ALERT: How a Hacker Launches a SQL Injection Attack
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
I. FRONT AND CENTER
1. Web Browser Forensics, Part 1
2. Defeating Honeypots: System Issues, Part 2
3. Windows 2003 SP1
II. BUGTRAQ SUMMARY
1. ESMI PayPal Storefront SQL Injection Vulnerability
2. ESMI PayPal Storefront Cross-Site Scripting Vulnerability
3. Apple QuickTime PictureViewer Buffer Overflow Vulnerability
4. Nuke Bookmarks Marks.php Path Disclosure Vulnerability
5. Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
6. Nuke Bookmarks Marks.php SQL Injection Vulnerability
7. MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
8. MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
9. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
10. Tincat Network Library Remote Buffer Overflow Vulnerability
11. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
12. Tkai's Shoutbox Query Parameter URI Redirection Vulnerabilit...
13. EXoops Multiple Input Validation Vulnerabilities
14. Valdersoft Shopping Cart Multiple Input Validation Vulnerabi...
15. PHPCoin Multiple Remote Vulnerabilities
16. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
17. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
18. PhotoPost Pro Multiple Input Validation Vulnerabilities
19. ACS Blog Name Field HTML Injection Vulnerability
20. Smail-3 Unspecified Remote Vulnerability
21. Symantec Norton AntiVirus AutoProtect Module Remote Denial O...
22. Symantec Norton AntiVirus AutoProtect Module SmartScan Local...
23. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
24. The Includer Remote File Include Vulnerability
25. Adventia E-Data Remote HTML Injection Vulnerability
26. Midnight Commander Insert_Text Buffer Overflow Vulnerability
27. Chatness Message Form Field HTML Injection Vulnerability
28. CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
29. Uapplication Ublog Cross-Site Scripting Vulnerability
30. Linux Kernel EXT2 File System Information Leak Vulnerability
31. EncapsBB File Include Vulnerability
32. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
33. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
34. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
35. FastStone 4in1 Browser Web Server Remote Directory Traversal...
36. WebAPP Unspecified File Disclosure Vulnerability
37. WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
38. Adventia Chat Server Pro Remote HTML Injection Vulnerability
39. Smarty Template Engine Remote PHP Script Execution Vulnerabi...
40. Sybari AntiGen For Lotus Domino Multiple Remote Denial Of Se...
41. Horde Application Framework Parent Page Title Cross-Site Scr...
42. Lighthouse Development Squirrelcart SQL Injection Vulnerabil...
43. Mailreader Remote HTML Injection Vulnerability
44. Kerio Personal Firewall Local Network Access Restriction Byp...
45. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
46. Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
47. Linux Kernel File Lock Local Denial Of Service Vulnerability
48. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
49. OpenBSD TCP Stack Remote Denial Of Service Vulnerability
50. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Sybase allows release of flaw information
2. Companies resist nuclear cyber security rule
3. Feds square off with organized cyber crime
4. Three quarters of corporate PCs shun SP2
5. Carjackers swipe biometric Merc, plus owner's finger
6. Hacking Google for fun and profit
IV. SECURITYFOCUS TOP 6 TOOLS
1. Bitform Discover 2005.1
2. Libnids 1.2
3. File System Saint 1.02a
4. TextKeeper 5.0
5. DeSPAM Tunnel 3.0.0
6. Umbrella v0.5
V. SECURITYJOBS LIST SUMMARY
1. Management, Santa Clara, US (Thread)
2. Technical Marketing Engineer, Santa Clara, ... (Thread)
3. Channel / Business Development, Home Based/... (Thread)
4. Security Architect, London, GB (Thread)
5. Management, New York, US (Thread)
6. Security Auditor, Tampa, US (Thread)
7. Developer, New York City, US (Thread)
8. Manager, Information Security, New York Cit... (Thread)
9. Security Engineer, Eglin Air Force Base , U... (Thread)
10. Security Engineer, New York City, US (Thread)
11. Security Product Manager, New York City, US (Thread)
12. Security Consultant, Honolulu, US (Thread)
13. Security System Administrator, Chicago, US (Thread)
14. Technology Risk Consultant, Los Angeles, US (Thread)
15. Manager, Information Security, Philadelphia... (Thread)
16. Sales Representative, Surrey/Windsor/£... (Thread)
17. Technical Support Engineer, Surrey/Windsor/... (Thread)
18. Sales Engineer, COLORADO SPRINGS , US (Thread)
19. Security Consultant, Minneapolis, US (Thread)
20. Jr. Security Analyst, Philadelphia, US (Thread)
21. Security Consultant, Singapore, SG (Thread)
22. Security Consultant, Houston, US (Thread)
23. Security Consultant, London, GB (Thread)
24. Security Engineer, London, GB (Thread)
25. VP of Marketing, London/Surrey/Berkshire &p... (Thread)
26. Auditor, San Francisco, US (Thread)
27. Security Engineer, Duluth, US (Thread)
28. Management, St. Louis or Kansas City, US (Thread)
29. Security Director, Leeds / Edinburgh, GB (Thread)
30. Security Engineer, Westford, US (Thread)
31. VP of Marketing, London/Berkshire Referral ... (Thread)
32. Manager, Information Security, West London,... (Thread)
33. CHECK Team Leader, London, GB (Thread)
34. Developer, Atlanta, US (Thread)
35. Sales Engineer, Oxford, GB (Thread)
36. Regional Channel Manager, Des Moines, US (Thread)
37. Sales Engineer, Newark and vicinity, US (Thread)
38. Security Product Manager, Santa Clara, US (Thread)
39. Sr. Security Analyst, Highlands Ranch, US (Thread)
40. Security Product Marketing Manager, Santa C... (Thread)
41. Management, Mission Viejo, US (Thread)
42. Management, New York (Brooklyn Metrotech), ... (Thread)
VI. INCIDENTS LIST SUMMARY
1. Vendor notification (Thread)
2. exploit or human (Thread)
3. ANI Exploits in Spam -> more info (Thread)
4. ANI Exploits in Spam (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Scanner (Thread)
2. dnsmasq <2.21 off-by-one (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Integrating Domain and VPN Login (Thread)
2. Windows Server 2003 Service Pack 1 (Thread)
3. SecurityFocus Microsoft Newsletter #234 (Thread)
4. quarantine vpn clients (Thread)
IX. SUN FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2005-03-29 to 2005-04-05.
X. LINUX FOCUS LIST SUMMARY
1. vsftp question (Thread)
2. Linux and DB2 (Thread)
3. Apache+PHP+ftp security (Thread)
4. Re[2]: Apache+PHP+ftp security (Thread)
5. OpenVPN? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827
2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and the application layer.
http://www.securityfocus.com/infocus/1828
3. Windows 2003 SP1
By Mark Burnett
Microsoft's release of Windows 2003 Service Pack 1 last week is loaded with
security enhancements, and it's a big step in the right direction.
http://www.securityfocus.com/columnists/312
II. BUGTRAQ SUMMARY
-------------------
1. ESMI PayPal Storefront SQL Injection Vulnerability
BugTraq ID: 12903
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12903
Summary:
ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
2. ESMI PayPal Storefront Cross-Site Scripting Vulnerability
BugTraq ID: 12904
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12904
Summary:
ESMI PayPal Storefrom is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
3. Apple QuickTime PictureViewer Buffer Overflow Vulnerability
BugTraq ID: 12905
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12905
Summary:
Apple QuickTime is reportedly prone to a buffer overflow when viewing malformed image files.
This issue was reported to exist in QuickTime 6.5.1 for Windows. Other versions may also be affected.
This issue may be related to BID 11553.
4. Nuke Bookmarks Marks.php Path Disclosure Vulnerability
BugTraq ID: 12906
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12906
Summary:
Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted.
This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
5. Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12907
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12907
Summary:
Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
6. Nuke Bookmarks Marks.php SQL Injection Vulnerability
BugTraq ID: 12908
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12908
Summary:
Nuke Bookmarks is prone to an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
7. MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
BugTraq ID: 12909
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12909
Summary:
MagicScripts E-Store Kit-2 PayPal Edition is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
8. MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
BugTraq ID: 12910
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12910
Summary:
MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability.
Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it would execute in the context of the Web server hosting the vulnerable application.
9. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to securely handle signed values when validating memory indexes.
This issue may be leverage by a local attacker to gain escalated privileges on an affected computer.
10. Tincat Network Library Remote Buffer Overflow Vulnerability
BugTraq ID: 12912
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12912
Summary:
Tincat is reported prone to a remote buffer overflow vulnerability.
It is reported that this issue exists in the function responsible for logging users that have connected to a game server.
A successful attack can allow an attacker to gain unauthorized access to a vulnerable computer in the context of a game server.
11. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
BugTraq ID: 12913
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12913
Summary:
Microsoft Outlook 2002 Connector for IBM Lotus Domino is reported prone to a policy bypass vulnerability. It is reported that the Microsoft Outlook 2002 Connector for IBM Lotus Domino saves login credentials locally even when a Group policy is in place that is supposed to prevent this.
This may result in a false sense of security. An attacker with knowledge of a valid username may employ the cached passwords to authenticate successfully to the connected IBM Lotus Domino server.
12. Tkai's Shoutbox Query Parameter URI Redirection Vulnerabilit...
BugTraq ID: 12914
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12914
Summary:
Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability.
It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a link.
A successful attack may result in various attacks including theft of cookie based authentication credentials.
13. EXoops Multiple Input Validation Vulnerabilities
BugTraq ID: 12915
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12915
Summary:
Multiple input validation vulnerabilities reportedly affect exoops. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
14. Valdersoft Shopping Cart Multiple Input Validation Vulnerabi...
BugTraq ID: 12916
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12916
Summary:
Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database contents.
phpCoin is also affected by a local file include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. This issue may also be exploited to disclose arbitrary files.
phpCoin 1.2.1b and prior versions are affected by these issues.
16. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's Telnet client. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
17. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a remote buffer overflow vulnerability. It is reported that the vulnerability exists in a function 'env_opt_add()' in the 'telnet.c' source file, which is apparently common source for all of the affected vendors.
A remote attacker may exploit this vulnerability to execute arbitrary code on some of the affected platforms in the context of a user that is using the vulnerable Telnet client to connect to a malicious server.
18. PhotoPost Pro Multiple Input Validation Vulnerabilities
BugTraq ID: 12920
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12920
Summary:
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
19. ACS Blog Name Field HTML Injection Vulnerability
BugTraq ID: 12921
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12921
Summary:
ACS Blog is affected by an HTML injection vulnerability.
The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page.
ACS Blog 1.1.1 is affected by this issue. It is likely that this issue affects prior versions as well.
20. Smail-3 Unspecified Remote Vulnerability
BugTraq ID: 12922
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12922
Summary:
Smail-3 is reported prone to an unspecified vulnerability that may be related to the issues that are described in BID 12899 (Smail-3 Multiple Remote and Local Vulnerabilities).
It is reported that the vulnerability manifests because insufficient boundary checks are performed on certain pointer values. It is conjectured that this may result in memory corruption ultimately leading to arbitrary code execution.
Few details are known in regards to this issue, this BID will be updated as soon as further information is made available.
21. Symantec Norton AntiVirus AutoProtect Module Remote Denial O...
BugTraq ID: 12923
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12923
Summary:
The Symantec Norton AntiVirus AutoProtect module is reported prone to a remote denial of service vulnerability. It is reported that the issue manifests when an unspecified type of file is scanned by AutoProtect, the scan results in the device driver module failing leading to a subsequent kernel crash.
22. Symantec Norton AntiVirus AutoProtect Module SmartScan Local...
BugTraq ID: 12924
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12924
Summary:
The Symantec Norton AntiVirus AutoProtect SmartScan functionality is reported prone to a local denial of service vulnerability. It is reported that under certain circumstances, when SmartScan is enabled, renaming of a file that is stored on a network share will result in a system crash.
A local attacker may exploit this vulnerability to deny service for legitimate users.
23. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
BugTraq ID: 12925
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12925
Summary:
Bugtracker.NET is prone to unspecified SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
24. The Includer Remote File Include Vulnerability
BugTraq ID: 12926
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12926
Summary:
The Includer is reported prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
All versions of The Includer are considered to be vulnerable at the moment. This BID will be updated when more information becomes available.
25. Adventia E-Data Remote HTML Injection Vulnerability
BugTraq ID: 12927
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12927
Summary:
A remote HTML injection vulnerability affects Adventia E-Data. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
26. Midnight Commander Insert_Text Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander. The vulnerability is caused by insufficient bounds checking of external data supplied to the 'insert_text()' function.
This issue may allow local attackers to execute arbitrary code in the context of another user.
27. Chatness Message Form Field HTML Injection Vulnerability
BugTraq ID: 12929
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12929
Summary:
Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields.
Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks.
28. CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12930
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12930
Summary:
CPG Dragonfly is prone to multiple cross-site scripting vulnerabilities in various modules.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
29. Uapplication Ublog Cross-Site Scripting Vulnerability
BugTraq ID: 12931
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12931
Summary:
Ublog is affected by a cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Ublog 1.0.4 and prior versions are reportedly affected by this issue.
30. Linux Kernel EXT2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel EXT2 filesystem handling code is reported prone to a local information leakage vulnerability.
This issue may be leveraged by a local attacker to gain access to potential sensitive kernel memory. Information gained in this way may lead to further attacks against the affected computer.
31. EncapsBB File Include Vulnerability
BugTraq ID: 12933
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12933
Summary:
EncapsBB is reported prone to a file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote or local script through the 'index_header.php' script.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
EncapsBB version 0.3.2_fixed is reported prone to this issue. Other versions may be affected as well.
32. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments with MIME-encoded file names.
Succesful exploitation may allow arbitrary code execution in the security context of the application.
33. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service vulnerability.
It is reported that issue exists in the 'load_elf_library' function.
Linux Kernel 2.6.11.5 and prior versions are affected by this issue.
34. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
BugTraq ID: 12936
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12936
Summary:
Multiple input validation vulnerabilities reportedly affect PortalAPP. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'content.asp' script. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second issue is an SQL injection vulnerability that affects the 'ad_click.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
35. FastStone 4in1 Browser Web Server Remote Directory Traversal...
BugTraq ID: 12937
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12937
Summary:
A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.
This vulnerability is reported to affect FastStone 4in1 Browser version 1.2, previous versions might also be affected.
36. WebAPP Unspecified File Disclosure Vulnerability
BugTraq ID: 12938
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12938
Summary:
WebAPP is reported prone to an unspecified file disclosure vulnerability.
It is reported that this issue may allow remote attackers to disclose contents of certain files. Information gathered through a successful attack may aid in other attacks against a vulnerable computer.
All versions of WebAPP are considered vulnerable to this issue.
This BID will be updated when more information is available.
37. WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 12939
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12939
Summary:
Multiple cross-site scripting vulnerabilities exist in WackoWiki. The vendor has released a fixed version to address these issues but has not provided any further information regarding these issues. The issues may likely be exploited to steal cookie-based authentication credentials. Other attacks may also be possible.
The vulnerabilities are reported to affect WackoWiki R4. It is not known if earlier versions are also affected.
These issues are distinct from the vulnerabilities reported in BID 11935 "WackoWiki Multiple Unspecified Cross-Site Scripting Vulnerabilities".
38. Adventia Chat Server Pro Remote HTML Injection Vulnerability
BugTraq ID: 12940
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12940
Summary:
A remote HTML injection vulnerability affects Adventia Chat Server Pro. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
39. Smarty Template Engine Remote PHP Script Execution Vulnerabi...
BugTraq ID: 12941
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12941
Summary:
A remote PHP code execution vulnerability affects Smarty Template Engine. This issue is due to a failure of the application to properly secure access to PHP script manipulation.
An attacker may leverage this issue to execute arbitrary PHP script code on an affected computer; this may be exploited to gain unauthorized access to or escalated privileges on a hosting computer.
40. Sybari AntiGen For Lotus Domino Multiple Remote Denial Of Se...
BugTraq ID: 12942
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12942
Summary:
Multiple vulnerabilities are reported to exist in Sybari AntiGen For Lotus Domino. The following issues are reported:
A denial of service vulnerability is reported to affect Sybari AntiGen For Lotus Domino. The issue is reported to manifest when a specially crafted RAR archive is processed, and results in the software crashing.
A buffer overflow vulnerability is reported to affect Sybari AntiGen For Lotus Domino. It is reported that this issue manifests when a tiny file is scanned.
A remote attacker may exploit these issues to deny service for legitimate users.
41. Horde Application Framework Parent Page Title Cross-Site Scr...
BugTraq ID: 12943
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12943
Summary:
Horde Application Framework is prone to a cross-site scripting vulnerability. An attacker can supply arbitrary HTML and script code to the application when the page title of a parent frame is manipulated.
A successful attack can facilitate theft of cookie-based authentication credentials. Other attacks are possible as well.
Horde 3.0.4-RC2 is reported vulnerable, however, other versions may be affected as well.
42. Lighthouse Development Squirrelcart SQL Injection Vulnerabil...
BugTraq ID: 12944
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12944
Summary:
Squirrelcart is affected by an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
All versions of Squirrelcart are considered vulnerable at the moment.
43. Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
44. Kerio Personal Firewall Local Network Access Restriction Byp...
BugTraq ID: 12946
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12946
Summary:
A local network access restriction bypass vulnerability affects Kerio Personal Firewall. This issue is due to a design error that causes the application to fail to properly validate the origin of network requests.
An attacker may leverage this issue to bypass network access restrictions, potentially leading administrators to a false sense of security.
45. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
BugTraq ID: 12947
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12947
Summary:
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an including version 0.0.3.
46. Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
BugTraq ID: 12948
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12948
Summary:
Cisco VPN 3000 Concentrator products are reported prone to a remote denial of service vulnerability.
A remote unauthenticated attacker may trigger this vulnerability to cause an affected device to reload or drop connections. Specifically, an attacker can target the HTTPS service running on a vulnerable device to trigger this vulnerability.
Cisco VPN 3000 Concentrator products running software version 4.1.7.A and prior are affected by this issue.
47. Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks.
An attacker may leverage this issue to crash or hang the affected kernel and deny service to legitimate users.
It should be noted that Symantec has been unable to reproduce this issue after testing. It is possible that this vulnerability is linked to the reporter's specific configuration. More information will be added as it becomes available.
48. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service vulnerability. This issue arises due to a double free condition.
It is reported that this vulnerability presents itself when an application that is linked against the library handles malformed Bitmap (.bmp) image files.
A successful attack may result in a denial of service condition. It is not confirmed whether this vulnerability could be leveraged to execute arbitrary code.
gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this issue. It is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
49. OpenBSD TCP Stack Remote Denial Of Service Vulnerability
BugTraq ID: 12951
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12951
Summary:
A remote denial of service vulnerability affects the OpenBSD operating system. This issue is due to implementation errors in the TCP stack, causing it to fail on malicious requests.
A remote attacker may leverage this issue to cause an affected computer to exhaust memory or crash, denying service to legitimate users.
50. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be retired or updated upon further analysis.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Sybase allows release of flaw information
By: Robert Lemos
The database company allows U.K. security firm NGSSoftware to
publish details on six flaws, but legal and security experts are still
concerned that future disclosures will be challenged.
http://www.securityfocus.com/news/10827
2. Companies resist nuclear cyber security rule
By: Kevin Poulsen
A proposed standard for protecting nuclear power plant safety systems from cyber attack gets a less than glowing reaction from system vendors and plant operators.
http://www.securityfocus.com/news/10618
3. Feds square off with organized cyber crime
By: Kevin Poulsen
Law enforcement sees undercover operations as a key to unraveling sophisticated alliances between computer intruders and fraud artists.
http://www.securityfocus.com/news/10525
4. Three quarters of corporate PCs shun SP2
By: John Leyden, The Register
Only a quarter of corporate PCs running Windows XP have upgraded to SP2 (Service Pack 2), according to a survey out this week.
http://www.securityfocus.com/news/10818
5. Carjackers swipe biometric Merc, plus owner's finger
By: John Leyden, The Register
A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system.
http://www.securityfocus.com/news/10817
6. Hacking Google for fun and profit
By: John Leyden, The Register
Insecure websites are not the only venues at risk from Google-hacking.
http://www.securityfocus.com/news/10816
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Bitform Discover 2005.1
By: Bitform Technology Inc.
Relevant URL: http://www.bitform.net/products/discover/
Platforms: Java
Summary:
Bitform Discover is a powerful utility that quickly analyzes individual documents or whole collections of documents and reports on more than two dozen potentially sensitive hidden data elements. Discover supports Microsoft Word, Excel and PowerPoint file formats.
NIDS E-box implementation; emulates linux 2.0.36 TCP/IP stack. It provides IP defragmentation, TCP reassembly, portscan detection.
3. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
4. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Encrypts text using numeric combinations and two algorithms, One of the algorithms uses 5 different numeric combinations.
5. DeSPAM Tunnel 3.0.0
By: The German Computer Freaks (Du-Nu)
Relevant URL: http://www.gcf.de/projects/despam.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This program is a tunnel for pop3 connections and filters spam during the pop3-download of emails automatically. To determine whether an email is UCE it evaluates the content of each email that passes the tunnel statistically. Its intelligent wordparsing filter "backMatch" even matches buzzwords that contain characters which have been replaced by similar looking special chars to avoid being filtered.
A combination of process-based access control (PBAC) and authentication of binaries (like DigSig) - in addition the binaries have the security policy included within the binary, thus when it is executed, the policy is applied to the corrosponding process. Umbrella provides developers with a "restricted fork" which enables him to further restrict a sub-process from e.g. accessing the network.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Management, Santa Clara, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394687
2. Technical Marketing Engineer, Santa Clara, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394686
3. Channel / Business Development, Home Based/... (Thread)
Relevant URL:
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
http://www.securityfocus.com/sponsor/SPIDynamics_sf-news_050405
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Web Browser Forensics, Part 1
2. Defeating Honeypots: System Issues, Part 2
3. Windows 2003 SP1
II. BUGTRAQ SUMMARY
1. ESMI PayPal Storefront SQL Injection Vulnerability
2. ESMI PayPal Storefront Cross-Site Scripting Vulnerability
3. Apple QuickTime PictureViewer Buffer Overflow Vulnerability
4. Nuke Bookmarks Marks.php Path Disclosure Vulnerability
5. Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
6. Nuke Bookmarks Marks.php SQL Injection Vulnerability
7. MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
8. MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
9. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
10. Tincat Network Library Remote Buffer Overflow Vulnerability
11. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
12. Tkai's Shoutbox Query Parameter URI Redirection Vulnerabilit...
13. EXoops Multiple Input Validation Vulnerabilities
14. Valdersoft Shopping Cart Multiple Input Validation Vulnerabi...
15. PHPCoin Multiple Remote Vulnerabilities
16. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
17. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
18. PhotoPost Pro Multiple Input Validation Vulnerabilities
19. ACS Blog Name Field HTML Injection Vulnerability
20. Smail-3 Unspecified Remote Vulnerability
21. Symantec Norton AntiVirus AutoProtect Module Remote Denial O...
22. Symantec Norton AntiVirus AutoProtect Module SmartScan Local...
23. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
24. The Includer Remote File Include Vulnerability
25. Adventia E-Data Remote HTML Injection Vulnerability
26. Midnight Commander Insert_Text Buffer Overflow Vulnerability
27. Chatness Message Form Field HTML Injection Vulnerability
28. CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
29. Uapplication Ublog Cross-Site Scripting Vulnerability
30. Linux Kernel EXT2 File System Information Leak Vulnerability
31. EncapsBB File Include Vulnerability
32. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
33. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
34. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
35. FastStone 4in1 Browser Web Server Remote Directory Traversal...
36. WebAPP Unspecified File Disclosure Vulnerability
37. WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
38. Adventia Chat Server Pro Remote HTML Injection Vulnerability
39. Smarty Template Engine Remote PHP Script Execution Vulnerabi...
40. Sybari AntiGen For Lotus Domino Multiple Remote Denial Of Se...
41. Horde Application Framework Parent Page Title Cross-Site Scr...
42. Lighthouse Development Squirrelcart SQL Injection Vulnerabil...
43. Mailreader Remote HTML Injection Vulnerability
44. Kerio Personal Firewall Local Network Access Restriction Byp...
45. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
46. Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
47. Linux Kernel File Lock Local Denial Of Service Vulnerability
48. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
49. OpenBSD TCP Stack Remote Denial Of Service Vulnerability
50. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Sybase allows release of flaw information
2. Companies resist nuclear cyber security rule
3. Feds square off with organized cyber crime
4. Three quarters of corporate PCs shun SP2
5. Carjackers swipe biometric Merc, plus owner's finger
6. Hacking Google for fun and profit
IV. SECURITYFOCUS TOP 6 TOOLS
1. Bitform Discover 2005.1
2. Libnids 1.2
3. File System Saint 1.02a
4. TextKeeper 5.0
5. DeSPAM Tunnel 3.0.0
6. Umbrella v0.5
V. SECURITYJOBS LIST SUMMARY
1. Management, Santa Clara, US (Thread)
2. Technical Marketing Engineer, Santa Clara, ... (Thread)
3. Channel / Business Development, Home Based/... (Thread)
4. Security Architect, London, GB (Thread)
5. Management, New York, US (Thread)
6. Security Auditor, Tampa, US (Thread)
7. Developer, New York City, US (Thread)
8. Manager, Information Security, New York Cit... (Thread)
9. Security Engineer, Eglin Air Force Base , U... (Thread)
10. Security Engineer, New York City, US (Thread)
11. Security Product Manager, New York City, US (Thread)
12. Security Consultant, Honolulu, US (Thread)
13. Security System Administrator, Chicago, US (Thread)
14. Technology Risk Consultant, Los Angeles, US (Thread)
15. Manager, Information Security, Philadelphia... (Thread)
16. Sales Representative, Surrey/Windsor/£... (Thread)
17. Technical Support Engineer, Surrey/Windsor/... (Thread)
18. Sales Engineer, COLORADO SPRINGS , US (Thread)
19. Security Consultant, Minneapolis, US (Thread)
20. Jr. Security Analyst, Philadelphia, US (Thread)
21. Security Consultant, Singapore, SG (Thread)
22. Security Consultant, Houston, US (Thread)
23. Security Consultant, London, GB (Thread)
24. Security Engineer, London, GB (Thread)
25. VP of Marketing, London/Surrey/Berkshire &p... (Thread)
26. Auditor, San Francisco, US (Thread)
27. Security Engineer, Duluth, US (Thread)
28. Management, St. Louis or Kansas City, US (Thread)
29. Security Director, Leeds / Edinburgh, GB (Thread)
30. Security Engineer, Westford, US (Thread)
31. VP of Marketing, London/Berkshire Referral ... (Thread)
32. Manager, Information Security, West London,... (Thread)
33. CHECK Team Leader, London, GB (Thread)
34. Developer, Atlanta, US (Thread)
35. Sales Engineer, Oxford, GB (Thread)
36. Regional Channel Manager, Des Moines, US (Thread)
37. Sales Engineer, Newark and vicinity, US (Thread)
38. Security Product Manager, Santa Clara, US (Thread)
39. Sr. Security Analyst, Highlands Ranch, US (Thread)
40. Security Product Marketing Manager, Santa C... (Thread)
41. Management, Mission Viejo, US (Thread)
42. Management, New York (Brooklyn Metrotech), ... (Thread)
VI. INCIDENTS LIST SUMMARY
1. Vendor notification (Thread)
2. exploit or human (Thread)
3. ANI Exploits in Spam -> more info (Thread)
4. ANI Exploits in Spam (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Scanner (Thread)
2. dnsmasq <2.21 off-by-one (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Integrating Domain and VPN Login (Thread)
2. Windows Server 2003 Service Pack 1 (Thread)
3. SecurityFocus Microsoft Newsletter #234 (Thread)
4. quarantine vpn clients (Thread)
IX. SUN FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2005-03-29 to 2005-04-05.
X. LINUX FOCUS LIST SUMMARY
1. vsftp question (Thread)
2. Linux and DB2 (Thread)
3. Apache+PHP+ftp security (Thread)
4. Re[2]: Apache+PHP+ftp security (Thread)
5. OpenVPN? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827
2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and the application layer.
http://www.securityfocus.com/infocus/1828
3. Windows 2003 SP1
By Mark Burnett
Microsoft's release of Windows 2003 Service Pack 1 last week is loaded with
security enhancements, and it's a big step in the right direction.
http://www.securityfocus.com/columnists/312
II. BUGTRAQ SUMMARY
-------------------
1. ESMI PayPal Storefront SQL Injection Vulnerability
BugTraq ID: 12903
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12903
Summary:
ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
2. ESMI PayPal Storefront Cross-Site Scripting Vulnerability
BugTraq ID: 12904
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12904
Summary:
ESMI PayPal Storefrom is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
3. Apple QuickTime PictureViewer Buffer Overflow Vulnerability
BugTraq ID: 12905
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12905
Summary:
Apple QuickTime is reportedly prone to a buffer overflow when viewing malformed image files.
This issue was reported to exist in QuickTime 6.5.1 for Windows. Other versions may also be affected.
This issue may be related to BID 11553.
4. Nuke Bookmarks Marks.php Path Disclosure Vulnerability
BugTraq ID: 12906
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12906
Summary:
Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted.
This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
5. Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12907
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12907
Summary:
Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
6. Nuke Bookmarks Marks.php SQL Injection Vulnerability
BugTraq ID: 12908
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12908
Summary:
Nuke Bookmarks is prone to an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
7. MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
BugTraq ID: 12909
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12909
Summary:
MagicScripts E-Store Kit-2 PayPal Edition is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
8. MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
BugTraq ID: 12910
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12910
Summary:
MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability.
Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it would execute in the context of the Web server hosting the vulnerable application.
9. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to securely handle signed values when validating memory indexes.
This issue may be leverage by a local attacker to gain escalated privileges on an affected computer.
10. Tincat Network Library Remote Buffer Overflow Vulnerability
BugTraq ID: 12912
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12912
Summary:
Tincat is reported prone to a remote buffer overflow vulnerability.
It is reported that this issue exists in the function responsible for logging users that have connected to a game server.
A successful attack can allow an attacker to gain unauthorized access to a vulnerable computer in the context of a game server.
11. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
BugTraq ID: 12913
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12913
Summary:
Microsoft Outlook 2002 Connector for IBM Lotus Domino is reported prone to a policy bypass vulnerability. It is reported that the Microsoft Outlook 2002 Connector for IBM Lotus Domino saves login credentials locally even when a Group policy is in place that is supposed to prevent this.
This may result in a false sense of security. An attacker with knowledge of a valid username may employ the cached passwords to authenticate successfully to the connected IBM Lotus Domino server.
12. Tkai's Shoutbox Query Parameter URI Redirection Vulnerabilit...
BugTraq ID: 12914
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12914
Summary:
Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability.
It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a link.
A successful attack may result in various attacks including theft of cookie based authentication credentials.
13. EXoops Multiple Input Validation Vulnerabilities
BugTraq ID: 12915
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12915
Summary:
Multiple input validation vulnerabilities reportedly affect exoops. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
14. Valdersoft Shopping Cart Multiple Input Validation Vulnerabi...
BugTraq ID: 12916
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12916
Summary:
Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
15. PHPCoin Multiple Remote Vulnerabilities
BugTraq ID: 12917
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12917
Summary:
Multiple remote input validation vulnerabilities affect phpCoin.
Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database contents.
phpCoin is also affected by a local file include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. This issue may also be exploited to disclose arbitrary files.
phpCoin 1.2.1b and prior versions are affected by these issues.
16. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's Telnet client. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
17. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a remote buffer overflow vulnerability. It is reported that the vulnerability exists in a function 'env_opt_add()' in the 'telnet.c' source file, which is apparently common source for all of the affected vendors.
A remote attacker may exploit this vulnerability to execute arbitrary code on some of the affected platforms in the context of a user that is using the vulnerable Telnet client to connect to a malicious server.
18. PhotoPost Pro Multiple Input Validation Vulnerabilities
BugTraq ID: 12920
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12920
Summary:
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
19. ACS Blog Name Field HTML Injection Vulnerability
BugTraq ID: 12921
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12921
Summary:
ACS Blog is affected by an HTML injection vulnerability.
The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page.
ACS Blog 1.1.1 is affected by this issue. It is likely that this issue affects prior versions as well.
20. Smail-3 Unspecified Remote Vulnerability
BugTraq ID: 12922
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12922
Summary:
Smail-3 is reported prone to an unspecified vulnerability that may be related to the issues that are described in BID 12899 (Smail-3 Multiple Remote and Local Vulnerabilities).
It is reported that the vulnerability manifests because insufficient boundary checks are performed on certain pointer values. It is conjectured that this may result in memory corruption ultimately leading to arbitrary code execution.
Few details are known in regards to this issue, this BID will be updated as soon as further information is made available.
21. Symantec Norton AntiVirus AutoProtect Module Remote Denial O...
BugTraq ID: 12923
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12923
Summary:
The Symantec Norton AntiVirus AutoProtect module is reported prone to a remote denial of service vulnerability. It is reported that the issue manifests when an unspecified type of file is scanned by AutoProtect, the scan results in the device driver module failing leading to a subsequent kernel crash.
22. Symantec Norton AntiVirus AutoProtect Module SmartScan Local...
BugTraq ID: 12924
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12924
Summary:
The Symantec Norton AntiVirus AutoProtect SmartScan functionality is reported prone to a local denial of service vulnerability. It is reported that under certain circumstances, when SmartScan is enabled, renaming of a file that is stored on a network share will result in a system crash.
A local attacker may exploit this vulnerability to deny service for legitimate users.
23. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
BugTraq ID: 12925
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12925
Summary:
Bugtracker.NET is prone to unspecified SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
24. The Includer Remote File Include Vulnerability
BugTraq ID: 12926
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12926
Summary:
The Includer is reported prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
All versions of The Includer are considered to be vulnerable at the moment. This BID will be updated when more information becomes available.
25. Adventia E-Data Remote HTML Injection Vulnerability
BugTraq ID: 12927
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12927
Summary:
A remote HTML injection vulnerability affects Adventia E-Data. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
26. Midnight Commander Insert_Text Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander. The vulnerability is caused by insufficient bounds checking of external data supplied to the 'insert_text()' function.
This issue may allow local attackers to execute arbitrary code in the context of another user.
27. Chatness Message Form Field HTML Injection Vulnerability
BugTraq ID: 12929
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12929
Summary:
Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields.
Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks.
28. CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12930
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12930
Summary:
CPG Dragonfly is prone to multiple cross-site scripting vulnerabilities in various modules.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
29. Uapplication Ublog Cross-Site Scripting Vulnerability
BugTraq ID: 12931
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12931
Summary:
Ublog is affected by a cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Ublog 1.0.4 and prior versions are reportedly affected by this issue.
30. Linux Kernel EXT2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel EXT2 filesystem handling code is reported prone to a local information leakage vulnerability.
This issue may be leveraged by a local attacker to gain access to potential sensitive kernel memory. Information gained in this way may lead to further attacks against the affected computer.
31. EncapsBB File Include Vulnerability
BugTraq ID: 12933
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12933
Summary:
EncapsBB is reported prone to a file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote or local script through the 'index_header.php' script.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
EncapsBB version 0.3.2_fixed is reported prone to this issue. Other versions may be affected as well.
32. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments with MIME-encoded file names.
Succesful exploitation may allow arbitrary code execution in the security context of the application.
33. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service vulnerability.
It is reported that issue exists in the 'load_elf_library' function.
Linux Kernel 2.6.11.5 and prior versions are affected by this issue.
34. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
BugTraq ID: 12936
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12936
Summary:
Multiple input validation vulnerabilities reportedly affect PortalAPP. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'content.asp' script. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second issue is an SQL injection vulnerability that affects the 'ad_click.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
35. FastStone 4in1 Browser Web Server Remote Directory Traversal...
BugTraq ID: 12937
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12937
Summary:
A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.
This vulnerability is reported to affect FastStone 4in1 Browser version 1.2, previous versions might also be affected.
36. WebAPP Unspecified File Disclosure Vulnerability
BugTraq ID: 12938
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12938
Summary:
WebAPP is reported prone to an unspecified file disclosure vulnerability.
It is reported that this issue may allow remote attackers to disclose contents of certain files. Information gathered through a successful attack may aid in other attacks against a vulnerable computer.
All versions of WebAPP are considered vulnerable to this issue.
This BID will be updated when more information is available.
37. WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 12939
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12939
Summary:
Multiple cross-site scripting vulnerabilities exist in WackoWiki. The vendor has released a fixed version to address these issues but has not provided any further information regarding these issues. The issues may likely be exploited to steal cookie-based authentication credentials. Other attacks may also be possible.
The vulnerabilities are reported to affect WackoWiki R4. It is not known if earlier versions are also affected.
These issues are distinct from the vulnerabilities reported in BID 11935 "WackoWiki Multiple Unspecified Cross-Site Scripting Vulnerabilities".
38. Adventia Chat Server Pro Remote HTML Injection Vulnerability
BugTraq ID: 12940
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12940
Summary:
A remote HTML injection vulnerability affects Adventia Chat Server Pro. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
39. Smarty Template Engine Remote PHP Script Execution Vulnerabi...
BugTraq ID: 12941
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12941
Summary:
A remote PHP code execution vulnerability affects Smarty Template Engine. This issue is due to a failure of the application to properly secure access to PHP script manipulation.
An attacker may leverage this issue to execute arbitrary PHP script code on an affected computer; this may be exploited to gain unauthorized access to or escalated privileges on a hosting computer.
40. Sybari AntiGen For Lotus Domino Multiple Remote Denial Of Se...
BugTraq ID: 12942
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12942
Summary:
Multiple vulnerabilities are reported to exist in Sybari AntiGen For Lotus Domino. The following issues are reported:
A denial of service vulnerability is reported to affect Sybari AntiGen For Lotus Domino. The issue is reported to manifest when a specially crafted RAR archive is processed, and results in the software crashing.
A buffer overflow vulnerability is reported to affect Sybari AntiGen For Lotus Domino. It is reported that this issue manifests when a tiny file is scanned.
A remote attacker may exploit these issues to deny service for legitimate users.
41. Horde Application Framework Parent Page Title Cross-Site Scr...
BugTraq ID: 12943
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12943
Summary:
Horde Application Framework is prone to a cross-site scripting vulnerability. An attacker can supply arbitrary HTML and script code to the application when the page title of a parent frame is manipulated.
A successful attack can facilitate theft of cookie-based authentication credentials. Other attacks are possible as well.
Horde 3.0.4-RC2 is reported vulnerable, however, other versions may be affected as well.
42. Lighthouse Development Squirrelcart SQL Injection Vulnerabil...
BugTraq ID: 12944
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12944
Summary:
Squirrelcart is affected by an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
All versions of Squirrelcart are considered vulnerable at the moment.
43. Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
44. Kerio Personal Firewall Local Network Access Restriction Byp...
BugTraq ID: 12946
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12946
Summary:
A local network access restriction bypass vulnerability affects Kerio Personal Firewall. This issue is due to a design error that causes the application to fail to properly validate the origin of network requests.
An attacker may leverage this issue to bypass network access restrictions, potentially leading administrators to a false sense of security.
45. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
BugTraq ID: 12947
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12947
Summary:
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an including version 0.0.3.
46. Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
BugTraq ID: 12948
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12948
Summary:
Cisco VPN 3000 Concentrator products are reported prone to a remote denial of service vulnerability.
A remote unauthenticated attacker may trigger this vulnerability to cause an affected device to reload or drop connections. Specifically, an attacker can target the HTTPS service running on a vulnerable device to trigger this vulnerability.
Cisco VPN 3000 Concentrator products running software version 4.1.7.A and prior are affected by this issue.
47. Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks.
An attacker may leverage this issue to crash or hang the affected kernel and deny service to legitimate users.
It should be noted that Symantec has been unable to reproduce this issue after testing. It is possible that this vulnerability is linked to the reporter's specific configuration. More information will be added as it becomes available.
48. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service vulnerability. This issue arises due to a double free condition.
It is reported that this vulnerability presents itself when an application that is linked against the library handles malformed Bitmap (.bmp) image files.
A successful attack may result in a denial of service condition. It is not confirmed whether this vulnerability could be leveraged to execute arbitrary code.
gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this issue. It is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
49. OpenBSD TCP Stack Remote Denial Of Service Vulnerability
BugTraq ID: 12951
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12951
Summary:
A remote denial of service vulnerability affects the OpenBSD operating system. This issue is due to implementation errors in the TCP stack, causing it to fail on malicious requests.
A remote attacker may leverage this issue to cause an affected computer to exhaust memory or crash, denying service to legitimate users.
50. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be retired or updated upon further analysis.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Sybase allows release of flaw information
By: Robert Lemos
The database company allows U.K. security firm NGSSoftware to
publish details on six flaws, but legal and security experts are still
concerned that future disclosures will be challenged.
http://www.securityfocus.com/news/10827
2. Companies resist nuclear cyber security rule
By: Kevin Poulsen
A proposed standard for protecting nuclear power plant safety systems from cyber attack gets a less than glowing reaction from system vendors and plant operators.
http://www.securityfocus.com/news/10618
3. Feds square off with organized cyber crime
By: Kevin Poulsen
Law enforcement sees undercover operations as a key to unraveling sophisticated alliances between computer intruders and fraud artists.
http://www.securityfocus.com/news/10525
4. Three quarters of corporate PCs shun SP2
By: John Leyden, The Register
Only a quarter of corporate PCs running Windows XP have upgraded to SP2 (Service Pack 2), according to a survey out this week.
http://www.securityfocus.com/news/10818
5. Carjackers swipe biometric Merc, plus owner's finger
By: John Leyden, The Register
A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system.
http://www.securityfocus.com/news/10817
6. Hacking Google for fun and profit
By: John Leyden, The Register
Insecure websites are not the only venues at risk from Google-hacking.
http://www.securityfocus.com/news/10816
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Bitform Discover 2005.1
By: Bitform Technology Inc.
Relevant URL: http://www.bitform.net/products/discover/
Platforms: Java
Summary:
Bitform Discover is a powerful utility that quickly analyzes individual documents or whole collections of documents and reports on more than two dozen potentially sensitive hidden data elements. Discover supports Microsoft Word, Excel and PowerPoint file formats.
2. Libnids 1.2
By: Rafal Wojtczuk
Relevant URL: http://libnids.sourceforge.net/
Platforms: Os Independent
Summary:
NIDS E-box implementation; emulates linux 2.0.36 TCP/IP stack. It provides IP defragmentation, TCP reassembly, portscan detection.
3. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
4. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Encrypts text using numeric combinations and two algorithms, One of the algorithms uses 5 different numeric combinations.
5. DeSPAM Tunnel 3.0.0
By: The German Computer Freaks (Du-Nu)
Relevant URL: http://www.gcf.de/projects/despam.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This program is a tunnel for pop3 connections and filters spam during the pop3-download of emails automatically. To determine whether an email is UCE it evaluates the content of each email that passes the tunnel statistically. Its intelligent wordparsing filter "backMatch" even matches buzzwords that contain characters which have been replaced by similar looking special chars to avoid being filtered.
6. Umbrella v0.5
By: Umbrella
Relevant URL: http://umbrella.sf.net/
Platforms: Linux
Summary:
A combination of process-based access control (PBAC) and authentication of binaries (like DigSig) - in addition the binaries have the security policy included within the binary, thus when it is executed, the policy is applied to the corrosponding process. Umbrella provides developers with a "restricted fork" which enables him to further restrict a sub-process from e.g. accessing the network.
V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Management, Santa Clara, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394687
2. Technical Marketing Engineer, Santa Clara, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394686
3. Channel / Business Development, Home Based/... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394685
4. Security Architect, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394684
5. Management, New York, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394683
6. Security Auditor, Tampa, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394682
7. Developer, New York City, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394681
8. Manager, Information Security, New York Cit... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394680
9. Security Engineer, Eglin Air Force Base , U... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394679
10. Security Engineer, New York City, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394678
11. Security Product Manager, New York City, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394677
12. Security Consultant, Honolulu, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394676
13. Security System Administrator, Chicago, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394675
14. Technology Risk Consultant, Los Angeles, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394674
15. Manager, Information Security, Philadelphia... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394673
16. Sales Representative, Surrey/Windsor/£... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394672
17. Technical Support Engineer, Surrey/Windsor/... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394671
18. Sales Engineer, COLORADO SPRINGS , US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394670
19. Security Consultant, Minneapolis, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394669
20. Jr. Security Analyst, Philadelphia, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394668
21. Security Consultant, Singapore, SG (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394666
22. Security Consultant, Houston, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394665
23. Security Consultant, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394664
24. Security Engineer, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394663
25. VP of Marketing, London/Surrey/Berkshire &p... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394661
26. Auditor, San Francisco, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394660
27. Security Engineer, Duluth, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394659
28. Management, St. Louis or Kansas City, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394657
29. Security Director, Leeds / Edinburgh, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394656
30. Security Engineer, Westford, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394655
31. VP of Marketing, London/Berkshire Referral ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394654
32. Manager, Information Security, West London,... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394653
33. CHECK Team Leader, London, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394651
34. Developer, Atlanta, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394650
35. Sales Engineer, Oxford, GB (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394649
36. Regional Channel Manager, Des Moines, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394648
37. Sales Engineer, Newark and vicinity, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394647
38. Security Product Manager, Santa Clara, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394646
39. Sr. Security Analyst, Highlands Ranch, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394645
40. Security Product Marketing Manager, Santa C... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394644
41. Management, Mission Viejo, US (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394643
42. Management, New York (Brooklyn Metrotech), ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/77/394642
VI. INCIDENTS LIST SUMMARY
--------------------------
1. Vendor notification (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/394787
2. exploit or human (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/394786
3. ANI Exploits in Spam -> more info (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/394574
4. ANI Exploits in Spam (Thread)
Relevant URL:
http://www.securityfocus.com/archive/75/394573
VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Scanner (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/394858
2. dnsmasq <2.21 off-by-one (Thread)
Relevant URL:
http://www.securityfocus.com/archive/82/394467
VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Integrating Domain and VPN Login (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394961
2. Windows Server 2003 Service Pack 1 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394960
3. SecurityFocus Microsoft Newsletter #234 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394518
4. quarantine vpn clients (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394458
IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-03-29 to 2005-04-05.
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. vsftp question (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394897
2. Linux and DB2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394891
3. Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394746
4. Re[2]: Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394581
5. OpenVPN? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394497
XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
http://www.securityfocus.com/sponsor/SPIDynamics_sf-news_050405
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
[ reply ]