... (Thread)
4. queries for MX of sexnet.com (Thread)
5. [Securityfocus-incidents] RE: TCP port 5000 syn incr... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. [Format String vulnerabilities] (Thread)
2. Re[2]: Stealing NT passwords through WiFi? (Thread)
3. Stealing NT passwords through WiFi? (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Workstation service deletes itself?? (Thread)
2. Search NTFS share permissions (Thread)
3. Article Announcement: Busted (Thread)
4. SV: Search NTFS share permissions (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Suspicious Activity with program sleep() states (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Problem with my wireless network (Thread)
2. Secure Form Script? (Thread)
3. looking for wireless linux security book (Thread)
4. iptables firewall script for debian-woody, 2.4.24 (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Malware Analysis for Administrators
By S. G. Masood
The purpose of this article is to help administrators and power users use
behavioral analysis to determine if a binary is harmful malware, by
analyzing it in a lab environment without the use of anti-virus software,
debuggers, or code disassembly.
http://www.securityfocus.com/infocus/1780
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
By Bob Rudis
This is the second of a two-part series that focuses on the centralized
management of security for mobile users. Part two completes the
discussion by presenting additional layers of defence to help protect
valuable, mobile data.
http://www.securityfocus.com/infocus/1781
3. Weighing Profits against Peril
By Mark Rasch
Denying XP pirates the SP2 upgrade would hurt the Internet to protect
Microsoft's bottom line.
http://www.securityfocus.com/columnists/243
II. BUGTRAQ SUMMARY
-------------------
1. NetChat Web Server Remote Buffer Overflow Vulnerability
BugTraq ID: 10353
Remote: Yes
Date Published: May 15 2004
Relevant URL: http://www.securityfocus.com/bid/10353
Summary:
The NetChat web server implementation is affected by a stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the size of network-based user input when transferring it to process memory.
This issue could be leveraged to manipulate process memory, allowing an attacker to execute arbitrary code in the security context of the affected process and resulting in a user level compromise.
2. LHA Multiple extract_one Buffer Overflow Vulnerabilities
BugTraq ID: 10354
Remote: Yes
Date Published: May 15 2004
Relevant URL: http://www.securityfocus.com/bid/10354
Summary:
LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. These issues are triggered in the 'extract_one()' and are due to a failure of the application to properly validate string lengths in offending files.
These issues might allow an attacker to execute code in the context of a user invoking the affected utility.
3. Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflo...
BugTraq ID: 10355
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10355
Summary:
A stack-based buffer overflow has been reported in the Apache mod_ssl module.
This issue is exposed in utility code for uuencoding binary data.
This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
4. Apple Mac OS X Help Protocol Remote Code Execution Vulnerabi...
BugTraq ID: 10356
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10356
Summary:
It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system.
The issue presents itself due to the 'help:' protocol implemented by the Mac OS X help application. It has been reported that the 'help:' protocol can be invoked remotely by the Safari web browser. This could allow an attacker to craft a malicious link and entice a user to follow the link in order to execute script code via the help application. It has been reported that this issue can be exploited to execute arbitrary code with minimal user interaction. Reportedly, an attacker can exploit this issue by simply enticing a user to visit a malicious site.
An attacker can also use HTML email as an attack vector to exploit this vulnerability. For example, an attacker can embed HTML into Apple Mail and send it as a link to a vulnerable user. If the user follows the link, script code will be executed.
Successful exploitation of this issue may allow a remote attacker to gain unauthorized access to a vulnerable system in the context of an affected user.
Mac OS X 10.3 is reported to be prone to this issue, however, it is possible that prior versions are affected as well. Other web browsers that support the 'help:' protocol may also present an attack vector for this issue.
5. WebCT Campus Edition HTML Tags HTML Injection Vulnerabilitie...
BugTraq ID: 10357
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10357
Summary:
WebCT Campus Edition is reportedly affected by multiple HTML tag HTML injection vulnerabilities. These issues are due to a failure of the application to properly validate and sanitize user input.
It has been reported that this issue can be exploited to steal authentication credentials and other sensitive information; giving an attacker full control of an unsuspecting user's account. Other attacks may also be possible.
6. KDE Multiple URI Handler Vulnerabilities
BugTraq ID: 10358
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10358
Summary:
It has been reported that KDE is prone to multiple input validation vulnerabilities in various URI handlers. The issues are reported to exist due to insufficient sanitization of user-supplied input by the telnet, rlogin, ssh and mailto URI handlers. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the programs to carry out an attack.
7. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
BugTraq ID: 10359
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10359
Summary:
It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks.
The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site.
These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible.
8. GNU LibTASN1 Undisclosed Vulnerability
BugTraq ID: 10360
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10360
Summary:
GNU Utils Libtasn1 has been reported prone to an undisclosed vulnerability. The issue is reported to present itself in the DER parsing functions of Libtasn1.
This BID will be updated as soon as further information regarding this vulnerability becomes available.
Libtasn1 versions prior to 0.1.2 and 0.2.7 are reported prone to this vulnerability.
9. WGet Insecure File Creation Race Condition Vulnerability
BugTraq ID: 10361
Remote: No
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10361
Summary:
wget has been reported prone to a race condition vulnerability. The issue exists because wget does not lock files that it creates and writes to during file downloads.
A local attacker may exploit this condition to corrupt files with the privileges of the victim who is running the vulnerable version of wget.
10. VBulletin Index.PHP Remote File Include Vulnerability
BugTraq ID: 10362
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10362
Summary:
A vulnerability has been reported to exist in the software that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The issue exists due to improper validation of user-supplied data. The problem exists in the 'loc' parameter of 'index.php' script.
11. Microsoft Windows XP Self-Executing Folder Vulnerability
BugTraq ID: 10363
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10363
Summary:
A vulnerability has been reported in Microsoft Windows XP that may result in execution of malicious code in the context of the currently logged in user. The flaw exists in Windows Explorer and may allow for executable content that is referenced from inside of a folder to be executed automatically when the folder is accessed.
This vulnerability poses a security risk since it is assumed that opening a folder is a safe action and that executable content cannot be run when a folder is accessed. Additionally, it has been reported that this issue may be exploitable remotely if the malicious folder is accessed from an SMB share.
A proof of concept exploit has been provided that executes NetMeeting and installs a keylogger on a vulnerable system.
12. osCommerce File Manager Directory Traversal Vulnerability
BugTraq ID: 10364
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10364
Summary:
It is reported that osCommerce has a directory traversal vulnerability that allows a remote attacker to possibly gain access to sensitive information. The software improperly sanitizes user-supplied input and allows '../' directory traversal character sequences when serving files.
This allows an attacker to access files outside of the application document root, potentially allowing the attacker to view files that contain sensitive information or aid them in further attacks on the computer.
13. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
BugTraq ID: 10365
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10365
Summary:
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
14. Alt-N MDaemon Remote Status Command Buffer Overflow Vulnerab...
BugTraq ID: 10366
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10366
Summary:
Alt-N MDaemon is reportedly prone to a remote stack-based buffer overflow vulnerability. This vulnerability is due to a failure of the application to properly validate buffer sizes when processing input.
It should be noted that this issue can only be exploited by clients authenticated to the affected IMAP server; any user with an email account can leverage this issue.
This issue can be leveraged to cause the affected process to crash, denying service to legitimate users. It has been reported that this issue can also be leveraged to execute arbitrary code with the privileges of the user running the server on an affected computer.
15. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10367
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10367
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks.
16. LibUser Multiple Unspecified Vulnerabilities
BugTraq ID: 10368
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10368
Summary:
Libuser implements a standardized interface for manipulating and administering user and group accounts one Unix systems.
It has been reported that several vulnerabilities exist in this library. Attackers could possibly crash applications that are linked to this library, or possibly cause the applications to write 4GB files containing garbage to disk.
These issues could possibly lead to a denial of service condition, causing legitimate users to be unable to access resources.
17. Microsoft Outlook 2003 Media File Script Execution Vulnerabi...
BugTraq ID: 10369
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10369
Summary:
Microsoft Outlook is reportedly prone to a media file script execution vulnerability. This issue is due to a design error that would allow for the execution of scripts located in media files regardless of security settings.
This issue might allow an attacker to execute arbitrary files on the affected computer. Leveraging other issues, such as the Microsoft Outlook 2003 Predictable File Location Weakness (BID 10307), it might be possible for an attacker to execute arbitrary, attacker-supplied code.
18. Mandrake Linux passwd Potential Vulnerabilities
BugTraq ID: 10370
Remote: Unknown
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10370
Summary:
Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.
19. Blue Coat Systems SGOS Private Key Disclosure Vulnerability
BugTraq ID: 10371
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10371
Summary:
Blue Coat Systems Security Gateway OS (SGOS) 3.x devices are prone to a vulnerability that could cause the private encryption key to be disclosed to unauthorized parties.
The issue reportedly occurs when the private key is imported through the web-based administrative interface. This will cause the private key and passphrase to logged in plaintext, potentially exposing this issue to other local users.
It is also reported that certain administrative actions or configurations could also expose this information to other unauthorized parties, though specific details have not been publicized at this time.
20. SGI IRIX rpc.mountd Remote Denial of Service Vulnerability
BugTraq ID: 10372
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10372
Summary:
SGI IRIX is prone to a remote denial of service vulnerability. The issue presents itself due to an unspecified error in rpc.mountd, when the process parses certain RPC requests.
SGI IRIX 6.5.24 is affected by this issue, however, it is possible that other versions of IRIX are affected as well.
21. Secure Computing Sidewinder G2 Multiple Unspecified Denial O...
BugTraq ID: 10373
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10373
Summary:
It has been reported that the Sidewinder G2 is prone to multiple unspecified denial of service vulnerabilities.
The T.120, RTSP and SMTP proxies, and the mail filter all have been reported to contain denial of service vulnerabilities.
These vulnerabilities could be exploited by a remote attacker to deny service to legitimate users.
22. phpMyFAQ Action Parameter Arbitrary File Disclosure Vulnerab...
BugTraq ID: 10374
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10374
Summary:
phpMyFAQ is prone to an arbitrary file disclosure vulnerability that can allow a remote attacker to gain access to potentially sensitive information. This vulnerability exists due to insufficient sanitization of user-supplied data via the 'action' parameter. An attacker can disclose files by passing a relative path to a file and concatenating the path with a '\0' string terminator.
phpMyFAQ version 1.3.12 is prone to this issue.
23. Multiple Perl Implementation System Function Call Buffer Ove...
BugTraq ID: 10375
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10375
Summary:
ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability.
The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that is passed to a Perl system() function call. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Arbitrary code execution will occur in the context of the user who is running the malicious Perl script.
24. Omnicron OmniHTTPD Get Request Buffer Overflow Vulnerability
BugTraq ID: 10376
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10376
Summary:
Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input.
This issue could allow an attacker to execute arbitrary code with the privileges of the affected web server.
25. phpMyFAQ Lang Parameter Directory Traversal Vulnerability
BugTraq ID: 10377
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10377
Summary:
phpMyFAQ is prone to a directory traversal vulnerability. The issue occurs if a remote attacker sends a request for a file containing directory traversal character sequences to the application. If successful, the attacker can access arbitrary files on a vulnerable computer in the context of the affected server.
phpMyFAQ 1.4.0-alpha1 is prone to this issue.
26. Zen Cart Login.PHP SQL Injection Vulnerability
BugTraq ID: 10378
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10378
Summary:
Zen Cart has been reported prone to an SQL injection vulnerability. This is due to an input validation error that fails to validate user input before using it in SQL queries.
This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
27. Multiple Perl Implementation Duplication Operator Integer Ov...
BugTraq ID: 10380
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10380
Summary:
ActiveState Perl is reported to be prone to an integer overflow vulnerability. It is revealed through testing that other implementations are also vulnerable.
The issue is reported to exist due to a lack of sufficient bounds checking that is performed on multiplier data that is passed to a Perl duplicator statement. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Failed exploit attempts will result in a denial of service.
28. DSM Light Explorer.EXE Directory Traversal Vulnerability
BugTraq ID: 10381
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10381
Summary:
DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue would allow an attacker to view arbitrary, web-readable files on the affected computer. This may aid an attacker in conducting further attacks against the vulnerable computer.
29. Microsoft Internet Explorer CSS Style Sheet Memory Corruptio...
BugTraq ID: 10382
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10382
Summary:
A vulnerability identified in Internet Explorer may allow an attacker to cause the application to crash. The issue presents itself when the browser attempts to process an HTML page containing a table and loads a css style sheet from a file.
This issue could be exploited by a remote attacker to cause a denial of service condition in the browser.
30. KDE Konqueror Embedded Image URI Obfuscation Weakness
BugTraq ID: 10383
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10383
Summary:
It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
31. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
BugTraq ID: 10384
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10384
Summary:
CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution.
CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue.
32. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
BugTraq ID: 10385
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10385
Summary:
Neon WebDAV client library is prone to a heap overflow vulnerability. This issue exists due to improper boundary checks performed on user-supplied data. Reportedly a malformed string value may cause a sscanf() string overflow into static heap variables.
Neon 0.24.5 and prior are prone to this issue.
33. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
BugTraq ID: 10386
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10386
Summary:
Subversion is prone to a buffer overflow vulnerability. This issue exists in one of the data parsing functions of the application. Specifically, Subversion calls an sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application.
Subversion versions 1.0.2 and prior are prone to this issue.
34. Java Secure Socket Extension Certificate Validation Vulnerab...
BugTraq ID: 10387
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10387
Summary:
Java Secure Socket Extension (JSSE) is prone to a security vulnerability. JSSE may incorrectly validate certificates provided by a website. This would permit an untrusted Web site to appear as trusted with regards to SSL.
It should be noted that the JSSE included in the Java JRE/SDK 1.4.x is not affected by this issue.
35. F5 BIG-IP Syncookie Denial Of Service Vulnerability
BugTraq ID: 10388
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10388
Summary:
It has been reported that the switch is susceptible to a denial of service condition, whereby a remote attacker is able to panic the kernel. Once the kernel is in a panic condition, the switch is rendered completely incapacitated, denying access to legitimate users.
The fault lies in a race condition in the syncookie evaluation code. A remote attacker could exploit this vulnerability by simple SYN flooding an affected switch. These switches are designed to add reliability to network applications, this could be a significant denial of service.
The vulnerability functionality was included in version 4.5. Versions prior to 4.5 are not vulnerable to the issue.
36. Netscape Navigator Embedded Image URI Obfuscation Weakness
BugTraq ID: 10389
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10389
Summary:
It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
37. Netenberg Fantastico De Luxe Predictable Username Brute Forc...
BugTraq ID: 10390
Remote: No
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10390
Summary:
Fantastico De Luxe is prone to a vulnerability that could allow an attacker to brute force user accounts and potentially gain unauthorized access. This issue presents itself when the application is used in combination with a MySQL database. The vulnerability occurs when Fantastico De Luxe creates database files for users by using valid user names.
Successful exploitation of this issue can allow an attacker to ultimately gain access to user credentials and therefore potentially gain access to accounts.
38. Symantec Norton AntiVirus ActiveX Control Remote Code Execut...
BugTraq ID: 10392
Remote: Yes
Date Published: May 20 2004
Relevant URL: http://www.securityfocus.com/bid/10392
Summary:
Symantec Norton AntiVirus is prone to a remote code execution vulnerability. This issue presents itself in an ActiveX control used by the application and could allow an attacker to execute arbitrary executables, launch URI pop-up windows, and carry out denial of service attacks against the antivirus application.
Norton AntiVirus 2004 is prone to this vulnerability.
39. Hummingbird Exceed Xconfig Access Validation Vulnerability
BugTraq ID: 10393
Remote: No
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10393
Summary:
Exceed is prone to a vulnerability that can allow a local attacker to bypass certain access restrictions and edit various configuration settings. The issue occurs as an attacker can bypass restrictions on 'xconfig.exe' program.
A successful attack may allow an attacker to modify configuration settings that can lead to further attacks against the application or the computer.
This issue presents itself in the 'xconfig' application supplied with Exceed 9.0.0.
40. Vsftpd Listener Denial of Service Vulnerability
BugTraq ID: 10394
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10394
Summary:
According to the vendor, vsftpd is prone to a denial of service condition in the connection handling code. Vsftpd's listener process can become unstable under extreme loads, denying service to legitimate users.
The issue apparently arises from reentering malloc and free, possibly corrupting memory. Vsftpd calls non-reentrant functions inappropriately, thus leading to a denial of service vulnerability.
41. e107 Website System Log.PHP HTML Injection Vulnerability
BugTraq ID: 10395
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10395
Summary:
It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input.
The problem presents itself when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application stores the injected HTML code, which is then rendered in the browser of an unsuspecting user whenever the log page of the affected site is viewed.
42. UCD-SNMPD Command Line Parsing Local Buffer Overflow Vulnera...
BugTraq ID: 10396
Remote: No
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10396
Summary:
It is reported that the UCD-SNMP 'snmpd' daemon is prone to a command line parsing buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the size of user-supplied argument strings before copying them into a finite buffer. This issue may permit a local attacker to influence execution flow of the affected snmpd daemon, and ultimately execute arbitrary instructions in the context of the process.
This vulnerability is reported to affect UCD-SNMP versions up to an including version 4.2.6.
43. SquirrelMail Unspecified SQL Injection Vulnerability
BugTraq ID: 10397
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10397
Summary:
Reportedly, SquirrelMail is prone to an unspecified SQL injection vulnerability. The vulnerability results from insufficient sanitization of user-supplied data.
This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the user password hashes or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
Due to a lack of information, further details are not currently available. This BID will be updated as more information becomes available.
SquirrelMail 1.4.2 and prior versions are affected by this issue.
44. Qualcomm Eudora To: Field Memory Corruption Vulnerability
BugTraq ID: 10398
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10398
Summary:
Eudora is prone to a memory corruption vulnerability. It is reported that this issue occurs when the application processes email messages with a 'To:' field that is larger than 240 characters. An attacker could send a message with a large 'from:' or 'Reply To:' field and this issue could be triggered when the user replies to the message.
Successful exploitation of this issue could result in a denial of service condition due to possible memory corruption. It is possible that this issue could be leveraged to execute arbitrary code, however, this is not confirmed at the moment.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Apple patches critical Mac OS X hole
By: Kevin Poulsen
The company claims customers were never put at risk by the well-known and easily exploited bug.
http://www.securityfocus.com/news/8742
2. 'Patriot' hacker pleads guilty
By: Kevin Poulsen
Twenty-two-year-old faces two years or more in prison after publicly cracking government systems and warning of cyber terror risks.
http://www.securityfocus.com/news/8717
3. Sasser suspect has fans
By: Kevin Poulsen
Free Jaschan site pops up in record time, and quickly begins raising money.
http://www.securityfocus.com/news/8581
4. Beware of 'IBM laptop order' email
By: John Leyden, The Register
Hackers tried to trick users into visiting a maliciously-constructed website using a blizzard of spam emails last week. The assault attempted to exploit a previously unknown vulnerability with Internet Explorer to seize control of the maximum number of Windows PCs.
http://www.securityfocus.com/news/8765
5. Computer virus researcher looks to biology for clues
By: Michael Hill, The Associated Press
http://www.securityfocus.com/news/8753
6. As identity theft jumps, so do costly monitoring services
By: Brian Bergstein, The Associated Press
http://www.securityfocus.com/news/8744
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. php-syslog-ng v2.5
By: mearls
Relevant URL: http://www.vermeer.org/syslog
Platforms: PHP
Summary:
php-syslog-ng is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, and date.
2. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
3. Pubcookie 3.1.0
By: Nathan Dors
Relevant URL: http://www.pubcookie.org
Platforms: Os Independent
Summary:
Pubcookie is an Open Source package for intra-institutional, single sign-on, end-user Web authentication. More generally, it is an approach to identifying users as they browse to an institution's many websites that require authentication. It helps an institution reuse existing authentication services (like Kerberos, LDAP, or NIS), and it limits the exposure of end-user passwords by ensuring they're only sent to a trusted login service.
4. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg (at) gem.ncic.ac (dot) cn [email concealed]
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
5. Syhunt TS Security Scanner 6.7 Build 96
By: Syhunt
Relevant URL: http://www.syhunt.com/section.php?id=scanner
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Syhunt TS Security Scanner is able to find the unfindable, not only known vulnerabilities, but also potential new ones. The new version can identify and exploit vulnerabilities in a matter of minutes and is a key tool for security professionals and administrators.
6. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet inspection filtering, content filtering, user authentication, virus scanning, VPN with IPSec and PPTP, and much more. With its Web-based management tool, WebAdmin, and the ability to pull updates via the Internet, it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. IDS Application Rollout Practice Manager (Seattle) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364147
2. Firewall Practice Manager (Seattle) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364146
3. seeking new opportunity. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364145
4. Multiple Computer Systems Security Analyst position ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364144
5. Computer Incident Response Co-ordinator-UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364119
6. Security Systems Engineers - Channel Focused (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364084
7. Contract Position - Security Architect/Admin; LDAP, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364083
8. Senior Security Researcher/Engineer - Bay Area, CA -... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364082
9. Security Engineer VA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364020
10. Security team lead in Herndon Va. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364000
11. Vice President of Federal Sales- DC Metro (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363925
12. VP North American Marketing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363910
13. Symantec Response Team-Senior Principal Software Eng... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363909
14. Windows Driver and Application Developer needed in M... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363901
15. Large e-commerce company seeks Manager, Information ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363900
16. Product Marketing Managers and Product Managers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363899
17. Experienced Infosec Consultant/Instructor (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363898
18. Security Engineering Team Incident Response Lead (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363897
19. infosec analyst looking for job. specialises in open... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363896
20. Security Program Manager: Yuma, AZ (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363895
21. Security Engineering Team - Incident Response Lead (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363894
22. 6+ months Network Engineer position at Mexico City $... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363774
23. ArcSight is hiring! One Principal Security Evangelis... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363772
24. Vulnerability Research Engineer - Atlanta, Austin (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363771
25. Fw: Mid-west search (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363770
26. Business Development Consultant ? Sydney, Australia (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363769
27. Contract Opportunities - Information Security Consu... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363767
28. FW: AE - Chicago (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363766
29. FW: AE - Bay Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363765
30. AE - D.C. Federal (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363763
31. Symantec-Windows Development Managers-Santa Monica, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363719
32. Sr. Manager of Security Professional Services (L.A. ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363718
33. Sales Engineer--Network Security (Bay Area) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363717
34. Symantec-Windows/COM Engineers-Santa Monica, CA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363716
35. IT Security Manager , UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363714
36. San Diego Area - Security Engineering/IA Position Op... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363683
37. Dallas, TX - Manager of IT Security Compliance (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363680
38. Software Engineer- Southern California (714) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363679
39. TS/SCI cleared Getting out of military soon (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/363676
VI. INCIDENTS LIST SUMMARY
--------------------------
1. Turnitinbot exploits webserver vulnerabilities? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364029
2. TCP port 5000 syn increasing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/363990
3. New article announcment: Malware Analysis for Admini... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/363960
4. queries for MX of sexnet.com (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/363955
5. [Securityfocus-incidents] RE: TCP port 5000 syn incr... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/363641
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. [Format String vulnerabilities] (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/364095
2. Re[2]: Stealing NT passwords through WiFi? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/363891
3. Stealing NT passwords through WiFi? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/363880
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Workstation service deletes itself?? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364134
2. Search NTFS share permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364128
3. Article Announcement: Busted (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363868
4. SV: Search NTFS share permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363811
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. Suspicious Activity with program sleep() states (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/364049
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Problem with my wireless network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364058
2. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364050
3. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363966
4. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363883
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: International Trade & Technology Summit
Who Turned Out the Lights? Addressing the Risk of Cyber Terrorism
We are now faced with the threat of cyber terrorism to our essential
services - electricity, petroleum production, water, transportation and
communications - and proactive leadership is needed if we want to prevent
this new threat to our way of life. Hear the solutions to this and other
important pressing issues at the International Trade & Technology Summit
in Calgary, Alberta June 23-25, 2004. To learn more visit
http://www.securityfocus.com/sponsor/CalgarySummit_sf-news_040525
------------------------------------------------------------------------
[ reply ]