FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
I. FRONT AND CENTER
1. Complexity Kills Innovation
2. Windows NTFS Alternate Data Streams
II. BUGTRAQ SUMMARY
1. Firefox Remote SMB Document Local File Disclosure Vulnerabil...
2. ID Software Quake 3 Engine Infostring Query Remote Denial of...
3. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
4. IBM WebSphere Application Server JSP Engine Source Code Disc...
5. IBM WebSphere Application Server File Servlet Source Code Di...
6. gFTP Remote Directory Traversal Vulnerability
7. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
8. Microsoft Internet Explorer Mouse Event URI Status Bar Obfus...
9. VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab...
10. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
11. Microsoft Internet Explorer Favorites List Script Code Execu...
12. AWStats Debug Remote Information Disclosure Vulnerability
13. Synaesthesia Local File Disclosure Vulnerability
14. Open WebMail Logindomain Parameter Cross-Site Scripting Vuln...
15. BEA WebLogic Server And WebLogic Express Authentication Fail...
16. Brooky CubeCart Multiple Vulnerabilities
17. Opera Web Browser Multiple Remote Vulnerabilities
18. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
19. VMWare Workstation For Linux Local Privilege Escalation Vuln...
20. Sun Solaris ARP Handling Remote Denial Of Service Vulnerabil...
21. OpenConf Paper Submission HTML Injection Vulnerability
22. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
23. ELOG Web Logbook Multiple Remote Vulnerabilities
24. CitrusDB CSV File Upload Access Validation Vulnerability
25. Siteman User.PHP Unspecified Security Restriction Bypass Vul...
26. KarjaSoft Sami HTTP Server Multiple Remote Vulnerabilities
27. CitrusDB Remote Authentication Bypass Vulnerability
28. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
29. Kayako ESupport Cross-Site Scripting Vulnerability
30. CitrusDB Arbitrary Local PHP File Include Vulnerability
31. Microsoft Internet Explorer Malformed File URI Denial of Ser...
32. HP HTTP Server Remote Unspecified Buffer Overflow Vulnerabil...
33. Lighttpd Remote CGI Script Disclosure Vulnerability
34. OSCommerce Contact_us.PHP Cross-Site Scripting Vulnerability
35. Typespeed Local Format String Vulnerability
36. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
37. Check Point VPN-1 SecureClient Malformed IP Address Local Me...
38. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
39. DCP-Portal Multiple SQL Injection Vulnerabilities
40. Microsoft ASP.NET Unicode Character Conversion Multiple Cros...
41. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
42. PaNews Cross-Site Scripting Vulnerability
43. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
44. MercuryBoard Forum Remote Cross-Site Scripting Vulnerability
45. NewsBruiser Comment System Security Restrictions Bypass Vuln...
46. Skull-Splitter Guestbook Unspecified HTML Injection Vulnerab...
47. WebCalendar SQL Injection Vulnerability
48. PaFaq SQL Injection Vulnerability
49. BibORB Multiple Input Validation Vulnerabilities
50. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
51. Yahoo! Messenger Local Insecure Default Installation Vulnera...
52. glFTPD ZIP Plugins Multiple Directory Traversal Vulnerabilit...
53. Yahoo! Messenger Download Dialogue Box File Name Spoofing Vu...
54. GProFTPD GProstats Remote Format String Vulnerability
55. Gaim Multiple Remote Denial of Service Vulnerabilities
56. Bidwatcher Remote Format String Vulnerability
57. Tarantella Enterprise/Secure Global Desktop Remote Informati...
58. TrackerCam Multiple Remote Vulnerabilities
59. Knox Arkeia Type 77 Request Remote Stack-Based Buffer Overru...
III. SECURITYFOCUS NEWS ARTICLES
1. Feds square off with organized cyber crime
2. WebTV 911 prankster guilty
3. T-Mobile hacker pleads guilty
4. NY teen charged over IM spam attack
5. Microsoft compensates blocked Dutch web firm
6. Wormability formulae weighs malware risks
IV. SECURITYFOCUS TOP 6 TOOLS
1. Cisco Torch 0.1 alpha
2. SafeLogon 2.0
3. SafeSystem 1.5
4. KSB - Kernel Socks Bouncer 2.6.10
5. SQL column finder 0.1
6. Secure Hive 1.0.0.1
V. SECURITYJOBS LIST SUMMARY
1. [SJ-JOB] Developer, San Jose, US (Thread)
2. [SJ-JOB] Sales Engineer, Boston, US (Thread)
3. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
4. [SJ-JOB] Auditor, London, Bristol, Manchester, Leeds... (Thread)
5. [SJ-JOB] Sales Engineer, New York, US (Thread)
6. [SJ-JOB] Sales Representative, San Francisco, US (Thread)
7. [SJ-JOB] Application Security Engineer, London, GB (Thread)
8. [SJ-JOB] Sales Engineer, Chicago, US (Thread)
9. [SJ-JOB] Sales Engineer, Denver , US (Thread)
10. [SJ-JOB] Sales Engineer, Morristown Area, US (Thread)
11. [SJ-JOB] Sales Engineer, Minneapolis, US (Thread)
12. [SJ-JOB] Auditor, Wahsington DC, US (Thread)
13. [SJ-JOB] Sr. Security Analyst, Boca Raton, US (Thread)
14. [SJ-JOB] Security System Administrator, London, GB (Thread)
15. [SJ-JOB] Security Consultant, Austin, US (Thread)
16. [SJ-JOB] Sr. Security Analyst, Austin, US (Thread)
17. [SJ-JOB] Information Assurance Analyst, London, GB (Thread)
18. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
19. [SJ-JOB] Channel / Business Development, London, GB (Thread)
20. [SJ-JOB] Application Security Engineer, bangalore, I... (Thread)
21. [SJ-JOB] Manager, Information Security, Mountain Vie... (Thread)
22. [SJ-JOB] Sr. Security Analyst, London, GB (Thread)
23. [SJ-JOB] Sr. Security Engineer, Dulles, US (Thread)
24. [SJ-JOB] Security Consultant, Mission Viejo (Orange ... (Thread)
25. [SJ-JOB] Security Architect, Salt Lake City, US (Thread)
26. [SJ-JOB] Technical Support Engineer, Norfolk, US (Thread)
27. [SJ-JOB] Developer, Fremont, US (Thread)
28. [SJ-JOB] Security Architect, Fremont, US (Thread)
29. [SJ-JOB] Management, Frammington, US (Thread)
30. [SJ-JOB] Sales Representative, Southern California, ... (Thread)
31. [SJ-JOB] Product Strategist, Atlanta, US (Thread)
32. [SJ-JOB] Security Product Marketing Manager, santa c... (Thread)
33. [SJ-JOB] Security Engineer, Bay Area, US (Thread)
VI. INCIDENTS LIST SUMMARY
1. port 6801 and Netzero (Thread)
2. New MSN worm? (Thread)
3. THC's RealServer (port 554) exploit? (Thread)
4. "Guide to Disaster Recovery", Michael Erbschloe (Thread)
5. SSH probe attack afoot? (Thread)
6. Exploit on tcp/4128? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Taking the control by abusing array index. (Thread)
2. SAM encrypted with syskey (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #228 (Thread)
IX. SUN FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2005-02-15 to 2005-02-22.
X. LINUX FOCUS LIST SUMMARY
1. Samba vs NFS (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Complexity Kills Innovation
By Kelly Martin
There's more innovation coming from today's virus writers than from the big
software companes whose core goals are to progress and innovate.
http://www.securityfocus.com/columnists/300
2. Windows NTFS Alternate Data Streams
By Don Parker
The purpose of this article is to explain the existence of alternate data
streams in Microsoft Windows, demonstrate how to create them by
compromising a machine using the Metasploit Framework, and then use
freeware tools to easily discover these hidden files.
http://www.securityfocus.com/infocus/1822
II. BUGTRAQ SUMMARY
-------------------
1. Firefox Remote SMB Document Local File Disclosure Vulnerabil...
BugTraq ID: 12533
Remote: Yes
Date Published: Feb 12 2005
Relevant URL: http://www.securityfocus.com/bid/12533
Summary:
A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected.
This vulnerability may be related to BID 12466.
2. ID Software Quake 3 Engine Infostring Query Remote Denial of...
BugTraq ID: 12534
Remote: Yes
Date Published: Feb 12 2005
Relevant URL: http://www.securityfocus.com/bid/12534
Summary:
It has been reported that the server is vulnerable to a remotely exploitable denial of service attack. The server can be made to crash if a client issues a query with a parameter of excessive length. This can be exploited to cause a denial of service condition.
3. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
BugTraq ID: 12536
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12536
Summary:
A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability).
A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.
4. IBM WebSphere Application Server JSP Engine Source Code Disc...
BugTraq ID: 12537
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12537
Summary:
IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying a malformed URI to the server to disclose JSP source code.
It should be noted that this issue only affects WebSphere Application Server versions 5.0 and 5.1 running on Microsoft Windows platforms.
5. IBM WebSphere Application Server File Servlet Source Code Di...
BugTraq ID: 12538
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12538
Summary:
IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying a malformed URI to the server to disclose JSP source code. The vulnerability exists in the file serving servlet.
It should be noted that this issue only affects WebSphere Application Server version 6.0 running on Microsoft Windows platforms.
6. gFTP Remote Directory Traversal Vulnerability
BugTraq ID: 12539
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12539
Summary:
A remote directory traversal vulnerability reportedly affects gFTP. This issue is due to a failure of the application to sanitize input supplied by malicious FTP server.
An attacker may leverage this issue to overwrite or create arbitrary files on an affected computer with the privileges of an unsuspecting user running the vulnerable application. This may lead to a compromise of the affected computer, denial of service attacks, as well as others.
7. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
BugTraq ID: 12540
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12540
Summary:
toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package.
Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues.
8. Microsoft Internet Explorer Mouse Event URI Status Bar Obfus...
BugTraq ID: 12541
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12541
Summary:
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness.
The issue presents itself when a HREF tag contains certain mouse events.
This issue may be leveraged by an attacker to display false information in the status bar or URI property dialog of an affected browser, allowing an attacker to present web pages to unsuspecting users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.
9. VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab...
BugTraq ID: 12542
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12542
Summary:
VBulletin is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and affects the 'forumdisplay.php' script when the 'showforumusers' option has been enabled.
This may allow attackers to execute arbitrary commands with the privileges of the server running the application.
VBulletin versions 3.0 to 3.0.4 are reported vulnerable to this issue. It is reported that versions 3.0.5 and 3.0.6 are not affected.
10. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
BugTraq ID: 12543
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12543
Summary:
Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application.
The first problem presents itself due to the potential of malicious use of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl' script. The second issue arises from an insecure implementation of the 'loadplugin' parameter functionality.
An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks.
Multiple sources have reported that AWStats 6.3 and subsequent versions are not vulnerable to these issues.
11. Microsoft Internet Explorer Favorites List Script Code Execu...
BugTraq ID: 12544
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12544
Summary:
Microsoft Internet Explorer is reported prone to a security vulnerability.
It is alleged that a JavaScript URI may be added to Internet Explorer favorites if the 'CTRL-d' key combination is pressed to bookmark a website that contains a specially crafted pop-up window.
This vulnerability may be harnessed to aid in the exploitation of other vulnerabilities.
12. AWStats Debug Remote Information Disclosure Vulnerability
BugTraq ID: 12545
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12545
Summary:
A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data.
An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer.
13. Synaesthesia Local File Disclosure Vulnerability
BugTraq ID: 12546
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12546
Summary:
A local file disclosure vulnerability affects Synaesthesia. This issue is due to a failure of the application to securely access files.
An attacker may leverage this issue to read arbitrary files on an affected computer. Information gained in this way may lead to further attacks.
14. Open WebMail Logindomain Parameter Cross-Site Scripting Vuln...
BugTraq ID: 12547
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12547
Summary:
Open WebMail is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'logindomain' parameter.
This vulnerability has been reported to exist in Open WebMail versions 2.50 20050212 and prior.
15. BEA WebLogic Server And WebLogic Express Authentication Fail...
BugTraq ID: 12548
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12548
Summary:
A remote information disclosure weakness affects WebLogic Server and WebLogic Express. This issue is due to a failure of the application to present authentication failures securely.
This issue may allow an attacker to use the revealed information to carry out successful brute fore password attacks against an affected application.
16. Brooky CubeCart Multiple Vulnerabilities
BugTraq ID: 12549
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12549
Summary:
Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out cross-site scripting attacks.
The application is reportedly susceptible to a remote directory traversal vulnerability. A malicious user could issue a request containing directory traversal strings such as '../' to possibly view files outside the server root directory in the context of the server.
The application is also prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This may allow for theft of cookie-based authentication credentials or other attacks.
CubeCart 2.0.4 and prior versions are considered to be vulnerable to these issues.
17. Opera Web Browser Multiple Remote Vulnerabilities
BugTraq ID: 12550
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12550
Summary:
Opera Web Browser is reported prone to multiple vulnerabilities that are exploitable remotely. The following issues are reported:
Opera Web Browser is prone to a vulnerability that presents itself when the browser handles 'data' URIs.
A remote malicious website may exploit this condition to execute arbitrary code in the context of a user that is running a vulnerable version of the affected browser.
Opera Web Browser is prone to an unspecified security vulnerability that exists in the Opera Java LiveConnect class.
Few details are known in regards to this vulnerability. However, it is believed that the issue may be exploited by a remote malicious web site to access dangerous private Java methods. This is not confirmed.
This BID will be updated as soon as further research into these issues is completed.
18. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
BugTraq ID: 12551
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12551
Summary:
A remote denial of service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response.
The vendor reports that under the above circumstances the affected service will crash due to an assertion error, effectively denying service to legitimate users.
19. VMWare Workstation For Linux Local Privilege Escalation Vuln...
BugTraq ID: 12552
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12552
Summary:
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.
20. Sun Solaris ARP Handling Remote Denial Of Service Vulnerabil...
BugTraq ID: 12553
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12553
Summary:
Sun Solaris is reported prone to a remote denial of service vulnerability. The issue is reported to exist because the platform fails to gracefully handle a flood of ARP packets.
A remote attacker may exploit this vulnerability to deny service to legitimate users of a target Sun Solaris computer.
21. OpenConf Paper Submission HTML Injection Vulnerability
BugTraq ID: 12554
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12554
Summary:
OpenConf is prone to an HTML injection vulnerability. This is due to insufficient validation of data supplied through paper submissions within the OpenConf system.
This may permit an attacker to inject hostile HTML and script code into the session of a user who is reviewing the submitted paper. Theft of cookie-based credentials is possible in addition to other attacks.
22. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
BugTraq ID: 12555
Remote: No
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12555
Summary:
Multiple local buffer overflow and memory disclosure vulnerabilities affect the Linux kernel. These issues are due to a failure to securely copy user-controlled data, a race condition error, and a failure to secure memory written by the kernel.
The first issue is a buffer overflow vulnerability in the procfs functionality. The second issue is a kernel memory disclosure vulnerability. The third issue is a race condition error in the Radeon driver that leads to a potential buffer overflow condition. The fourth issue is a buffer overflow vulnerability in the i2c-viapro driver.
A local attacker may leverage these issues to execute arbitrary code, potentially facilitating privilege escalation, and to disclose sensitive kernel memory.
23. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 12556
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12556
Summary:
ELOG is reported prone to multiple remote vulnerabilities. These issues may allow an attacker to disclose sensitive information and potentially execute arbitrary code on a vulnerable computer.
The following specific issues were identified:
The application is reported prone to an unspecified buffer overflow vulnerability. The vendor has reported that this vulnerability is exploitable and allows attackers to gain unauthorized access to a vulnerable computer.
Another vulnerability affecting the application can allow remote attackers to obtain sensitive information such as authentication credentials stored in an unspecified configuration file.
ELOG 2.5.0 and prior versions are affected by these vulnerabilities.
24. CitrusDB CSV File Upload Access Validation Vulnerability
BugTraq ID: 12557
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12557
Summary:
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import.
These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
25. Siteman User.PHP Unspecified Security Restriction Bypass Vul...
BugTraq ID: 12558
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12558
Summary:
Siteman is reported prone to an unspecified security restriction bypass vulnerability.
The issue may be exploited by a remote attacker to gain 'site owner' (Level 5 member) privileges.
It is reported that this vulnerability exists in Siteman versions from 1.1.0 to 1.1.10.
26. KarjaSoft Sami HTTP Server Multiple Remote Vulnerabilities
BugTraq ID: 12559
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12559
Summary:
Multiple remote vulnerabilities affect KarjaSoft Sami HTTP server. These issues are due to poor input validation and a failure to handle malformed network-based requests.
The first issue is a directory traversal issue. The second issue is a denial of service issue.
An attacker may leverage these issues to reveal files outside of the Web server root directory or to crash the affected server.
27. CitrusDB Remote Authentication Bypass Vulnerability
BugTraq ID: 12560
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12560
Summary:
CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information.
An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
28. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12561
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12561
Summary:
It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials
29. Kayako ESupport Cross-Site Scripting Vulnerability
BugTraq ID: 12563
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12563
Summary:
Kayako ESupport is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
ESupport 2.3.1 is reported vulnerable, however, it is possible that other versions are affected as well.
30. CitrusDB Arbitrary Local PHP File Include Vulnerability
BugTraq ID: 12564
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12564
Summary:
CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
This issue may also allow remote file includes, although this has not been confirmed.
31. Microsoft Internet Explorer Malformed File URI Denial of Ser...
BugTraq ID: 12565
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12565
Summary:
Microsoft Internet Explorer is reported prone to a remote denial of service vulnerability.
It is reported that the affected browser will crash when a malformed 'file:' URI is processed.
A remote attacker may exploit this vulnerability to crash the affected browser.
32. HP HTTP Server Remote Unspecified Buffer Overflow Vulnerabil...
BugTraq ID: 12566
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12566
Summary:
It is reported that the HP HTTP Server is prone to a remote unspecified buffer overflow vulnerability.
Vendor reports indicate that this vulnerability may be exploited by a remote attacker to corrupt process memory and ultimately have arbitrary supplied code executed in the context of the vulnerable process.
This vulnerability is reported to affect HP HTTP Server versions 5.0 through 5.94.
33. Lighttpd Remote CGI Script Disclosure Vulnerability
BugTraq ID: 12567
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12567
Summary:
lighttpd is reported prone to an information disclosure vulnerability.
Reports indicate that a NULL sequence appended to the filename of a CGI or FastCGI script will result in the script contents being served to the requestor.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks launched against the target computer.
This vulnerability is reported to affect lighttpd 1.3.7 and previous versions.
34. OSCommerce Contact_us.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 12568
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12568
Summary:
A vulnerability is reported to exist in osCommerce that may allow a remote user to launch cross-site scripting attacks.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.
This vulnerability is reported to exist in osCommerce version 2.2-MS2, other versions might also be affected.
35. Typespeed Local Format String Vulnerability
BugTraq ID: 12569
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12569
Summary:
typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation.
36. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
BugTraq ID: 12570
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12570
Summary:
Multiple buffer overflow vulnerabilities affect KDE KStar fliccd. These issues are due to a failure of the utility to securely copy user-supplied data into process memory.
An attacker may leverage these issues to gain escalated privileges locally and, if the affected utility is run as a daemon, may facilitate remote code execution with superuser privileges.
37. Check Point VPN-1 SecureClient Malformed IP Address Local Me...
BugTraq ID: 12571
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12571
Summary:
VPN-1 SecureClient is reported prone to a vulnerability that may allow local attackers to disclose sensitive memory. This can lead to various other attacks against a vulnerable computer. The vulnerability exists in the 'SR_Service.exe', which manages VPN connections.
A successful attack may allow the attacker to disclose memory and cause the application to crash. Reportedly, this issue can be leveraged to ultimately execute arbitrary code, however, this has not been confirmed.
VPN-1 SecureClient NG FP1 is reported prone to this vulnerability. It is possible that other versions are affected as well.
38. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
BugTraq ID: 12572
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12572
Summary:
AWStats is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl open() routine. It is beleived that this issue is distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).
AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.
39. DCP-Portal Multiple SQL Injection Vulnerabilities
BugTraq ID: 12573
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12573
Summary:
DCP-Portal is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DCP-Portal 6.1.1; earlier versions may also be affected.
40. Microsoft ASP.NET Unicode Character Conversion Multiple Cros...
BugTraq ID: 12574
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12574
Summary:
It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII.
Apparently, the application fails to properly validate Unicode characters allowing an attacker to craft a malicious link containing arbitrary HTML or script code to be executed in a user's browser.
This can facilitate theft of cookie-based credentials and other attacks.
41. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
BugTraq ID: 12575
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12575
Summary:
A security weakness is reported to affect the Advanced Linux Sound Architecture (ALSA) 'libasound.so' module; specifically the issue is reported to be present in the ALSA mixer code. It is reported that the weakness can be leveraged to disable stack-based memory code execution protection on binaries that are linked to the library.
42. PaNews Cross-Site Scripting Vulnerability
BugTraq ID: 12576
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12576
Summary:
PaNews is reportedly affected by a cross-site scripting vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
43. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
BugTraq ID: 12577
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12577
Summary:
Researchers Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu have allegedly devised attacks that will reduce the number of operations required to compute an input that generates a collision in SHA-0/SHA-1 digests. This weakness may threaten the integrity of digital signatures that are generated using these algorithms, as it may be possible to create identical signatures using different input data.
The research paper describing these attacks is not publicly available at this time, and the results have not been vetted by others in the field. This BID will be updated as more information is made available.
44. MercuryBoard Forum Remote Cross-Site Scripting Vulnerability
BugTraq ID: 12578
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12578
Summary:
A remote cross-site scripting vulnerability affects the 'forum.php' script of MercuryBoard. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
45. NewsBruiser Comment System Security Restrictions Bypass Vuln...
BugTraq ID: 12579
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12579
Summary:
NewsBruiser is reported prone to a security restriction bypass vulnerability. A remote attacker may delete or approve comments on a site adversely affecting the availability or integrity of data.
NewsBruiser 2.6.0 and prior versions are affected by this issue.
46. Skull-Splitter Guestbook Unspecified HTML Injection Vulnerab...
BugTraq ID: 12580
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12580
Summary:
Skull-Splitter Guestbook is reportedly affected by an unspecified HTML injection vulnerability. A victim user who views the vulnerable sections of the site would have the attacker-supplied HTML and script code execute in the security context of the affected site.
Skull-Splitter Guestbook version 2.1 is reported vulnerable, however, other versions may be affected as well.
47. WebCalendar SQL Injection Vulnerability
BugTraq ID: 12581
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12581
Summary:
WebCalendar is affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This vulnerability is reported to affect WebCalendar 0.9.45; earlier versions may also be affected.
The vendor has addressed this issue in WebCalendar 1.0RC1 and later.
48. PaFaq SQL Injection Vulnerability
BugTraq ID: 12582
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12582
Summary:
paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This vulnerability is reported to affect paFaq beta4; earlier versions may also be affected.
49. BibORB Multiple Input Validation Vulnerabilities
BugTraq ID: 12583
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12583
Summary:
BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.
These vulnerabilities are reported to affect BibORB version 1.3.2 and all previous versions.
50. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
BugTraq ID: 12584
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12584
Summary:
OpenLDAP is reported prone to multiple unspecified remotely exploitable denial of service vulnerabilities. The vulnerabilities are reported to exist in the 'slapd' daemon.
A remote attacker may exploit these vulnerabilities to deny LDAP service for legitimate users.
This BID will be updated as soon as further information regarding these issues is made available.
51. Yahoo! Messenger Local Insecure Default Installation Vulnera...
BugTraq ID: 12585
Remote: No
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12585
Summary:
A local insecure default installation vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to properly secure directories and executables when installation takes place.
A local attacker may leverage this issue to have arbitrary code executed with the privileges of an unsuspecting user; this may facilitate privileges escalation.
52. glFTPD ZIP Plugins Multiple Directory Traversal Vulnerabilit...
BugTraq ID: 12586
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12586
Summary:
It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary files. The issues arise due to insufficient sanitization of user-supplied data.
By determining the presence of files in restricted directories and outside the server's root in addition to disclosing the contents of arbitrary files, the attacker can launch various attacks against a vulnerable computer. If an attack results in the disclosure of a password file, these issues may ultimately lead to unauthorized access to the affected computer in the context of the server.
The affected plugins are shipped with the FTP server by default. glFTPD 1.26 to 2.00 are reported vulnerable.
53. Yahoo! Messenger Download Dialogue Box File Name Spoofing Vu...
BugTraq ID: 12587
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12587
Summary:
A remote download dialogue box spoofing vulnerability affects Yahoo! Messenger. This issue is due to a design error that facilitates the spoofing of file names.
An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.
It should be noted that although only Yahoo! Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well.
54. GProFTPD GProstats Remote Format String Vulnerability
BugTraq ID: 12588
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12588
Summary:
GProftpd gprostats utility is reported prone to a remote format string handling vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility.
This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions.
55. Gaim Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 12589
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12589
Summary:
Gaim is prone to multiple remote denial of service vulnerabilities. These issues can allow remote attackers to crash an affected client.
The following specific issues were identified:
Remote AIM or ICQ users may trigger a crash in a client by sending malformed SNAC packets.
Another vulnerability in the client arises during the parsing of malformed HTML data.
Gaim versions prior to 1.1.3 are affected by these issues.
56. Bidwatcher Remote Format String Vulnerability
BugTraq ID: 12590
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12590
Summary:
A remote format string vulnerability affects bidwatcher. This issue is due to a failure of the application to properly implement a formatted string function.
An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of an unsuspecting user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
57. Tarantella Enterprise/Secure Global Desktop Remote Informati...
BugTraq ID: 12591
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12591
Summary:
Tarantella Enterprise 3 and Secure Global Desktop products are prone to an information disclosure vulnerability. This issue arises from a design error that may allow an attacker to gather sensitive information about a vulnerable computer. Information gathered by exploiting this vulnerability may be used to launch other attacks against a computer.
Specifically, computers running Tarantella Enterprise 3 and Secure Global Desktop products in combination with RSA SecurID and multiple users with the same username are affected.
58. TrackerCam Multiple Remote Vulnerabilities
BugTraq ID: 12592
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12592
Summary:
TrackerCam is reported prone to multiple vulnerabilities. The following individual issues are reported:
A remote buffer overrun vulnerability is reported to affect the TrackerCam HTTP server.
A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of a vulnerable TrackerCam HTTP service.
Another remote buffer overrun vulnerability is reported to affect the TrackerCam service. The issue is reported to exist due to a lack of sufficient boundary checks performed on any argument passed to the TrackerCam PHP scripts.
A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of a vulnerable TrackerCam HTTP service.
TrackerCam is reported prone to a directory traversal vulnerability. This issue is reported to exist in the 'ComGetLogFile.php3' script.
A remote attacker may exploit this vulnerability to reveal the contents of web server readable files.
The 'ComGetLogFile.php3' script of TrackerCam is also reported prone to an installation path disclosure vulnerability.
Additionally, the 'ComGetLogFile.php3' script may be leveraged to view potentially sensitive information that is contained in TrackerCam log files.
TrackerCam is reported prone to a HTML injection vulnerability. It is reported that the username and password fields are not correctly sanitized of HTML content.
A remote attacker may exploit this vulnerability to launch phishing style attacks or steal cookie based authentication credentials.
Finally, the TrackerCam HTTP service is reported prone to multiple remote denial of service vulnerabilities.
A remote attacker may exploit these vulnerabilities to deny service to legitimate users.
59. Knox Arkeia Type 77 Request Remote Stack-Based Buffer Overru...
BugTraq ID: 12594
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12594
Summary:
A remote stack-based buffer overrun is reported to exist in the Knox Arkeia server. The issue is reported to occur due to insufficient bounds checking performed when handling data contained within a type 77 request packet.
A remote attacker may leverage this vulnerability to execute arbitrary code remotely in the context of the vulnerable service.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Feds square off with organized cyber crime
By: Kevin Poulsen
Law enforcement sees undercover operations as a key to unraveling sophisticated alliances between computer intruders and fraud artists.
http://www.securityfocus.com/news/10525
2. WebTV 911 prankster guilty
By: Kevin Poulsen
Louisiana man cops to endangering public safety by sending out a malicious script that made set-top boxes call the police.
http://www.securityfocus.com/news/10523
3. T-Mobile hacker pleads guilty
By: Kevin Poulsen
The wireless company says it's still investigating an intrusion that compromised customer records, e-mail and stored files over the course of a year.
http://www.securityfocus.com/news/10516
4. NY teen charged over IM spam attack
By: John Leyden, The Register
A New York teenager has become the first American to be arrested for sending spam messages across IM networks.
http://www.securityfocus.com/news/10537
5. Microsoft compensates blocked Dutch web firm
By: Jan Libbenga, The Register
Microsoft is to compensate Dutch web company Ilse Media because its AntiSpyware software blocked one of Ilse's portals, Startpagina ("Startpage").
http://www.securityfocus.com/news/10536
6. Wormability formulae weighs malware risks
By: John Leyden, The Register
Security researchers are developing a method to predict the potential for individual vulnerabilities to become the subject of computer worms.
http://www.securityfocus.com/news/10535
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Cisco Torch 0.1 alpha
By: Arhont Team
Relevant URL: http://www.arhont.com/cisco-torch.tar.bz2
Platforms: Perl (any system supporting perl)
Summary:
A fast mass scanning and application layer fingerprinting tool for Cisco devices written while working on "Hacking Exposed: Cisco Networks" book. Supports telnet and SSH bruteforcing as well as Cisco management webserver exploitation. More features would be added soon - see TODO.
2. SafeLogon 2.0
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/slogon/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeLogon is a multi-user and password-based access control utility that enhances and complements the Windows built-in logon and authentication system. In other words, SafeLogon allows you to protect your system at home and office from unauthorized access.
SafeLogon is fully configurable and allows its Administrator to:
- Restrict access to Windows to certain users, optionally controlling the days of the week and the time of the day the user is allowed to log on and
3. SafeSystem 1.5
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/safesystem/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeSystem is a security program that allows you to prevent access to your personal and important files and folders, as well as protect and guarantee the integrity and well functioning of your system. SafeSystem can make your files and folders completely invisible, inaccessible or simply read-only. Furthermore, SafeSystem can prevent the change of configuration and the accidental (or even intentional) system files deletion or alteration, so your PC will be healthy
4. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
5. SQL column finder 0.1
By: Rafal Bielecki
Relevant URL: http://sqlcfind.netro.pl/sqlcfind.exe
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Helps you to find exact columns number when using union select query
6. Secure Hive 1.0.0.1
By: Secure Hive
Relevant URL: http://www.securehive.com/Secure%20Hive.htm
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
What Does Secure Hive Enterprise Offer?
Encryption of part, or entire, Word documents, Excel worksheets or PowerPoint presentations through Secure Hive's integration with Microsoft Office.
Encryption of part, or entire, content of common documents (such as Notepad, WordPad), email messages and instant messages, including mixed text and graphics, with Secure Hive's Clipboard Encryption feature.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Developer, San Jose, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390869
2. [SJ-JOB] Sales Engineer, Boston, US (Thread)
Relevant URL:
4. "Guide to Disaster Recovery", Michael Erbschloe (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390595
5. SSH probe attack afoot? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390590
6. Exploit on tcp/4128? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390511
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Taking the control by abusing array index. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/391044
2. SAM encrypted with syskey (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/390829
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. SecurityFocus Microsoft Newsletter #228 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/390652
IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-02-15 to 2005-02-22.
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Samba vs NFS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/391117
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_sf-news_050222
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Complexity Kills Innovation
2. Windows NTFS Alternate Data Streams
II. BUGTRAQ SUMMARY
1. Firefox Remote SMB Document Local File Disclosure Vulnerabil...
2. ID Software Quake 3 Engine Infostring Query Remote Denial of...
3. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
4. IBM WebSphere Application Server JSP Engine Source Code Disc...
5. IBM WebSphere Application Server File Servlet Source Code Di...
6. gFTP Remote Directory Traversal Vulnerability
7. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
8. Microsoft Internet Explorer Mouse Event URI Status Bar Obfus...
9. VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab...
10. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
11. Microsoft Internet Explorer Favorites List Script Code Execu...
12. AWStats Debug Remote Information Disclosure Vulnerability
13. Synaesthesia Local File Disclosure Vulnerability
14. Open WebMail Logindomain Parameter Cross-Site Scripting Vuln...
15. BEA WebLogic Server And WebLogic Express Authentication Fail...
16. Brooky CubeCart Multiple Vulnerabilities
17. Opera Web Browser Multiple Remote Vulnerabilities
18. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
19. VMWare Workstation For Linux Local Privilege Escalation Vuln...
20. Sun Solaris ARP Handling Remote Denial Of Service Vulnerabil...
21. OpenConf Paper Submission HTML Injection Vulnerability
22. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
23. ELOG Web Logbook Multiple Remote Vulnerabilities
24. CitrusDB CSV File Upload Access Validation Vulnerability
25. Siteman User.PHP Unspecified Security Restriction Bypass Vul...
26. KarjaSoft Sami HTTP Server Multiple Remote Vulnerabilities
27. CitrusDB Remote Authentication Bypass Vulnerability
28. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
29. Kayako ESupport Cross-Site Scripting Vulnerability
30. CitrusDB Arbitrary Local PHP File Include Vulnerability
31. Microsoft Internet Explorer Malformed File URI Denial of Ser...
32. HP HTTP Server Remote Unspecified Buffer Overflow Vulnerabil...
33. Lighttpd Remote CGI Script Disclosure Vulnerability
34. OSCommerce Contact_us.PHP Cross-Site Scripting Vulnerability
35. Typespeed Local Format String Vulnerability
36. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
37. Check Point VPN-1 SecureClient Malformed IP Address Local Me...
38. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
39. DCP-Portal Multiple SQL Injection Vulnerabilities
40. Microsoft ASP.NET Unicode Character Conversion Multiple Cros...
41. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
42. PaNews Cross-Site Scripting Vulnerability
43. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
44. MercuryBoard Forum Remote Cross-Site Scripting Vulnerability
45. NewsBruiser Comment System Security Restrictions Bypass Vuln...
46. Skull-Splitter Guestbook Unspecified HTML Injection Vulnerab...
47. WebCalendar SQL Injection Vulnerability
48. PaFaq SQL Injection Vulnerability
49. BibORB Multiple Input Validation Vulnerabilities
50. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
51. Yahoo! Messenger Local Insecure Default Installation Vulnera...
52. glFTPD ZIP Plugins Multiple Directory Traversal Vulnerabilit...
53. Yahoo! Messenger Download Dialogue Box File Name Spoofing Vu...
54. GProFTPD GProstats Remote Format String Vulnerability
55. Gaim Multiple Remote Denial of Service Vulnerabilities
56. Bidwatcher Remote Format String Vulnerability
57. Tarantella Enterprise/Secure Global Desktop Remote Informati...
58. TrackerCam Multiple Remote Vulnerabilities
59. Knox Arkeia Type 77 Request Remote Stack-Based Buffer Overru...
III. SECURITYFOCUS NEWS ARTICLES
1. Feds square off with organized cyber crime
2. WebTV 911 prankster guilty
3. T-Mobile hacker pleads guilty
4. NY teen charged over IM spam attack
5. Microsoft compensates blocked Dutch web firm
6. Wormability formulae weighs malware risks
IV. SECURITYFOCUS TOP 6 TOOLS
1. Cisco Torch 0.1 alpha
2. SafeLogon 2.0
3. SafeSystem 1.5
4. KSB - Kernel Socks Bouncer 2.6.10
5. SQL column finder 0.1
6. Secure Hive 1.0.0.1
V. SECURITYJOBS LIST SUMMARY
1. [SJ-JOB] Developer, San Jose, US (Thread)
2. [SJ-JOB] Sales Engineer, Boston, US (Thread)
3. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
4. [SJ-JOB] Auditor, London, Bristol, Manchester, Leeds... (Thread)
5. [SJ-JOB] Sales Engineer, New York, US (Thread)
6. [SJ-JOB] Sales Representative, San Francisco, US (Thread)
7. [SJ-JOB] Application Security Engineer, London, GB (Thread)
8. [SJ-JOB] Sales Engineer, Chicago, US (Thread)
9. [SJ-JOB] Sales Engineer, Denver , US (Thread)
10. [SJ-JOB] Sales Engineer, Morristown Area, US (Thread)
11. [SJ-JOB] Sales Engineer, Minneapolis, US (Thread)
12. [SJ-JOB] Auditor, Wahsington DC, US (Thread)
13. [SJ-JOB] Sr. Security Analyst, Boca Raton, US (Thread)
14. [SJ-JOB] Security System Administrator, London, GB (Thread)
15. [SJ-JOB] Security Consultant, Austin, US (Thread)
16. [SJ-JOB] Sr. Security Analyst, Austin, US (Thread)
17. [SJ-JOB] Information Assurance Analyst, London, GB (Thread)
18. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
19. [SJ-JOB] Channel / Business Development, London, GB (Thread)
20. [SJ-JOB] Application Security Engineer, bangalore, I... (Thread)
21. [SJ-JOB] Manager, Information Security, Mountain Vie... (Thread)
22. [SJ-JOB] Sr. Security Analyst, London, GB (Thread)
23. [SJ-JOB] Sr. Security Engineer, Dulles, US (Thread)
24. [SJ-JOB] Security Consultant, Mission Viejo (Orange ... (Thread)
25. [SJ-JOB] Security Architect, Salt Lake City, US (Thread)
26. [SJ-JOB] Technical Support Engineer, Norfolk, US (Thread)
27. [SJ-JOB] Developer, Fremont, US (Thread)
28. [SJ-JOB] Security Architect, Fremont, US (Thread)
29. [SJ-JOB] Management, Frammington, US (Thread)
30. [SJ-JOB] Sales Representative, Southern California, ... (Thread)
31. [SJ-JOB] Product Strategist, Atlanta, US (Thread)
32. [SJ-JOB] Security Product Marketing Manager, santa c... (Thread)
33. [SJ-JOB] Security Engineer, Bay Area, US (Thread)
VI. INCIDENTS LIST SUMMARY
1. port 6801 and Netzero (Thread)
2. New MSN worm? (Thread)
3. THC's RealServer (port 554) exploit? (Thread)
4. "Guide to Disaster Recovery", Michael Erbschloe (Thread)
5. SSH probe attack afoot? (Thread)
6. Exploit on tcp/4128? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Taking the control by abusing array index. (Thread)
2. SAM encrypted with syskey (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #228 (Thread)
IX. SUN FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2005-02-15 to 2005-02-22.
X. LINUX FOCUS LIST SUMMARY
1. Samba vs NFS (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Complexity Kills Innovation
By Kelly Martin
There's more innovation coming from today's virus writers than from the big
software companes whose core goals are to progress and innovate.
http://www.securityfocus.com/columnists/300
2. Windows NTFS Alternate Data Streams
By Don Parker
The purpose of this article is to explain the existence of alternate data
streams in Microsoft Windows, demonstrate how to create them by
compromising a machine using the Metasploit Framework, and then use
freeware tools to easily discover these hidden files.
http://www.securityfocus.com/infocus/1822
II. BUGTRAQ SUMMARY
-------------------
1. Firefox Remote SMB Document Local File Disclosure Vulnerabil...
BugTraq ID: 12533
Remote: Yes
Date Published: Feb 12 2005
Relevant URL: http://www.securityfocus.com/bid/12533
Summary:
A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected.
This vulnerability may be related to BID 12466.
2. ID Software Quake 3 Engine Infostring Query Remote Denial of...
BugTraq ID: 12534
Remote: Yes
Date Published: Feb 12 2005
Relevant URL: http://www.securityfocus.com/bid/12534
Summary:
It has been reported that the server is vulnerable to a remotely exploitable denial of service attack. The server can be made to crash if a client issues a query with a parameter of excessive length. This can be exploited to cause a denial of service condition.
3. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
BugTraq ID: 12536
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12536
Summary:
A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability).
A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.
4. IBM WebSphere Application Server JSP Engine Source Code Disc...
BugTraq ID: 12537
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12537
Summary:
IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying a malformed URI to the server to disclose JSP source code.
It should be noted that this issue only affects WebSphere Application Server versions 5.0 and 5.1 running on Microsoft Windows platforms.
5. IBM WebSphere Application Server File Servlet Source Code Di...
BugTraq ID: 12538
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12538
Summary:
IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying a malformed URI to the server to disclose JSP source code. The vulnerability exists in the file serving servlet.
It should be noted that this issue only affects WebSphere Application Server version 6.0 running on Microsoft Windows platforms.
6. gFTP Remote Directory Traversal Vulnerability
BugTraq ID: 12539
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12539
Summary:
A remote directory traversal vulnerability reportedly affects gFTP. This issue is due to a failure of the application to sanitize input supplied by malicious FTP server.
An attacker may leverage this issue to overwrite or create arbitrary files on an affected computer with the privileges of an unsuspecting user running the vulnerable application. This may lead to a compromise of the affected computer, denial of service attacks, as well as others.
7. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
BugTraq ID: 12540
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12540
Summary:
toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package.
Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues.
8. Microsoft Internet Explorer Mouse Event URI Status Bar Obfus...
BugTraq ID: 12541
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12541
Summary:
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness.
The issue presents itself when a HREF tag contains certain mouse events.
This issue may be leveraged by an attacker to display false information in the status bar or URI property dialog of an affected browser, allowing an attacker to present web pages to unsuspecting users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.
9. VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab...
BugTraq ID: 12542
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12542
Summary:
VBulletin is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and affects the 'forumdisplay.php' script when the 'showforumusers' option has been enabled.
This may allow attackers to execute arbitrary commands with the privileges of the server running the application.
VBulletin versions 3.0 to 3.0.4 are reported vulnerable to this issue. It is reported that versions 3.0.5 and 3.0.6 are not affected.
10. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
BugTraq ID: 12543
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12543
Summary:
Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application.
The first problem presents itself due to the potential of malicious use of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl' script. The second issue arises from an insecure implementation of the 'loadplugin' parameter functionality.
An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks.
Multiple sources have reported that AWStats 6.3 and subsequent versions are not vulnerable to these issues.
11. Microsoft Internet Explorer Favorites List Script Code Execu...
BugTraq ID: 12544
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12544
Summary:
Microsoft Internet Explorer is reported prone to a security vulnerability.
It is alleged that a JavaScript URI may be added to Internet Explorer favorites if the 'CTRL-d' key combination is pressed to bookmark a website that contains a specially crafted pop-up window.
This vulnerability may be harnessed to aid in the exploitation of other vulnerabilities.
12. AWStats Debug Remote Information Disclosure Vulnerability
BugTraq ID: 12545
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12545
Summary:
A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data.
An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer.
13. Synaesthesia Local File Disclosure Vulnerability
BugTraq ID: 12546
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12546
Summary:
A local file disclosure vulnerability affects Synaesthesia. This issue is due to a failure of the application to securely access files.
An attacker may leverage this issue to read arbitrary files on an affected computer. Information gained in this way may lead to further attacks.
14. Open WebMail Logindomain Parameter Cross-Site Scripting Vuln...
BugTraq ID: 12547
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12547
Summary:
Open WebMail is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'logindomain' parameter.
This vulnerability has been reported to exist in Open WebMail versions 2.50 20050212 and prior.
15. BEA WebLogic Server And WebLogic Express Authentication Fail...
BugTraq ID: 12548
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12548
Summary:
A remote information disclosure weakness affects WebLogic Server and WebLogic Express. This issue is due to a failure of the application to present authentication failures securely.
This issue may allow an attacker to use the revealed information to carry out successful brute fore password attacks against an affected application.
16. Brooky CubeCart Multiple Vulnerabilities
BugTraq ID: 12549
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12549
Summary:
Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out cross-site scripting attacks.
The application is reportedly susceptible to a remote directory traversal vulnerability. A malicious user could issue a request containing directory traversal strings such as '../' to possibly view files outside the server root directory in the context of the server.
The application is also prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This may allow for theft of cookie-based authentication credentials or other attacks.
CubeCart 2.0.4 and prior versions are considered to be vulnerable to these issues.
17. Opera Web Browser Multiple Remote Vulnerabilities
BugTraq ID: 12550
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12550
Summary:
Opera Web Browser is reported prone to multiple vulnerabilities that are exploitable remotely. The following issues are reported:
Opera Web Browser is prone to a vulnerability that presents itself when the browser handles 'data' URIs.
A remote malicious website may exploit this condition to execute arbitrary code in the context of a user that is running a vulnerable version of the affected browser.
Opera Web Browser is prone to an unspecified security vulnerability that exists in the Opera Java LiveConnect class.
Few details are known in regards to this vulnerability. However, it is believed that the issue may be exploited by a remote malicious web site to access dangerous private Java methods. This is not confirmed.
This BID will be updated as soon as further research into these issues is completed.
18. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
BugTraq ID: 12551
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12551
Summary:
A remote denial of service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response.
The vendor reports that under the above circumstances the affected service will crash due to an assertion error, effectively denying service to legitimate users.
19. VMWare Workstation For Linux Local Privilege Escalation Vuln...
BugTraq ID: 12552
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12552
Summary:
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.
20. Sun Solaris ARP Handling Remote Denial Of Service Vulnerabil...
BugTraq ID: 12553
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12553
Summary:
Sun Solaris is reported prone to a remote denial of service vulnerability. The issue is reported to exist because the platform fails to gracefully handle a flood of ARP packets.
A remote attacker may exploit this vulnerability to deny service to legitimate users of a target Sun Solaris computer.
21. OpenConf Paper Submission HTML Injection Vulnerability
BugTraq ID: 12554
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12554
Summary:
OpenConf is prone to an HTML injection vulnerability. This is due to insufficient validation of data supplied through paper submissions within the OpenConf system.
This may permit an attacker to inject hostile HTML and script code into the session of a user who is reviewing the submitted paper. Theft of cookie-based credentials is possible in addition to other attacks.
22. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
BugTraq ID: 12555
Remote: No
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12555
Summary:
Multiple local buffer overflow and memory disclosure vulnerabilities affect the Linux kernel. These issues are due to a failure to securely copy user-controlled data, a race condition error, and a failure to secure memory written by the kernel.
The first issue is a buffer overflow vulnerability in the procfs functionality. The second issue is a kernel memory disclosure vulnerability. The third issue is a race condition error in the Radeon driver that leads to a potential buffer overflow condition. The fourth issue is a buffer overflow vulnerability in the i2c-viapro driver.
A local attacker may leverage these issues to execute arbitrary code, potentially facilitating privilege escalation, and to disclose sensitive kernel memory.
23. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 12556
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12556
Summary:
ELOG is reported prone to multiple remote vulnerabilities. These issues may allow an attacker to disclose sensitive information and potentially execute arbitrary code on a vulnerable computer.
The following specific issues were identified:
The application is reported prone to an unspecified buffer overflow vulnerability. The vendor has reported that this vulnerability is exploitable and allows attackers to gain unauthorized access to a vulnerable computer.
Another vulnerability affecting the application can allow remote attackers to obtain sensitive information such as authentication credentials stored in an unspecified configuration file.
ELOG 2.5.0 and prior versions are affected by these vulnerabilities.
24. CitrusDB CSV File Upload Access Validation Vulnerability
BugTraq ID: 12557
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12557
Summary:
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import.
These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
25. Siteman User.PHP Unspecified Security Restriction Bypass Vul...
BugTraq ID: 12558
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12558
Summary:
Siteman is reported prone to an unspecified security restriction bypass vulnerability.
The issue may be exploited by a remote attacker to gain 'site owner' (Level 5 member) privileges.
It is reported that this vulnerability exists in Siteman versions from 1.1.0 to 1.1.10.
26. KarjaSoft Sami HTTP Server Multiple Remote Vulnerabilities
BugTraq ID: 12559
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12559
Summary:
Multiple remote vulnerabilities affect KarjaSoft Sami HTTP server. These issues are due to poor input validation and a failure to handle malformed network-based requests.
The first issue is a directory traversal issue. The second issue is a denial of service issue.
An attacker may leverage these issues to reveal files outside of the Web server root directory or to crash the affected server.
27. CitrusDB Remote Authentication Bypass Vulnerability
BugTraq ID: 12560
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12560
Summary:
CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information.
An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
28. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12561
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12561
Summary:
It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials
29. Kayako ESupport Cross-Site Scripting Vulnerability
BugTraq ID: 12563
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12563
Summary:
Kayako ESupport is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
ESupport 2.3.1 is reported vulnerable, however, it is possible that other versions are affected as well.
30. CitrusDB Arbitrary Local PHP File Include Vulnerability
BugTraq ID: 12564
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12564
Summary:
CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
This issue may also allow remote file includes, although this has not been confirmed.
31. Microsoft Internet Explorer Malformed File URI Denial of Ser...
BugTraq ID: 12565
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12565
Summary:
Microsoft Internet Explorer is reported prone to a remote denial of service vulnerability.
It is reported that the affected browser will crash when a malformed 'file:' URI is processed.
A remote attacker may exploit this vulnerability to crash the affected browser.
32. HP HTTP Server Remote Unspecified Buffer Overflow Vulnerabil...
BugTraq ID: 12566
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12566
Summary:
It is reported that the HP HTTP Server is prone to a remote unspecified buffer overflow vulnerability.
Vendor reports indicate that this vulnerability may be exploited by a remote attacker to corrupt process memory and ultimately have arbitrary supplied code executed in the context of the vulnerable process.
This vulnerability is reported to affect HP HTTP Server versions 5.0 through 5.94.
33. Lighttpd Remote CGI Script Disclosure Vulnerability
BugTraq ID: 12567
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12567
Summary:
lighttpd is reported prone to an information disclosure vulnerability.
Reports indicate that a NULL sequence appended to the filename of a CGI or FastCGI script will result in the script contents being served to the requestor.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks launched against the target computer.
This vulnerability is reported to affect lighttpd 1.3.7 and previous versions.
34. OSCommerce Contact_us.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 12568
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12568
Summary:
A vulnerability is reported to exist in osCommerce that may allow a remote user to launch cross-site scripting attacks.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.
This vulnerability is reported to exist in osCommerce version 2.2-MS2, other versions might also be affected.
35. Typespeed Local Format String Vulnerability
BugTraq ID: 12569
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12569
Summary:
typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation.
36. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
BugTraq ID: 12570
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12570
Summary:
Multiple buffer overflow vulnerabilities affect KDE KStar fliccd. These issues are due to a failure of the utility to securely copy user-supplied data into process memory.
An attacker may leverage these issues to gain escalated privileges locally and, if the affected utility is run as a daemon, may facilitate remote code execution with superuser privileges.
37. Check Point VPN-1 SecureClient Malformed IP Address Local Me...
BugTraq ID: 12571
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12571
Summary:
VPN-1 SecureClient is reported prone to a vulnerability that may allow local attackers to disclose sensitive memory. This can lead to various other attacks against a vulnerable computer. The vulnerability exists in the 'SR_Service.exe', which manages VPN connections.
A successful attack may allow the attacker to disclose memory and cause the application to crash. Reportedly, this issue can be leveraged to ultimately execute arbitrary code, however, this has not been confirmed.
VPN-1 SecureClient NG FP1 is reported prone to this vulnerability. It is possible that other versions are affected as well.
38. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
BugTraq ID: 12572
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12572
Summary:
AWStats is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl open() routine. It is beleived that this issue is distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).
AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.
39. DCP-Portal Multiple SQL Injection Vulnerabilities
BugTraq ID: 12573
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12573
Summary:
DCP-Portal is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DCP-Portal 6.1.1; earlier versions may also be affected.
40. Microsoft ASP.NET Unicode Character Conversion Multiple Cros...
BugTraq ID: 12574
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12574
Summary:
It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII.
Apparently, the application fails to properly validate Unicode characters allowing an attacker to craft a malicious link containing arbitrary HTML or script code to be executed in a user's browser.
This can facilitate theft of cookie-based credentials and other attacks.
41. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
BugTraq ID: 12575
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12575
Summary:
A security weakness is reported to affect the Advanced Linux Sound Architecture (ALSA) 'libasound.so' module; specifically the issue is reported to be present in the ALSA mixer code. It is reported that the weakness can be leveraged to disable stack-based memory code execution protection on binaries that are linked to the library.
42. PaNews Cross-Site Scripting Vulnerability
BugTraq ID: 12576
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12576
Summary:
PaNews is reportedly affected by a cross-site scripting vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
43. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
BugTraq ID: 12577
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12577
Summary:
Researchers Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu have allegedly devised attacks that will reduce the number of operations required to compute an input that generates a collision in SHA-0/SHA-1 digests. This weakness may threaten the integrity of digital signatures that are generated using these algorithms, as it may be possible to create identical signatures using different input data.
The research paper describing these attacks is not publicly available at this time, and the results have not been vetted by others in the field. This BID will be updated as more information is made available.
44. MercuryBoard Forum Remote Cross-Site Scripting Vulnerability
BugTraq ID: 12578
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12578
Summary:
A remote cross-site scripting vulnerability affects the 'forum.php' script of MercuryBoard. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
45. NewsBruiser Comment System Security Restrictions Bypass Vuln...
BugTraq ID: 12579
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12579
Summary:
NewsBruiser is reported prone to a security restriction bypass vulnerability. A remote attacker may delete or approve comments on a site adversely affecting the availability or integrity of data.
NewsBruiser 2.6.0 and prior versions are affected by this issue.
46. Skull-Splitter Guestbook Unspecified HTML Injection Vulnerab...
BugTraq ID: 12580
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12580
Summary:
Skull-Splitter Guestbook is reportedly affected by an unspecified HTML injection vulnerability. A victim user who views the vulnerable sections of the site would have the attacker-supplied HTML and script code execute in the security context of the affected site.
Skull-Splitter Guestbook version 2.1 is reported vulnerable, however, other versions may be affected as well.
47. WebCalendar SQL Injection Vulnerability
BugTraq ID: 12581
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12581
Summary:
WebCalendar is affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This vulnerability is reported to affect WebCalendar 0.9.45; earlier versions may also be affected.
The vendor has addressed this issue in WebCalendar 1.0RC1 and later.
48. PaFaq SQL Injection Vulnerability
BugTraq ID: 12582
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12582
Summary:
paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This vulnerability is reported to affect paFaq beta4; earlier versions may also be affected.
49. BibORB Multiple Input Validation Vulnerabilities
BugTraq ID: 12583
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12583
Summary:
BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.
These vulnerabilities are reported to affect BibORB version 1.3.2 and all previous versions.
50. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
BugTraq ID: 12584
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12584
Summary:
OpenLDAP is reported prone to multiple unspecified remotely exploitable denial of service vulnerabilities. The vulnerabilities are reported to exist in the 'slapd' daemon.
A remote attacker may exploit these vulnerabilities to deny LDAP service for legitimate users.
This BID will be updated as soon as further information regarding these issues is made available.
51. Yahoo! Messenger Local Insecure Default Installation Vulnera...
BugTraq ID: 12585
Remote: No
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12585
Summary:
A local insecure default installation vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to properly secure directories and executables when installation takes place.
A local attacker may leverage this issue to have arbitrary code executed with the privileges of an unsuspecting user; this may facilitate privileges escalation.
52. glFTPD ZIP Plugins Multiple Directory Traversal Vulnerabilit...
BugTraq ID: 12586
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12586
Summary:
It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary files. The issues arise due to insufficient sanitization of user-supplied data.
By determining the presence of files in restricted directories and outside the server's root in addition to disclosing the contents of arbitrary files, the attacker can launch various attacks against a vulnerable computer. If an attack results in the disclosure of a password file, these issues may ultimately lead to unauthorized access to the affected computer in the context of the server.
The affected plugins are shipped with the FTP server by default. glFTPD 1.26 to 2.00 are reported vulnerable.
53. Yahoo! Messenger Download Dialogue Box File Name Spoofing Vu...
BugTraq ID: 12587
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12587
Summary:
A remote download dialogue box spoofing vulnerability affects Yahoo! Messenger. This issue is due to a design error that facilitates the spoofing of file names.
An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.
It should be noted that although only Yahoo! Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well.
54. GProFTPD GProstats Remote Format String Vulnerability
BugTraq ID: 12588
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12588
Summary:
GProftpd gprostats utility is reported prone to a remote format string handling vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility.
This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions.
55. Gaim Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 12589
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12589
Summary:
Gaim is prone to multiple remote denial of service vulnerabilities. These issues can allow remote attackers to crash an affected client.
The following specific issues were identified:
Remote AIM or ICQ users may trigger a crash in a client by sending malformed SNAC packets.
Another vulnerability in the client arises during the parsing of malformed HTML data.
Gaim versions prior to 1.1.3 are affected by these issues.
56. Bidwatcher Remote Format String Vulnerability
BugTraq ID: 12590
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12590
Summary:
A remote format string vulnerability affects bidwatcher. This issue is due to a failure of the application to properly implement a formatted string function.
An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of an unsuspecting user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
57. Tarantella Enterprise/Secure Global Desktop Remote Informati...
BugTraq ID: 12591
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12591
Summary:
Tarantella Enterprise 3 and Secure Global Desktop products are prone to an information disclosure vulnerability. This issue arises from a design error that may allow an attacker to gather sensitive information about a vulnerable computer. Information gathered by exploiting this vulnerability may be used to launch other attacks against a computer.
Specifically, computers running Tarantella Enterprise 3 and Secure Global Desktop products in combination with RSA SecurID and multiple users with the same username are affected.
58. TrackerCam Multiple Remote Vulnerabilities
BugTraq ID: 12592
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12592
Summary:
TrackerCam is reported prone to multiple vulnerabilities. The following individual issues are reported:
A remote buffer overrun vulnerability is reported to affect the TrackerCam HTTP server.
A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of a vulnerable TrackerCam HTTP service.
Another remote buffer overrun vulnerability is reported to affect the TrackerCam service. The issue is reported to exist due to a lack of sufficient boundary checks performed on any argument passed to the TrackerCam PHP scripts.
A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of a vulnerable TrackerCam HTTP service.
TrackerCam is reported prone to a directory traversal vulnerability. This issue is reported to exist in the 'ComGetLogFile.php3' script.
A remote attacker may exploit this vulnerability to reveal the contents of web server readable files.
The 'ComGetLogFile.php3' script of TrackerCam is also reported prone to an installation path disclosure vulnerability.
Additionally, the 'ComGetLogFile.php3' script may be leveraged to view potentially sensitive information that is contained in TrackerCam log files.
TrackerCam is reported prone to a HTML injection vulnerability. It is reported that the username and password fields are not correctly sanitized of HTML content.
A remote attacker may exploit this vulnerability to launch phishing style attacks or steal cookie based authentication credentials.
Finally, the TrackerCam HTTP service is reported prone to multiple remote denial of service vulnerabilities.
A remote attacker may exploit these vulnerabilities to deny service to legitimate users.
59. Knox Arkeia Type 77 Request Remote Stack-Based Buffer Overru...
BugTraq ID: 12594
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12594
Summary:
A remote stack-based buffer overrun is reported to exist in the Knox Arkeia server. The issue is reported to occur due to insufficient bounds checking performed when handling data contained within a type 77 request packet.
A remote attacker may leverage this vulnerability to execute arbitrary code remotely in the context of the vulnerable service.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Feds square off with organized cyber crime
By: Kevin Poulsen
Law enforcement sees undercover operations as a key to unraveling sophisticated alliances between computer intruders and fraud artists.
http://www.securityfocus.com/news/10525
2. WebTV 911 prankster guilty
By: Kevin Poulsen
Louisiana man cops to endangering public safety by sending out a malicious script that made set-top boxes call the police.
http://www.securityfocus.com/news/10523
3. T-Mobile hacker pleads guilty
By: Kevin Poulsen
The wireless company says it's still investigating an intrusion that compromised customer records, e-mail and stored files over the course of a year.
http://www.securityfocus.com/news/10516
4. NY teen charged over IM spam attack
By: John Leyden, The Register
A New York teenager has become the first American to be arrested for sending spam messages across IM networks.
http://www.securityfocus.com/news/10537
5. Microsoft compensates blocked Dutch web firm
By: Jan Libbenga, The Register
Microsoft is to compensate Dutch web company Ilse Media because its AntiSpyware software blocked one of Ilse's portals, Startpagina ("Startpage").
http://www.securityfocus.com/news/10536
6. Wormability formulae weighs malware risks
By: John Leyden, The Register
Security researchers are developing a method to predict the potential for individual vulnerabilities to become the subject of computer worms.
http://www.securityfocus.com/news/10535
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Cisco Torch 0.1 alpha
By: Arhont Team
Relevant URL: http://www.arhont.com/cisco-torch.tar.bz2
Platforms: Perl (any system supporting perl)
Summary:
A fast mass scanning and application layer fingerprinting tool for Cisco devices written while working on "Hacking Exposed: Cisco Networks" book. Supports telnet and SSH bruteforcing as well as Cisco management webserver exploitation. More features would be added soon - see TODO.
2. SafeLogon 2.0
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/slogon/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeLogon is a multi-user and password-based access control utility that enhances and complements the Windows built-in logon and authentication system. In other words, SafeLogon allows you to protect your system at home and office from unauthorized access.
SafeLogon is fully configurable and allows its Administrator to:
- Restrict access to Windows to certain users, optionally controlling the days of the week and the time of the day the user is allowed to log on and
3. SafeSystem 1.5
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/safesystem/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeSystem is a security program that allows you to prevent access to your personal and important files and folders, as well as protect and guarantee the integrity and well functioning of your system. SafeSystem can make your files and folders completely invisible, inaccessible or simply read-only. Furthermore, SafeSystem can prevent the change of configuration and the accidental (or even intentional) system files deletion or alteration, so your PC will be healthy
4. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
5. SQL column finder 0.1
By: Rafal Bielecki
Relevant URL: http://sqlcfind.netro.pl/sqlcfind.exe
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Helps you to find exact columns number when using union select query
6. Secure Hive 1.0.0.1
By: Secure Hive
Relevant URL: http://www.securehive.com/Secure%20Hive.htm
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
What Does Secure Hive Enterprise Offer?
Encryption of part, or entire, Word documents, Excel worksheets or PowerPoint presentations through Secure Hive's integration with Microsoft Office.
Encryption of part, or entire, content of common documents (such as Notepad, WordPad), email messages and instant messages, including mixed text and graphics, with Secure Hive's Clipboard Encryption feature.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Developer, San Jose, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390869
2. [SJ-JOB] Sales Engineer, Boston, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390867
3. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390866
4. [SJ-JOB] Auditor, London, Bristol, Manchester, Leeds... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390861
5. [SJ-JOB] Sales Engineer, New York, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390860
6. [SJ-JOB] Sales Representative, San Francisco, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390859
7. [SJ-JOB] Application Security Engineer, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390858
8. [SJ-JOB] Sales Engineer, Chicago, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390724
9. [SJ-JOB] Sales Engineer, Denver , US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390723
10. [SJ-JOB] Sales Engineer, Morristown Area, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390722
11. [SJ-JOB] Sales Engineer, Minneapolis, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390721
12. [SJ-JOB] Auditor, Wahsington DC, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390677
13. [SJ-JOB] Sr. Security Analyst, Boca Raton, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390676
14. [SJ-JOB] Security System Administrator, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390654
15. [SJ-JOB] Security Consultant, Austin, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390627
16. [SJ-JOB] Sr. Security Analyst, Austin, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390625
17. [SJ-JOB] Information Assurance Analyst, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390624
18. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390621
19. [SJ-JOB] Channel / Business Development, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390619
20. [SJ-JOB] Application Security Engineer, bangalore, I... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390618
21. [SJ-JOB] Manager, Information Security, Mountain Vie... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390617
22. [SJ-JOB] Sr. Security Analyst, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390616
23. [SJ-JOB] Sr. Security Engineer, Dulles, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390614
24. [SJ-JOB] Security Consultant, Mission Viejo (Orange ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390613
25. [SJ-JOB] Security Architect, Salt Lake City, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390611
26. [SJ-JOB] Technical Support Engineer, Norfolk, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390610
27. [SJ-JOB] Developer, Fremont, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390484
28. [SJ-JOB] Security Architect, Fremont, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390483
29. [SJ-JOB] Management, Frammington, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390482
30. [SJ-JOB] Sales Representative, Southern California, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390481
31. [SJ-JOB] Product Strategist, Atlanta, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390480
32. [SJ-JOB] Security Product Marketing Manager, santa c... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390479
33. [SJ-JOB] Security Engineer, Bay Area, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/390478
VI. INCIDENTS LIST SUMMARY
--------------------------
1. port 6801 and Netzero (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390996
2. New MSN worm? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390720
3. THC's RealServer (port 554) exploit? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390719
4. "Guide to Disaster Recovery", Michael Erbschloe (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390595
5. SSH probe attack afoot? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390590
6. Exploit on tcp/4128? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/390511
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Taking the control by abusing array index. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/391044
2. SAM encrypted with syskey (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/390829
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. SecurityFocus Microsoft Newsletter #228 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/390652
IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-02-15 to 2005-02-22.
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Samba vs NFS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/391117
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_sf-news_050222
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
[ reply ]