Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
I. FRONT AND CENTER
1. H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation
2. Pass the Chocolate
II. BUGTRAQ SUMMARY
1. BNBT BitTorrent Tracker Denial of Service Vulnerability
2. Apple OS X Unspecified Terminal URL Handling Vulnerability
3. Apple MacOS X URI Handler Remote Code Execution Variant Vuln...
4. Liferay Enterprise Portal Multiple XSS Vulnerabilities
5. XPCD XPCD-SVGA Buffer Overflow Vulnerability
6. Netgear RP114 Content Filter Bypass Vulnerability
7. e107 Website System User.PHP HTML Injection Vulnerability
8. Apple Mac OS X SSH URI Handler Remote Code Execution Vulnera...
9. cPanel Local Privilege Escalation Vulnerability
10. Pimentech PimenGest2 RowLatex.inc.PHP Information Disclosure...
11. MollenSoft Lightweight FTP Server Remote Denial Of Service V...
12. VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denia...
13. GNU Mailman Unspecified Password Retrieval Vulnerability
14. HP OpenView Select Access Unicode Remote Access Vulnerabilit...
15. HP Integrated Lights Out Remote Denial of Service Vulnerabil...
16. FreeBSD Msync(2) System Call Buffer Cache Implementation Vul...
17. MiniShare Server Remote Denial Of Service Vulnerability
18. IRIX Checkpoint and Restart libcpr Library Loading Privilege...
19. 3Com OfficeConnect Remote 812 ADSL Router Telnet Buffer Over...
20. Orenosv HTTP/FTP Server HTTP GET Denial Of Service Vulnerabi...
21. XFree86 XDM RequestPort Random Open TCP Socket Vulnerability
22. Sun Java System Application Server Remote Installation Path ...
23. Canon ImageRUNNER Remote Port Scan Denial of Service Vulnera...
24. 3Com OfficeConnect Remote 812 ADSL Router Web Interface Auth...
25. PHP Input/Ouput Wrapper Remote Include Function Command Exec...
26. Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
27. MollenSoft Lightweight FTP Server Remote Buffer Overflow Vul...
28. JPortal Print.php SQL Injection Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. FDIC faulted for weak security
2. Area 51 hackers dig up trouble
3. Apple patches critical Mac OS X hole
4. Two arrested in Softbank data leak probe
5. Mac OS X update fails to fix vulnerability
6. Court weighs terrorism allegations against free speech in tr...
IV. SECURITYFOCUS TOP 6 TOOLS
1. Honeynet Security Console 1.0
2. LogMonitor 1.0
3. Sign 1.0.4
4. php-syslog-ng v2.5
5. Ettercap v0.7.0 pre2
6. Pubcookie 3.1.0
V. SECURITYJOBS LIST SUMMARY
1. Sr. IT Auditor- Miami and NYC (Thread)
2. Risk And Regulatory Consultant, UK (Thread)
3. List Closure From May 28 - May 30 (Thread)
4. ESM expert, London UK - Contract (Thread)
5. WEB SERVICES ENGINEER - UK CITY BASED - TOP COMPANY ... (Thread)
6. Arcsite expert, London UK - Contract (Thread)
7. Solutions Architects, UK (Thread)
8. Malcode Analyst Position Available at ISS (Atlanta) (Thread)
9. seeking an entry-level position in Network/Informati... (Thread)
10. Seeking a security management position (Thread)
11. Experienced IT Systems Auditor (Thread)
12. Behavioral Engine Software Engineer Position at ISS ... (Thread)
13. Account Manager (WiFi Security) - D.C. Metro Area (Thread)
VI. INCIDENTS LIST SUMMARY
1. NKADM rootkit - Something new? (Thread)
2. Trojan of somesort - Update (Thread)
3. Administrivia: Trojan of somesort - Hack definition ... (Thread)
4. Changing file times, was -> Re: Trojan of somesort -... (Thread)
5. Re: NKADM rootkit (Thread)
6. Trojan of somesort (Thread)
7. NKADM rootkit (Thread)
8. New IRC Worm? (Thread)
9. !! Conference Program Computer Security Mexico 2004 ... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Bypassing "smart" IDSes with misdirected frames? (lo... (Thread)
2. [Full-Disclosure] Re: Bypassing "smart" IDSes with m... (Thread)
3. [Format String vulnerabilities] (Thread)
4. [Full-Disclosure] Bypassing "smart" IDSes with misdi... (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Relative Security Provided by Cached Domain Credenti... (Thread)
2. USB Drive Privileges (Thread)
3. Re[2]: Relative Security Provided by Cached Domain C... (Thread)
4. SecurityFocus Microsoft Newsletter #190 (Thread)
5. Workstation service deletes itself?? (Thread)
IX. SUN FOCUS LIST SUMMARY
1. kernel patch loading but not updating KernelID (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Block martians with source address 127.0.0.1 (Thread)
2. looking for wireless linux security book (Thread)
3. Secure Form Script? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation
By Dr. Thomas Porter
This paper provides an overview of the H.323 (VoIP) protocol suite, its
known vulnerabilities, and then suggests twenty rules for securing an
H.323-based network.
http://www.securityfocus.com/infocus/1782
2. Pass the Chocolate
By Scott Granneman
For the 70% of the population that will trade their computer password for
a bar of chocolate, this one's for you.
http://www.securityfocus.com/columnists/245
II. BUGTRAQ SUMMARY
-------------------
1. BNBT BitTorrent Tracker Denial of Service Vulnerability
BugTraq ID: 10399
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10399
Summary:
BNBT BitTorrent Tracker versions Beta 7.5 release 2 and prior are affected by a flaw related to decoding of HTTP Basic Authentication credentials (util.cpp). If a client transmits to the server the credential string "A==", the server will crash. A check has been introduced in version 73_20040521 that will log exploitation attempts and return prematurely if a request is made with credentials "A==". This may not be enough to eliminate the vulnerability entirely. Version Beta 7.5 Release 3 removes the likely vulnerable code, but may break authentication on Big Endian systems.
2. Apple OS X Unspecified Terminal URL Handling Vulnerability
BugTraq ID: 10400
Remote: Unknown
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10400
Summary:
Apple has made OS X fixes available for an unspecified vulnerability in terminal URL processing. Details on the nature of this vulnerability are not known at this time. There are a range of possibilities: from a vulnerability that allows for URLs to be obfuscated to full remote command execution through malicious URLs.
This alert will be updated as new information becomes available.
3. Apple MacOS X URI Handler Remote Code Execution Variant Vuln...
BugTraq ID: 10401
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10401
Summary:
It has been reported that there are variants of the issue described as BID 10356 that remain unfixed, allowing remote code execution on vulnerable OS X systems.
4. Liferay Enterprise Portal Multiple XSS Vulnerabilities
BugTraq ID: 10402
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10402
Summary:
It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal.
5. XPCD XPCD-SVGA Buffer Overflow Vulnerability
BugTraq ID: 10403
Remote: No
Date Published: May 23 2004
Relevant URL: http://www.securityfocus.com/bid/10403
Summary:
The xpcd-svga utility is susceptible to a locally exploitable buffer overflow condition. According to the report, xpcd-svga copies untrusted data into a buffer of predefined size without bounds checking. The procedure where this occurs is "pcd_open()", suggesting that the source of the data may be in the image file or photo disk.
6. Netgear RP114 Content Filter Bypass Vulnerability
BugTraq ID: 10404
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10404
Summary:
It is reported that users may bypass Netgear RP114 content filter functionality. This can be accomplished by making a URI request string that is over 220 bytes in length.
This vulnerability may result in a false sense of security for a network administrator, where a malicious website is believed to be unreachable. In reality any host may contact blacklisted websites.
7. e107 Website System User.PHP HTML Injection Vulnerability
BugTraq ID: 10405
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10405
Summary:
It is reported that e107 website system is prone to a remote HTML injection vulnerability in user account profiles. This issue is due to a failure by the application to properly sanitize user-supplied input.
An attacker may exploit the aforementioned vulnerability to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
8. Apple Mac OS X SSH URI Handler Remote Code Execution Vulnera...
BugTraq ID: 10406
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10406
Summary:
It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system.
The issue presents itself due to the 'ssh:' protocol implemented by the Mac OS X ssh client application. It has been reported that the 'ssh:' protocol can be invoked remotely through a web browser. This could allow an attacker to craft a malicious link and entice a user to follow the link in order to execute code code via the ssh application.
9. cPanel Local Privilege Escalation Vulnerability
BugTraq ID: 10407
Remote: No
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10407
Summary:
cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server.
10. Pimentech PimenGest2 RowLatex.inc.PHP Information Disclosure...
BugTraq ID: 10408
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10408
Summary:
A vulnerability has been reported in Pimentech PimenGest2 that may allow a remote attacker to disclose sensitive information. This issue is reported to allow an attacker to view debug information that contains a database password.
11. MollenSoft Lightweight FTP Server Remote Denial Of Service V...
BugTraq ID: 10409
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10409
Summary:
A denial of service condition is reported to exist in the MollenSoft Lightweight FTP Server that may allow a remote user to deny service to legitimate FTP users. The vulnerability is due to a lack of sufficient boundary checks performed on CWD command arguments.
It should be noted that although this vulnerability is reported to affect Mollensoft Lightweight FTP Server version 3.6 other versions might also be affected.
12. VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denia...
BugTraq ID: 10411
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10411
Summary:
It has been reported that the VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack.
A remote attacker may exploit this issue to deny service to the affected appliances.
13. GNU Mailman Unspecified Password Retrieval Vulnerability
BugTraq ID: 10412
Remote: Yes
Date Published: May 25 2004
Relevant URL: http://www.securityfocus.com/bid/10412
Summary:
Mailman is prone to an unspecified password retrieval vulnerability. This vulnerability was disclosed by the vendor. Reportedly, a remote attacker can gain access to user passwords, when the users subscribe to a mailing list.
A remote attacker can use the sensitive information to hijack user accounts or carry out other attacks.
Mailman versions 2.1.4 and prior are prone to this issue.
Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.
14. HP OpenView Select Access Unicode Remote Access Vulnerabilit...
BugTraq ID: 10414
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10414
Summary:
A security bulletin has been released by HP to address a remote access vulnerability in OpenView Select Access. This issue is related to handling of Unicode characters in URIs, yielding unauthorized access to resources.
15. HP Integrated Lights Out Remote Denial of Service Vulnerabil...
BugTraq ID: 10415
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10415
Summary:
HP Integrated Lights Out (iLO) is prone to a remote denial of service vulnerability when LAN management products use TCP port 0 to access the iLO service.
A successful attack can allow an attacker to cause the iLO service to crash, affectively denying service to legitimate users.
iLO firmware prior to versions 1.55 is prone to this vulnerability.
16. FreeBSD Msync(2) System Call Buffer Cache Implementation Vul...
BugTraq ID: 10416
Remote: No
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10416
Summary:
FreeBSD msync(2) system call is prone to a vulnerability that can allow a local attacker to prevent modifications made to a file from being written to disk.
Under certain circumstances, a local user with read access to a file can prevent modifications made to a file from being written to disk. It is conjectured that an attacker can potentially cause a denial of service, if the attacker can influence a sensitive configuration file. Other attacks are possible as well. The attack would depend on the privileges held by the attacker.
17. MiniShare Server Remote Denial Of Service Vulnerability
BugTraq ID: 10417
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10417
Summary:
Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests.
This issue will allow an attacker to cause the affected computer to stop responding, denying service to legitimate users.
18. IRIX Checkpoint and Restart libcpr Library Loading Privilege...
BugTraq ID: 10418
Remote: No
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10418
Summary:
IRIX Checkpoint and Restart libcpr is vulnerable to a library loading privilege escalation vulnerability.
This will allow an attacker to gain superuser privileges on an affected computer when successfully exploited.
19. 3Com OfficeConnect Remote 812 ADSL Router Telnet Buffer Over...
BugTraq ID: 10419
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10419
Summary:
3Com OfficeConnect Remote 812 ADSL Router is prone to a remotely exploitable buffer overflow through the telnet port. Exploitation of this vulnerability will likely result in a denial of service.
20. Orenosv HTTP/FTP Server HTTP GET Denial Of Service Vulnerabi...
BugTraq ID: 10420
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10420
Summary:
Orenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will stop responding.
21. XFree86 XDM RequestPort Random Open TCP Socket Vulnerability
BugTraq ID: 10423
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10423
Summary:
xdm is reported prone to a potential security vulnerability that may lead to a false sense of security. A problem reported in xdm, is reported to result in a false sense of security because even though DisplayManager.requestPort is set to 0, xdm will open a chooserFd TCP socket on all interfaces.
22. Sun Java System Application Server Remote Installation Path ...
BugTraq ID: 10424
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10424
Summary:
It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user requests.
Successful exploitation of this issue may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
23. Canon ImageRUNNER Remote Port Scan Denial of Service Vulnera...
BugTraq ID: 10425
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10425
Summary:
imageRUNNER is prone to a remote denial of service vulnerability. This issue presents itself when a remote attacker carries out multiple port scans against port 80, which leads to network services offered by the printer to hang.
imageRUNNER 210 series is prone to this vulnerability.
24. 3Com OfficeConnect Remote 812 ADSL Router Web Interface Auth...
BugTraq ID: 10426
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10426
Summary:
3Com OfficeConnect Remote 812 ADSL Router is reportedly affected by an authentication bypass vulnerability through its web configuration interface.
Successful exploitation of this issue would allow an attacker to gain administrative access to the affected device.
25. PHP Input/Ouput Wrapper Remote Include Function Command Exec...
BugTraq ID: 10427
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10427
Summary:
PHP is reportedly affected by an arbitrary command execution weakness through the PHP include() function. This issue is due to a design error that allows the execution of attacker supplied POST PHP commands when URI data is used as an argument to an 'include()' function.
This issue affect the PHP module itself; however the problem only presents itself when an application uses a user-supplied URI parameter as an argument to the 'include()' function.
This issue is reported to affect all version of PHP since 3.0.13. Furthermore this issue is not resolved by setting the 'php.ini' variable 'allow_url_fopen' to off.
Successful exploitation of this issue will allow an attacker to execute arbitrary PHP code on the affected computer; this will allow the execution of commands to the underlying operating system with the privileges of the affected web server process.
26. Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
BugTraq ID: 10428
Remote: No
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10428
Summary:
Subversion is reported prone to an undisclosed vulnerability. The issue is reported to present itself due to an insecure implementation of the pre-commit-hook template.
This BID will be updated as soon as further information regarding this vulnerability becomes available.
27. MollenSoft Lightweight FTP Server Remote Buffer Overflow Vul...
BugTraq ID: 10429
Remote: Yes
Date Published: May 28 2004
Relevant URL: http://www.securityfocus.com/bid/10429
Summary:
Lightweight FTP Server is prone to a remote buffer overflow vulnerability. This vulnerability can potentially allow a remote attacker to execute arbitrary code in the context of the server process. This issue presents itself due to a lack of sufficient boundary checks performed on CD command arguments.
Lightweight FTP Server version 3.6 is prone to this issue.
This issue is likely related to the issue previously described in BID 10409 (MollenSoft Lightweight FTP Server Remote Denial Of Service Vulnerability). This BID will be updated or retired subsequent to further analysis.
28. JPortal Print.php SQL Injection Vulnerability
BugTraq ID: 10430
Remote: Yes
Date Published: May 28 2004
Relevant URL: http://www.securityfocus.com/bid/10430
Summary:
JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before using it in an SQL query.
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. FDIC faulted for weak security
By: Kevin Poulsen
Congressional investigators find vulnerabilities in critical financial systems.
http://www.securityfocus.com/news/8796
2. Area 51 hackers dig up trouble
By: Kevin Poulsen
Tourists beware. Poking around the desert outside the most famously secret patch of real estate in the world could earn you a visit from the FBI.
http://www.securityfocus.com/news/8768
3. Apple patches critical Mac OS X hole
By: Kevin Poulsen
The company claims customers were never put at risk by the well-known and easily exploited bug.
http://www.securityfocus.com/news/8742
4. Two arrested in Softbank data leak probe
By: Tim Richardson, The Register
Two men have been arrested amid allegations that they were involved in a bid to extort billions of Yen from Japanese outfit Softbank Corp. Yutaka Tomiyasu (24) and Takuya Mori (35) were arrested at the weekend in connection with the leak of confidential information concerning Internet users earlier this year.
http://www.securityfocus.com/news/8802
5. Mac OS X update fails to fix vulnerability
By: John Leyden, The Register
A major revision of Apple's Mac OS X operating system released this week fails to come bundled with a vital, recently-issued security fix.
http://www.securityfocus.com/news/8794
6. Court weighs terrorism allegations against free speech in tr...
By: Bob Fick, The Associated Press
http://www.securityfocus.com/news/8790
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
2. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
Sign is a file signing and signature verification utility. It implements gzip-style command line syntax and OpenSSH-style key-based authentication. It is small, fast, and is meant to facilitate the use of authenticated file hashing for online distributed material.
php-syslog-ng is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, and date.
5. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Pubcookie is an Open Source package for intra-institutional, single sign-on, end-user Web authentication. More generally, it is an approach to identifying users as they browse to an institution's many websites that require authentication. It helps an institution reuse existing authentication services (like Kerberos, LDAP, or NIS), and it limits the exposure of end-user passwords by ensuring they're only sent to a trusted login service.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Sr. IT Auditor- Miami and NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364676
2. Risk And Regulatory Consultant, UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364433
3. List Closure From May 28 - May 30 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364425
4. ESM expert, London UK - Contract (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364423
5. WEB SERVICES ENGINEER - UK CITY BASED - TOP COMPANY ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364421
6. Arcsite expert, London UK - Contract (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364419
7. Solutions Architects, UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364417
8. Malcode Analyst Position Available at ISS (Atlanta) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364416
9. seeking an entry-level position in Network/Informati... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364414
10. Seeking a security management position (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364362
11. Experienced IT Systems Auditor (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364361
12. Behavioral Engine Software Engineer Position at ISS ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364309
13. Account Manager (WiFi Security) - D.C. Metro Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364256
VI. INCIDENTS LIST SUMMARY
--------------------------
1. NKADM rootkit - Something new? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364757
2. Trojan of somesort - Update (Thread)
Relevant URL:
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Bypassing "smart" IDSes with misdirected frames? (lo... (Thread)
Relevant URL:
4. [Full-Disclosure] Bypassing "smart" IDSes with misdi... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/364612
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Relative Security Provided by Cached Domain Credenti... (Thread)
Relevant URL:
4. SecurityFocus Microsoft Newsletter #190 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364319
5. Workstation service deletes itself?? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364237
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. kernel patch loading but not updating KernelID (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/364586
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Block martians with source address 127.0.0.1 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364801
2. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364322
3. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364301
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation
2. Pass the Chocolate
II. BUGTRAQ SUMMARY
1. BNBT BitTorrent Tracker Denial of Service Vulnerability
2. Apple OS X Unspecified Terminal URL Handling Vulnerability
3. Apple MacOS X URI Handler Remote Code Execution Variant Vuln...
4. Liferay Enterprise Portal Multiple XSS Vulnerabilities
5. XPCD XPCD-SVGA Buffer Overflow Vulnerability
6. Netgear RP114 Content Filter Bypass Vulnerability
7. e107 Website System User.PHP HTML Injection Vulnerability
8. Apple Mac OS X SSH URI Handler Remote Code Execution Vulnera...
9. cPanel Local Privilege Escalation Vulnerability
10. Pimentech PimenGest2 RowLatex.inc.PHP Information Disclosure...
11. MollenSoft Lightweight FTP Server Remote Denial Of Service V...
12. VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denia...
13. GNU Mailman Unspecified Password Retrieval Vulnerability
14. HP OpenView Select Access Unicode Remote Access Vulnerabilit...
15. HP Integrated Lights Out Remote Denial of Service Vulnerabil...
16. FreeBSD Msync(2) System Call Buffer Cache Implementation Vul...
17. MiniShare Server Remote Denial Of Service Vulnerability
18. IRIX Checkpoint and Restart libcpr Library Loading Privilege...
19. 3Com OfficeConnect Remote 812 ADSL Router Telnet Buffer Over...
20. Orenosv HTTP/FTP Server HTTP GET Denial Of Service Vulnerabi...
21. XFree86 XDM RequestPort Random Open TCP Socket Vulnerability
22. Sun Java System Application Server Remote Installation Path ...
23. Canon ImageRUNNER Remote Port Scan Denial of Service Vulnera...
24. 3Com OfficeConnect Remote 812 ADSL Router Web Interface Auth...
25. PHP Input/Ouput Wrapper Remote Include Function Command Exec...
26. Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
27. MollenSoft Lightweight FTP Server Remote Buffer Overflow Vul...
28. JPortal Print.php SQL Injection Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. FDIC faulted for weak security
2. Area 51 hackers dig up trouble
3. Apple patches critical Mac OS X hole
4. Two arrested in Softbank data leak probe
5. Mac OS X update fails to fix vulnerability
6. Court weighs terrorism allegations against free speech in tr...
IV. SECURITYFOCUS TOP 6 TOOLS
1. Honeynet Security Console 1.0
2. LogMonitor 1.0
3. Sign 1.0.4
4. php-syslog-ng v2.5
5. Ettercap v0.7.0 pre2
6. Pubcookie 3.1.0
V. SECURITYJOBS LIST SUMMARY
1. Sr. IT Auditor- Miami and NYC (Thread)
2. Risk And Regulatory Consultant, UK (Thread)
3. List Closure From May 28 - May 30 (Thread)
4. ESM expert, London UK - Contract (Thread)
5. WEB SERVICES ENGINEER - UK CITY BASED - TOP COMPANY ... (Thread)
6. Arcsite expert, London UK - Contract (Thread)
7. Solutions Architects, UK (Thread)
8. Malcode Analyst Position Available at ISS (Atlanta) (Thread)
9. seeking an entry-level position in Network/Informati... (Thread)
10. Seeking a security management position (Thread)
11. Experienced IT Systems Auditor (Thread)
12. Behavioral Engine Software Engineer Position at ISS ... (Thread)
13. Account Manager (WiFi Security) - D.C. Metro Area (Thread)
VI. INCIDENTS LIST SUMMARY
1. NKADM rootkit - Something new? (Thread)
2. Trojan of somesort - Update (Thread)
3. Administrivia: Trojan of somesort - Hack definition ... (Thread)
4. Changing file times, was -> Re: Trojan of somesort -... (Thread)
5. Re: NKADM rootkit (Thread)
6. Trojan of somesort (Thread)
7. NKADM rootkit (Thread)
8. New IRC Worm? (Thread)
9. !! Conference Program Computer Security Mexico 2004 ... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Bypassing "smart" IDSes with misdirected frames? (lo... (Thread)
2. [Full-Disclosure] Re: Bypassing "smart" IDSes with m... (Thread)
3. [Format String vulnerabilities] (Thread)
4. [Full-Disclosure] Bypassing "smart" IDSes with misdi... (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Relative Security Provided by Cached Domain Credenti... (Thread)
2. USB Drive Privileges (Thread)
3. Re[2]: Relative Security Provided by Cached Domain C... (Thread)
4. SecurityFocus Microsoft Newsletter #190 (Thread)
5. Workstation service deletes itself?? (Thread)
IX. SUN FOCUS LIST SUMMARY
1. kernel patch loading but not updating KernelID (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Block martians with source address 127.0.0.1 (Thread)
2. looking for wireless linux security book (Thread)
3. Secure Form Script? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation
By Dr. Thomas Porter
This paper provides an overview of the H.323 (VoIP) protocol suite, its
known vulnerabilities, and then suggests twenty rules for securing an
H.323-based network.
http://www.securityfocus.com/infocus/1782
2. Pass the Chocolate
By Scott Granneman
For the 70% of the population that will trade their computer password for
a bar of chocolate, this one's for you.
http://www.securityfocus.com/columnists/245
II. BUGTRAQ SUMMARY
-------------------
1. BNBT BitTorrent Tracker Denial of Service Vulnerability
BugTraq ID: 10399
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10399
Summary:
BNBT BitTorrent Tracker versions Beta 7.5 release 2 and prior are affected by a flaw related to decoding of HTTP Basic Authentication credentials (util.cpp). If a client transmits to the server the credential string "A==", the server will crash. A check has been introduced in version 73_20040521 that will log exploitation attempts and return prematurely if a request is made with credentials "A==". This may not be enough to eliminate the vulnerability entirely. Version Beta 7.5 Release 3 removes the likely vulnerable code, but may break authentication on Big Endian systems.
2. Apple OS X Unspecified Terminal URL Handling Vulnerability
BugTraq ID: 10400
Remote: Unknown
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10400
Summary:
Apple has made OS X fixes available for an unspecified vulnerability in terminal URL processing. Details on the nature of this vulnerability are not known at this time. There are a range of possibilities: from a vulnerability that allows for URLs to be obfuscated to full remote command execution through malicious URLs.
This alert will be updated as new information becomes available.
3. Apple MacOS X URI Handler Remote Code Execution Variant Vuln...
BugTraq ID: 10401
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10401
Summary:
It has been reported that there are variants of the issue described as BID 10356 that remain unfixed, allowing remote code execution on vulnerable OS X systems.
4. Liferay Enterprise Portal Multiple XSS Vulnerabilities
BugTraq ID: 10402
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10402
Summary:
It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal.
5. XPCD XPCD-SVGA Buffer Overflow Vulnerability
BugTraq ID: 10403
Remote: No
Date Published: May 23 2004
Relevant URL: http://www.securityfocus.com/bid/10403
Summary:
The xpcd-svga utility is susceptible to a locally exploitable buffer overflow condition. According to the report, xpcd-svga copies untrusted data into a buffer of predefined size without bounds checking. The procedure where this occurs is "pcd_open()", suggesting that the source of the data may be in the image file or photo disk.
6. Netgear RP114 Content Filter Bypass Vulnerability
BugTraq ID: 10404
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10404
Summary:
It is reported that users may bypass Netgear RP114 content filter functionality. This can be accomplished by making a URI request string that is over 220 bytes in length.
This vulnerability may result in a false sense of security for a network administrator, where a malicious website is believed to be unreachable. In reality any host may contact blacklisted websites.
7. e107 Website System User.PHP HTML Injection Vulnerability
BugTraq ID: 10405
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10405
Summary:
It is reported that e107 website system is prone to a remote HTML injection vulnerability in user account profiles. This issue is due to a failure by the application to properly sanitize user-supplied input.
An attacker may exploit the aforementioned vulnerability to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
8. Apple Mac OS X SSH URI Handler Remote Code Execution Vulnera...
BugTraq ID: 10406
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10406
Summary:
It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system.
The issue presents itself due to the 'ssh:' protocol implemented by the Mac OS X ssh client application. It has been reported that the 'ssh:' protocol can be invoked remotely through a web browser. This could allow an attacker to craft a malicious link and entice a user to follow the link in order to execute code code via the ssh application.
9. cPanel Local Privilege Escalation Vulnerability
BugTraq ID: 10407
Remote: No
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10407
Summary:
cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server.
10. Pimentech PimenGest2 RowLatex.inc.PHP Information Disclosure...
BugTraq ID: 10408
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10408
Summary:
A vulnerability has been reported in Pimentech PimenGest2 that may allow a remote attacker to disclose sensitive information. This issue is reported to allow an attacker to view debug information that contains a database password.
11. MollenSoft Lightweight FTP Server Remote Denial Of Service V...
BugTraq ID: 10409
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10409
Summary:
A denial of service condition is reported to exist in the MollenSoft Lightweight FTP Server that may allow a remote user to deny service to legitimate FTP users. The vulnerability is due to a lack of sufficient boundary checks performed on CWD command arguments.
It should be noted that although this vulnerability is reported to affect Mollensoft Lightweight FTP Server version 3.6 other versions might also be affected.
12. VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denia...
BugTraq ID: 10411
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10411
Summary:
It has been reported that the VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack.
A remote attacker may exploit this issue to deny service to the affected appliances.
13. GNU Mailman Unspecified Password Retrieval Vulnerability
BugTraq ID: 10412
Remote: Yes
Date Published: May 25 2004
Relevant URL: http://www.securityfocus.com/bid/10412
Summary:
Mailman is prone to an unspecified password retrieval vulnerability. This vulnerability was disclosed by the vendor. Reportedly, a remote attacker can gain access to user passwords, when the users subscribe to a mailing list.
A remote attacker can use the sensitive information to hijack user accounts or carry out other attacks.
Mailman versions 2.1.4 and prior are prone to this issue.
Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.
14. HP OpenView Select Access Unicode Remote Access Vulnerabilit...
BugTraq ID: 10414
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10414
Summary:
A security bulletin has been released by HP to address a remote access vulnerability in OpenView Select Access. This issue is related to handling of Unicode characters in URIs, yielding unauthorized access to resources.
15. HP Integrated Lights Out Remote Denial of Service Vulnerabil...
BugTraq ID: 10415
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10415
Summary:
HP Integrated Lights Out (iLO) is prone to a remote denial of service vulnerability when LAN management products use TCP port 0 to access the iLO service.
A successful attack can allow an attacker to cause the iLO service to crash, affectively denying service to legitimate users.
iLO firmware prior to versions 1.55 is prone to this vulnerability.
16. FreeBSD Msync(2) System Call Buffer Cache Implementation Vul...
BugTraq ID: 10416
Remote: No
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10416
Summary:
FreeBSD msync(2) system call is prone to a vulnerability that can allow a local attacker to prevent modifications made to a file from being written to disk.
Under certain circumstances, a local user with read access to a file can prevent modifications made to a file from being written to disk. It is conjectured that an attacker can potentially cause a denial of service, if the attacker can influence a sensitive configuration file. Other attacks are possible as well. The attack would depend on the privileges held by the attacker.
17. MiniShare Server Remote Denial Of Service Vulnerability
BugTraq ID: 10417
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10417
Summary:
Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests.
This issue will allow an attacker to cause the affected computer to stop responding, denying service to legitimate users.
18. IRIX Checkpoint and Restart libcpr Library Loading Privilege...
BugTraq ID: 10418
Remote: No
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10418
Summary:
IRIX Checkpoint and Restart libcpr is vulnerable to a library loading privilege escalation vulnerability.
This will allow an attacker to gain superuser privileges on an affected computer when successfully exploited.
19. 3Com OfficeConnect Remote 812 ADSL Router Telnet Buffer Over...
BugTraq ID: 10419
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10419
Summary:
3Com OfficeConnect Remote 812 ADSL Router is prone to a remotely exploitable buffer overflow through the telnet port. Exploitation of this vulnerability will likely result in a denial of service.
20. Orenosv HTTP/FTP Server HTTP GET Denial Of Service Vulnerabi...
BugTraq ID: 10420
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10420
Summary:
Orenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will stop responding.
21. XFree86 XDM RequestPort Random Open TCP Socket Vulnerability
BugTraq ID: 10423
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10423
Summary:
xdm is reported prone to a potential security vulnerability that may lead to a false sense of security. A problem reported in xdm, is reported to result in a false sense of security because even though DisplayManager.requestPort is set to 0, xdm will open a chooserFd TCP socket on all interfaces.
22. Sun Java System Application Server Remote Installation Path ...
BugTraq ID: 10424
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10424
Summary:
It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user requests.
Successful exploitation of this issue may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
23. Canon ImageRUNNER Remote Port Scan Denial of Service Vulnera...
BugTraq ID: 10425
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10425
Summary:
imageRUNNER is prone to a remote denial of service vulnerability. This issue presents itself when a remote attacker carries out multiple port scans against port 80, which leads to network services offered by the printer to hang.
imageRUNNER 210 series is prone to this vulnerability.
24. 3Com OfficeConnect Remote 812 ADSL Router Web Interface Auth...
BugTraq ID: 10426
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10426
Summary:
3Com OfficeConnect Remote 812 ADSL Router is reportedly affected by an authentication bypass vulnerability through its web configuration interface.
Successful exploitation of this issue would allow an attacker to gain administrative access to the affected device.
25. PHP Input/Ouput Wrapper Remote Include Function Command Exec...
BugTraq ID: 10427
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10427
Summary:
PHP is reportedly affected by an arbitrary command execution weakness through the PHP include() function. This issue is due to a design error that allows the execution of attacker supplied POST PHP commands when URI data is used as an argument to an 'include()' function.
This issue affect the PHP module itself; however the problem only presents itself when an application uses a user-supplied URI parameter as an argument to the 'include()' function.
This issue is reported to affect all version of PHP since 3.0.13. Furthermore this issue is not resolved by setting the 'php.ini' variable 'allow_url_fopen' to off.
Successful exploitation of this issue will allow an attacker to execute arbitrary PHP code on the affected computer; this will allow the execution of commands to the underlying operating system with the privileges of the affected web server process.
26. Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
BugTraq ID: 10428
Remote: No
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10428
Summary:
Subversion is reported prone to an undisclosed vulnerability. The issue is reported to present itself due to an insecure implementation of the pre-commit-hook template.
This BID will be updated as soon as further information regarding this vulnerability becomes available.
27. MollenSoft Lightweight FTP Server Remote Buffer Overflow Vul...
BugTraq ID: 10429
Remote: Yes
Date Published: May 28 2004
Relevant URL: http://www.securityfocus.com/bid/10429
Summary:
Lightweight FTP Server is prone to a remote buffer overflow vulnerability. This vulnerability can potentially allow a remote attacker to execute arbitrary code in the context of the server process. This issue presents itself due to a lack of sufficient boundary checks performed on CD command arguments.
Lightweight FTP Server version 3.6 is prone to this issue.
This issue is likely related to the issue previously described in BID 10409 (MollenSoft Lightweight FTP Server Remote Denial Of Service Vulnerability). This BID will be updated or retired subsequent to further analysis.
28. JPortal Print.php SQL Injection Vulnerability
BugTraq ID: 10430
Remote: Yes
Date Published: May 28 2004
Relevant URL: http://www.securityfocus.com/bid/10430
Summary:
JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before using it in an SQL query.
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. FDIC faulted for weak security
By: Kevin Poulsen
Congressional investigators find vulnerabilities in critical financial systems.
http://www.securityfocus.com/news/8796
2. Area 51 hackers dig up trouble
By: Kevin Poulsen
Tourists beware. Poking around the desert outside the most famously secret patch of real estate in the world could earn you a visit from the FBI.
http://www.securityfocus.com/news/8768
3. Apple patches critical Mac OS X hole
By: Kevin Poulsen
The company claims customers were never put at risk by the well-known and easily exploited bug.
http://www.securityfocus.com/news/8742
4. Two arrested in Softbank data leak probe
By: Tim Richardson, The Register
Two men have been arrested amid allegations that they were involved in a bid to extort billions of Yen from Japanese outfit Softbank Corp. Yutaka Tomiyasu (24) and Takuya Mori (35) were arrested at the weekend in connection with the leak of confidential information concerning Internet users earlier this year.
http://www.securityfocus.com/news/8802
5. Mac OS X update fails to fix vulnerability
By: John Leyden, The Register
A major revision of Apple's Mac OS X operating system released this week fails to come bundled with a vital, recently-issued security fix.
http://www.securityfocus.com/news/8794
6. Court weighs terrorism allegations against free speech in tr...
By: Bob Fick, The Associated Press
http://www.securityfocus.com/news/8790
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
2. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
3. Sign 1.0.4
By: Alex Pankratov
Relevant URL: http://swapped.cc/sign
Platforms: POSIX
Summary:
Sign is a file signing and signature verification utility. It implements gzip-style command line syntax and OpenSSH-style key-based authentication. It is small, fast, and is meant to facilitate the use of authenticated file hashing for online distributed material.
4. php-syslog-ng v2.5
By: mearls
Relevant URL: http://www.vermeer.org/syslog
Platforms: PHP
Summary:
php-syslog-ng is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, and date.
5. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
6. Pubcookie 3.1.0
By: Nathan Dors
Relevant URL: http://www.pubcookie.org
Platforms: Os Independent
Summary:
Pubcookie is an Open Source package for intra-institutional, single sign-on, end-user Web authentication. More generally, it is an approach to identifying users as they browse to an institution's many websites that require authentication. It helps an institution reuse existing authentication services (like Kerberos, LDAP, or NIS), and it limits the exposure of end-user passwords by ensuring they're only sent to a trusted login service.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Sr. IT Auditor- Miami and NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364676
2. Risk And Regulatory Consultant, UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364433
3. List Closure From May 28 - May 30 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364425
4. ESM expert, London UK - Contract (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364423
5. WEB SERVICES ENGINEER - UK CITY BASED - TOP COMPANY ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364421
6. Arcsite expert, London UK - Contract (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364419
7. Solutions Architects, UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364417
8. Malcode Analyst Position Available at ISS (Atlanta) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364416
9. seeking an entry-level position in Network/Informati... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364414
10. Seeking a security management position (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364362
11. Experienced IT Systems Auditor (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364361
12. Behavioral Engine Software Engineer Position at ISS ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364309
13. Account Manager (WiFi Security) - D.C. Metro Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/364256
VI. INCIDENTS LIST SUMMARY
--------------------------
1. NKADM rootkit - Something new? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364757
2. Trojan of somesort - Update (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364670
3. Administrivia: Trojan of somesort - Hack definition ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364631
4. Changing file times, was -> Re: Trojan of somesort -... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364602
5. Re: NKADM rootkit (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364415
6. Trojan of somesort (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364413
7. NKADM rootkit (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364354
8. New IRC Worm? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364285
9. !! Conference Program Computer Security Mexico 2004 ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/364284
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Bypassing "smart" IDSes with misdirected frames? (lo... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/364661
2. [Full-Disclosure] Re: Bypassing "smart" IDSes with m... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/364660
3. [Format String vulnerabilities] (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/364656
4. [Full-Disclosure] Bypassing "smart" IDSes with misdi... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/364612
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Relative Security Provided by Cached Domain Credenti... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364776
2. USB Drive Privileges (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364490
3. Re[2]: Relative Security Provided by Cached Domain C... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364432
4. SecurityFocus Microsoft Newsletter #190 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364319
5. Workstation service deletes itself?? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/364237
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. kernel patch loading but not updating KernelID (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/364586
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Block martians with source address 127.0.0.1 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364801
2. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364322
3. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364301
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
[ reply ]