Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 29 hands-on training courses and 10 conference tracks, networking opportunities with over 2,000 delegates from 30+ nations.
------------------------------------------------------------------
I. FRONT AND CENTER
1. Interview with Marcus Ranum
2. Your fingerprints are everywhere
3. Software Firewalls: Made of Straw? Part 2 of 2
II. BUGTRAQ SUMMARY
1. Pico Server File Access Vulnerability
2. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
3. JamMail Jammail.pl Remote Arbitrary Command Execution Vulnerability
4. Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
5. FusionBB Multiple Input Validation Vulnerabilities
6. Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability
7. Microsoft Internet Explorer PNG Image Rendering Buffer Overflow Vulnerability
8. Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability
9. Microsoft Internet Explorer XML Redirect Information Disclosure Vulnerability
10. Microsoft Step-By-Step Interactive Training Bookmark Link Buffer Overflow Vulnerability
11. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
12. Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability
13. Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service Vulnerability
14. Microsoft Agent Trusted Content Spoofing Vulnerability
15. MAST RunAs Professional Local Privilege Escalation Vulnerability
16. Microsoft Windows Web Client Service Remote Code Execution Vulnerability
17. Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
18. Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
19. Microsoft Windows HTML Help Remote Code Execution Vulnerability
20. Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability
21. Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure Vulnerability
22. Microsoft ISA Server HTTP Request Smuggling Vulnerability
23. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
24. Sun Java Runtime Environment Unspecified Privilege Escalation Vulnerability
25. Finjan SurfinGate ASCII File Extension File Filter Circumvention Vulnerability
26. Annuaire 1Two Commentaires.PHP Multiple HTML Injection Vulnerabilities
27. Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
28. Adobe Acrobat/Adobe Reader File Existence Disclosure Vulnerability
29. McGallery Lang Argument File Disclosure Vulnerability
30. ViRobot Linux Server Remote Buffer Overflow Vulnerability
31. Bitrix Site Manager Remote File Include Vulnerability
32. Mambo Open Source Com_Contents SQL Injection Vulnerability
33. PAFileDB Multiple Input Validation Vulnerabilities
34. Sun LPAdmin Unspecified Arbitrary Local File Overwrite Vulnerability
35. Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability
36. Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability
37. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
38. ATutor Multiple Cross-Site Scripting Vulnerabilities
39. SquirrelMail Multiple Unspecified Cross-Site Scripting Vulnerabilities
40. e107 Website System Multiple Input Validation and Information Disclosure Vulnerabilities
41. Ultimate PHP Board Weak Password Encryption Vulnerability
42. Cool Cafe Chat LOGIN.ASP SQL Injection Vulnerability
43. OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
44. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
45. osCommerce Multiple HTTP Response Splitting Vulnerabilities
46. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
47. Yaws Remote Source Code Disclosure Vulnerability
48. XAMMP Lang.PHP HTML Injection Vulnerability
49. XAMMP Lang.PHP Directory Traversal Vulnerability
50. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerability
51. JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability
52. Ajax-Spell HTML Tag Script Injection Vulnerability
53. Contelligent Preview Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. MasterCard warns of massive credit-card breach
2. Phishers look to net small fry
3. Stealthy Trojan horses, modular bot software dodging defenses
4. Latest Bluetooth attack makes short work of weak passwords
5. Microsoft sues German spammer
6. Adware makers exploit BitTorrent
7. UK trojan siege has been running over a year
8. Ssshhh! Opera slips out security update
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Engineer, Dallas
2. [SJ-JOB] Sr. Security Analyst, PALO ALTO
3. [SJ-JOB] Security Engineer, New York
4. [SJ-JOB] Auditor, Miami
5. [SJ-JOB] Sales Engineer, Boston
6. [SJ-JOB] Security Consultant, New York
7. [SJ-JOB] Security Consultant, Chicago
8. [SJ-JOB] Information Assurance Engineer, Dulles/Falls Church/Washington D.C.
9. [SJ-JOB] Technology Risk Consultant, Portsmouth
10. [SJ-JOB] Security Auditor, McLean
11. [SJ-JOB] Application Security Engineer, West Coast
12. [SJ-JOB] Sales Engineer, NYC, and Los Angeles
13. [SJ-JOB] Sr. Security Engineer, Dallas
14. [SJ-JOB] Information Assurance Analyst, Arlington
15. [SJ-JOB] Sales Engineer, Dallas
16. [SJ-JOB] Information Assurance Engineer, DC
17. [SJ-JOB] Technical Writer, DC
18. [SJ-JOB] Developer, Boulder
19. [SJ-JOB] Security Architect, Ft Lauderdale
20. [SJ-JOB] Developer, Boulder
21. [SJ-JOB] Security Engineer, Santa Barbara
22. [SJ-JOB] Application Security Engineer, Foster City
23. [SJ-JOB] Channel / Business Development, TBD
V. INCIDENTS LIST SUMMARY
1. FTimes 3.5.0 Released
2. Digital forensics of the physical memory
VI. VULN-DEV RESEARCH LIST SUMMARY
1. exploiting/debuggin SetUnhandledException filter
2. Black Hat Briefings Announcements
3. the possibility of jumping back to code in an exploited program
4. Exploit development in Per
VII. MICROSOFT FOCUS LIST SUMMARY
1. Imaging question for MS OS.
2. Disclaimer on Active/active clustered exchange servers
3. WSUS/Reboot
4. IE in Kiosk mode
5. Windows Server 2K Lockdown Baseline
6. SecurityFocus Microsoft Newsletter #244
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Interview with Marcus Ranum
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/334
2. Your fingerprints are everywhere
By Scott Granneman
How much do you trust your government? That's a question that all of us have to ask, perhaps the more often the better.
http://www.securityfocus.com/columnists/333
3. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be circumvented by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840
II. BUGTRAQ SUMMARY
--------------------
1. Pico Server File Access Vulnerability
BugTraq ID: 13935
Remote: Yes
Date Published: 2005-06-11
Relevant URL: http://www.securityfocus.com/bid/13935
Summary:
Pico Server is a small web server written in C.
A vulnerability in Pico Server may allow for remote attackers to view file contents or execute programs outside of the web root directory. The vulnerability appears to be due to a design failure in a feature meant to prevent unauthorized access outside of the web root.
The vulnerability can be exploited to obtain the contents of files outside of the web root directory. It may also be exploited to run commands via the "/cgi-bin/" virtual directory.
2. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
BugTraq ID: 13936
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13936
Summary:
Sysreport is susceptible to an information disclosure vulnerability. This issue is due to a failure of the application to ensure that sensitive information is not included in its generated reports.
This vulnerability may result in sending unencrypted proxy authentication usernames and passwords to potentially malicious people. This may aid them in further attacks.
3. JamMail Jammail.pl Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 13937
Remote: Yes
Date Published: 2005-06-12
Relevant URL: http://www.securityfocus.com/bid/13937
Summary:
JamMail is prone to a remote arbitrary command execution vulnerability.
This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script.
This can lead to various attacks including unauthorized access to an affected computer.
JamMail 1.8 is affected by this issue.
4. Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13938
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13938
Summary:
Singapore image gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
5. FusionBB Multiple Input Validation Vulnerabilities
BugTraq ID: 13939
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13939
Summary:
FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input.
The following specific vulnerabilities were identified:
The application is affected by a local file include vulnerability. The attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
FusionBB is prone to multiple SQL injection vulnerabilities as well. These vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability
BugTraq ID: 13940
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13940
Summary:
Telnet clients provided by multiple vendors are susceptible to a remote information disclosure vulnerability.
Any information stored in the environment of clients utilizing the affected telnet application is available for attackers to retrieve. The contents of the environment variables may be sensitive in nature, allowing attackers to gain information that may aid them in further system compromise.
7. Microsoft Internet Explorer PNG Image Rendering Buffer Overflow Vulnerability
BugTraq ID: 13941
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13941
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability. This issue exists in the PNG image rendering library used by the browser.
Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.
This issue is present in the PNG image rendering library, so it is possible that other applications that use the library are affected. This is not confirmed and Symantec is not aware of any such applications.
8. Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability
BugTraq ID: 13942
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13942
Summary:
Microsoft SMB is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the kernel containing the vulnerable code. Microsoft has stated that other attack vectors may exist, in the form of passing malicious parameters to the affected component, either locally or remotely.
Failed exploit attempts will likely crash the affected computer, denying service to legitimate users.
9. Microsoft Internet Explorer XML Redirect Information Disclosure Vulnerability
BugTraq ID: 13943
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13943
Summary:
Microsoft Internet Explorer is prone to an information disclosure vulnerability. Specifically, it may be possible for remote users to read XML data from an affected computer via a malicious Web page.
This issue is a variant of BID 5560. This variant was not addressed with the release of MS02-047. Microsoft has released a new security bulletin to provide fixes for this variant. Microsoft has stated that Windows Server 2003 with the Enhanced Security Configuration enabled is not affected.
10. Microsoft Step-By-Step Interactive Training Bookmark Link Buffer Overflow Vulnerability
BugTraq ID: 13944
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13944
Summary:
Microsoft Step-By-Step Interactive Training is prone to a buffer overflow vulnerability. This is due to a boundary condition error related to validation of data in bookmark link files. As bookmark link files may originate from an external source, this issue may be remotely exploitable.
Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.
A number of third-party providers may supply the Step-by-Step Interactive training program as a part of their products. There is not a conclusive list of products that may have installed this software.
11. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13945
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13945
Summary:
Sun Java Web Start is susceptible to an unspecified privilege escalation vulnerability.
This vulnerability allows remote, untrusted Java applications to gain elevated privileges. This allows them to read or write local files, or to execute arbitrary local applications. These actions are normally forbidden for untrusted applications running in the Java virtual machine.
Further details are not available at this time. This BID will be updated as further information is disclosed.
12. Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability
BugTraq ID: 13946
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13946
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability in the DigWebX ActiveX control.
The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the control.
13. Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service Vulnerability
BugTraq ID: 13947
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13947
Summary:
Microsoft Internet Explorer is prone to a denial of service vulnerability when rendering malformed GIF and BMP images. Malformed images for other file formats may also cause a similar condition, though the vendor has not provided any further information.
The vendor has not released any further information about this issue other than to state that it is addressed by the Cumulative Security Update For Internet Explorer.
14. Microsoft Agent Trusted Content Spoofing Vulnerability
BugTraq ID: 13948
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13948
Summary:
Microsoft Agent is prone to a vulnerability that could allow a malicious Web site to spoof trusted content. This could result in a user downloading and executing malicious files thinking they are safe.
15. MAST RunAs Professional Local Privilege Escalation Vulnerability
BugTraq ID: 13949
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13949
Summary:
RunAs Professional (RunAsP.exe) is affected by a local privilege escalation vulnerability.
This issue presents itself because the affected application fails to verify the executable prior to running it with higher privileges.
RunAs Professional 3.5.1 is affected by this vulnerability. Other versions may be prone to this issue as well.
16. Microsoft Windows Web Client Service Remote Code Execution Vulnerability
BugTraq ID: 13950
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13950
Summary:
Microsoft Windows Web Client Service is affected by a remote code execution vulnerability. This is due to a buffer overflow in the affected component.
A remote authenticated attacker can exploit this issue by sending a malformed message to the Web Client Service. This can lead to arbitrary code execution resulting in privilege escalation.
An attacker may also exploit this issue through another application that passes data to the vulnerable component.
Web Client Service is disabled on Windows Server 2003 by default.
17. Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
BugTraq ID: 13951
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13951
Summary:
Microsoft Outlook Express is prone to a buffer overflow when parsing NNTP responses. Successful exploitation could allow arbitrary code execution in the context of the user running the application.
18. Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
BugTraq ID: 13952
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13952
Summary:
Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in the context of the affected user.
This issue is reported to affect Outlook Web Access for Exchange Server 5.5.
19. Microsoft Windows HTML Help Remote Code Execution Vulnerability
BugTraq ID: 13953
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13953
Summary:
Microsoft Windows HTML Help is affected by a remote code execution vulnerability.
The vulnerability presents itself when the application handles malformed data through the InfoTech protocol (ms-its, its, mk:@msitstore).
An attacker may exploit this issue from a malicious Web page or through HTML email to execute arbitrary code with the privileges of the currently logged in user.
This vulnerability affects any application that utilizes the Windows Help component of Internet Explorer.
20. Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability
BugTraq ID: 13954
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13954
Summary:
Microsoft Internet Security and Acceleration (ISA) server is prone to a policy bypass vulnerability. Reports indicate that the issue manifests when a Microsoft ISA server is utilizing the 'NetBIOS (all)' predefined filter.
A remote attacker may leverage this vulnerability to successfully make NetBIOS connections to NetBIOS based services that exist on a target ISA server.
21. Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure Vulnerability
BugTraq ID: 13955
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13955
Summary:
Microsoft Internet Security and Acceleration (ISA) server is prone to an information disclosure vulnerability. Reports indicate that the issue manifests when an ISA server is publishing a Web service that has Basic authentication enabled, but the Web publishing rules that process the request are configured as 'SSL required'.
An attacker that has the ability to intercept network communications between the ISA server and a client may leverage this issue to obtain Web site authentication credentials.
22. Microsoft ISA Server HTTP Request Smuggling Vulnerability
BugTraq ID: 13956
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13956
Summary:
Microsoft Internet Security and Acceleration (ISA) server is reported prone to a HTTP request smuggling attack.
The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header.
A remote attacker may exploit this issue to launch cache poisoning or content-restriction bypass attacks against the affected server.
23. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 13957
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13957
Summary:
Multiple unspecified buffer overflow vulnerabilities affect Iron Bars Shell. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
The details currently available regarding these issues are insufficient to provide an accurate technical description. It can be speculated that these issues may be leveraged by an attacker to gain escalated privileges on a local machine.
An attacker may leverage these issues to execute instructions with the privileges of the affected application.
24. Sun Java Runtime Environment Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13958
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13958
Summary:
Sun Java Runtime Environment is susceptible to an unspecified privilege escalation vulnerability.
This vulnerability allows remote, untrusted Java applications to gain elevated privileges. This allows them to read or write local files, or to execute arbitrary local applications. These actions are normally forbidden for untrusted applications running in the Java virtual machine.
Further details are not available at this time. This BID will be updated as further information is disclosed.
25. Finjan SurfinGate ASCII File Extension File Filter Circumvention Vulnerability
BugTraq ID: 13959
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13959
Summary:
SurfinGate may allow an attacker to circumvent file filters.
It has been reported that an attacker may bypass SurfinGate file filtering rules by using ASCII encoding in the file name.
SurfinGate version 7.0 SP2 and 7.0 SP3 are reportedly vulnerable. Other versions may be affected as well.
26. Annuaire 1Two Commentaires.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 13960
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13960
Summary:
Annuaire 1Two is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
27. Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13961
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13961
Summary:
Annuaire 1Two is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
28. Adobe Acrobat/Adobe Reader File Existence Disclosure Vulnerability
BugTraq ID: 13962
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13962
Summary:
Adobe Acrobat and Adobe Reader may allow remote attackers to determine the existence of files on a vulnerable computer.
Information gathered through the exploitation of this vulnerability may aid in other attacks.
29. McGallery Lang Argument File Disclosure Vulnerability
BugTraq ID: 13963
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13963
Summary:
McGallery is prone to a file disclosure vulnerability.
This could let remote attackers access files on the computer in the context of the Web server process.
30. ViRobot Linux Server Remote Buffer Overflow Vulnerability
BugTraq ID: 13964
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13964
Summary:
ViRobot Linux Server is prone to a remote buffer overflow vulnerability affecting the Web based management interface. This issue presents itself because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers.
An attacker can unauthorized access to a vulnerable computer by supplying malformed values through cookies. This issue can lead to a complete compromise.
ViRobot Linux Server 2.0 is vulnerable to this issue. Other versions may be affected as well.
31. Bitrix Site Manager Remote File Include Vulnerability
BugTraq ID: 13965
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13965
Summary:
Bitrix Site Manager is prone to a remote file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Bitrix Site Manager 4.0.5 and prior versions are considered to be vulnerable at the moment.
32. Mambo Open Source Com_Contents SQL Injection Vulnerability
BugTraq ID: 13966
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13966
Summary:
Mambo 'com_contents' component is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
As a result of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
33. PAFileDB Multiple Input Validation Vulnerabilities
BugTraq ID: 13967
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13967
Summary:
paFileDB is prone to multiple input validation vulnerabilities. The following issues are reported:
Multiple SQL injection issues exist in paFileDB.
The impact of these issues will vary depending on features supported by the database implementation but may be limited due to the nature of affected queries.
Multiple cross-site scripting issues are also reported when passing user-supplied arguments to the 'sortby', 'filelist', and 'pages' parameters of the 'pafiledb.php' script.
Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.
Finally, paFileDB is prone to a file disclosure vulnerability. The 'action' parameter of the 'pafiledb.php' script is affected by the vulnerability.
34. Sun LPAdmin Unspecified Arbitrary Local File Overwrite Vulnerability
BugTraq ID: 13968
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13968
Summary:
Sun lpadmin is susceptible to an unspecified arbitrary local file overwrite vulnerability.
This vulnerability allows local, unprivileged attackers to overwrite arbitrary files. This likely allows users to crash services, or possibly the whole computer, denying service to legitimate users. It is conjectured that it may also be possible to utilize this vulnerability to gain administrative privileges.
No further details were provided. This BID will be updated as new information is disclosed.
35. Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability
BugTraq ID: 13969
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13969
Summary:
Opera Web Browser is affected by a cross-site scripting vulnerability that can be leveraged to disclose local files as well.
Attackers may steal cookie-based authentication credentials, disclose local files in the context of the browser and carry out other attacks.
Opera Web Browser version 8.0 is prone to this issue.
36. Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability
BugTraq ID: 13970
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13970
Summary:
Opera Web Browser is prone to an issue that allows a violation of the cross-domain security model.
This issue arises due to an access validation error affecting the 'XMLHttpRequest' object.
Successful exploitation may result in cookie theft, content manipulation, information disclosure or other attacks.
Opera Web Browser version 8.0 is prone to this issue.
37. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13971
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13971
Summary:
Ultimate PHP Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
38. ATutor Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13972
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13972
Summary:
ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
39. SquirrelMail Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 13973
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13973
Summary:
SquirrelMail is affected by multiple unspecified cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
40. e107 Website System Multiple Input Validation and Information Disclosure Vulnerabilities
BugTraq ID: 13974
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13974
Summary:
e107 Website System is prone to multiple input validation and information disclosure vulnerabilities.
The application has an information disclosure vulnerability regarding valid usernames.
The application is also vulnerable to several cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Some of the cross-site scripting issues are the same as described in BID 10436, which were believed to be addressed in previous versions of the application. Further information has reported that the application is still affected.
41. Ultimate PHP Board Weak Password Encryption Vulnerability
BugTraq ID: 13975
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13975
Summary:
Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme.
This issue may allow a malicious user to gain access to user and administrator passwords for the affected application.
42. Cool Cafe Chat LOGIN.ASP SQL Injection Vulnerability
BugTraq ID: 13976
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13976
Summary:
Cool Cafe Chat is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Cool Cafe Chat 1.2.1 is reportedly vulnerable.
43. OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
BugTraq ID: 13977
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13977
Summary:
A local denial of service vulnerability affects OpenBSD.
The vendor reports that a local user may invoke 'getsockopt()' on an existing socket to trigger this vulnerability.
A local attacker may exploit this issue to trigger a kernel panic and deny service for legitimate users.
44. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
BugTraq ID: 13978
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle overly long email headers.
Further details regarding this vulnerability are currently not available. This BID will be updated as more information is disclosed.
An attacker may cause SpamAssassin to take inordinate amounts of time to check a specially crafted email message. By sending many malicious messages, it may be possible for attackers to cause extremely large delays in email delivery, denying service to legitimate users.
45. osCommerce Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 13979
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13979
Summary:
osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit any of these vulnerabilities to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
46. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
BugTraq ID: 13980
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13980
Summary:
SuSE Linux is affected by an unspecified vulnerability related to S/MIME signing using gpg2. The cause and impact of this issue is currently unknown.
Due to a lack of details, it cannot be confirmed whether this issue poses a security threat or results in an adverse affect on the functionality of the application. It is conjectured that this issue is remote in nature.
SUSE Linux 9.3 is affected by this issue.
47. Yaws Remote Source Code Disclosure Vulnerability
BugTraq ID: 13981
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13981
Summary:
A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code.
Information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system.
Yaws 1.55 and prior versions are affected.
48. XAMMP Lang.PHP HTML Injection Vulnerability
BugTraq ID: 13982
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13982
Summary:
XAMMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect the Linux distribution of XAMMP.
49. XAMMP Lang.PHP Directory Traversal Vulnerability
BugTraq ID: 13983
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13983
Summary:
XAMMP is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A remote unauthorized user can disclose the contents of arbitrary local PHP scripts through the use of directory traversal strings '../'. Exploitation of this vulnerability could lead to a loss of confidentiality.
This issue is reported to affect the Linux distribution of XAMMP.
50. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerability
BugTraq ID: 13984
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial of service vulnerabilities. The following issues are reported:
The first denial of service vulnerability exists in the discovery logic of Razor-agents.
The second issue exists in the preprocessing code of Razor-agents.
Both issues may be exploited to cause a denial of service for the vulnerable application.
51. JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability
BugTraq ID: 13985
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13985
Summary:
JBoss is prone to a remote information disclosure vulnerability. The issue exists in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data.
Information that is harvested through leveraging of this issue may be used to aid in further attacks that are launched against the affected service.
52. Ajax-Spell HTML Tag Script Injection Vulnerability
BugTraq ID: 13986
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13986
Summary:
ajax-spell is prone to a script injection vulnerability. This could permit an attacker to inject hostile HTML and script code into the session of a user of the Web site hosting the application.
Successful exploitation could let an attacker steal cookie-based authentication credentials or launch other attacks.
53. Contelligent Preview Privilege Escalation Vulnerability
BugTraq ID: 13987
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13987
Summary:
Contelligent is prone to a privilege escalation vulnerability. This issue is exposed by the preview mechanism of the software, allowing an attacker to gain elevated privileges within the application.
This issue was reported in Contelligent 9.0.15. Earlier versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. MasterCard warns of massive credit-card breach
By: Robert Lemos
Data thieves breached the systems of Atlanta, Georgia-based CardSystems Solutions, stealing data on as many as 40 million accounts affecting various credit-card brands, MasterCard says.
http://www.securityfocus.com/news/11219
2. Phishers look to net small fry
By: Robert Lemos
Online fraudsters are targeting the customers of small financial institutions, hoping to take advantage of less knowledgeable and more trusting consumers.
http://www.securityfocus.com/news/11214
3. Stealthy Trojan horses, modular bot software dodging defenses
By: Robert Lemos
Software that turns PCs into remotely controlled zombies is getting better, but defenses are not keeping up.
http://www.securityfocus.com/news/11209
4. Latest Bluetooth attack makes short work of weak passwords
By: Robert Lemos
Devices that use 4-digit PINs for security can be compromised in less than a second, but longer passwords are proof against the attack, researchers say.
http://www.securityfocus.com/news/11202
5. Microsoft sues German spammer
By: John Oates
Microsoft is taking legal action against an alleged spammer now resident in Germany.
http://www.securityfocus.com/news/11220
6. Adware makers exploit BitTorrent
By: John Leyden
A row has broken out after a marketing firm was caught hiding adware in files distributed on the BitTorrent file sharing network.
http://www.securityfocus.com/news/11215
7. UK trojan siege has been running over a year
By: Peter Warren
One of the UK's most secretive security organisations is hunting down a gang of high tech criminals in the Far East that has been attacking the computer systems of Government departments and multi-national companies to steal secrets.
http://www.securityfocus.com/news/11216
8. Ssshhh! Opera slips out security update
By: John Leyden
Opera users are urged to update their browser software following the discovery of a security flaw that creates a means for hackers to read local files using a form of cross-site scripting attack.
http://www.securityfocus.com/news/11217
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/402496
21. [SJ-JOB] Security Engineer, Santa Barbara
http://www.securityfocus.com/archive/77/402492
22. [SJ-JOB] Application Security Engineer, Foster City
http://www.securityfocus.com/archive/77/402490
23. [SJ-JOB] Channel / Business Development, TBD
http://www.securityfocus.com/archive/77/402494
V. INCIDENTS LIST SUMMARY
---------------------------
1. FTimes 3.5.0 Released
http://www.securityfocus.com/archive/75/402592
2. Digital forensics of the physical memory
http://www.securityfocus.com/archive/75/402311
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. exploiting/debuggin SetUnhandledException filter
http://www.securityfocus.com/archive/82/402718
2. Black Hat Briefings Announcements
http://www.securityfocus.com/archive/82/402564
3. the possibility of jumping back to code in an exploited program
http://www.securityfocus.com/archive/82/402347
4. Exploit development in Per
http://www.securityfocus.com/archive/82/402136
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Imaging question for MS OS.
http://www.securityfocus.com/archive/88/402892
2. Disclaimer on Active/active clustered exchange servers
http://www.securityfocus.com/archive/88/402785
4. IE in Kiosk mode
http://www.securityfocus.com/archive/88/402477
5. Windows Server 2K Lockdown Baseline
http://www.securityfocus.com/archive/88/402321
6. SecurityFocus Microsoft Newsletter #244
http://www.securityfocus.com/archive/88/402299
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 29 hands-on training courses and 10 conference tracks, networking opportunities with over 2,000 delegates from 30+ nations.
----------------------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 29 hands-on training courses and 10 conference tracks, networking opportunities with over 2,000 delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621
------------------------------------------------------------------
I. FRONT AND CENTER
1. Interview with Marcus Ranum
2. Your fingerprints are everywhere
3. Software Firewalls: Made of Straw? Part 2 of 2
II. BUGTRAQ SUMMARY
1. Pico Server File Access Vulnerability
2. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
3. JamMail Jammail.pl Remote Arbitrary Command Execution Vulnerability
4. Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
5. FusionBB Multiple Input Validation Vulnerabilities
6. Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability
7. Microsoft Internet Explorer PNG Image Rendering Buffer Overflow Vulnerability
8. Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability
9. Microsoft Internet Explorer XML Redirect Information Disclosure Vulnerability
10. Microsoft Step-By-Step Interactive Training Bookmark Link Buffer Overflow Vulnerability
11. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
12. Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability
13. Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service Vulnerability
14. Microsoft Agent Trusted Content Spoofing Vulnerability
15. MAST RunAs Professional Local Privilege Escalation Vulnerability
16. Microsoft Windows Web Client Service Remote Code Execution Vulnerability
17. Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
18. Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
19. Microsoft Windows HTML Help Remote Code Execution Vulnerability
20. Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability
21. Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure Vulnerability
22. Microsoft ISA Server HTTP Request Smuggling Vulnerability
23. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
24. Sun Java Runtime Environment Unspecified Privilege Escalation Vulnerability
25. Finjan SurfinGate ASCII File Extension File Filter Circumvention Vulnerability
26. Annuaire 1Two Commentaires.PHP Multiple HTML Injection Vulnerabilities
27. Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
28. Adobe Acrobat/Adobe Reader File Existence Disclosure Vulnerability
29. McGallery Lang Argument File Disclosure Vulnerability
30. ViRobot Linux Server Remote Buffer Overflow Vulnerability
31. Bitrix Site Manager Remote File Include Vulnerability
32. Mambo Open Source Com_Contents SQL Injection Vulnerability
33. PAFileDB Multiple Input Validation Vulnerabilities
34. Sun LPAdmin Unspecified Arbitrary Local File Overwrite Vulnerability
35. Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability
36. Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability
37. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
38. ATutor Multiple Cross-Site Scripting Vulnerabilities
39. SquirrelMail Multiple Unspecified Cross-Site Scripting Vulnerabilities
40. e107 Website System Multiple Input Validation and Information Disclosure Vulnerabilities
41. Ultimate PHP Board Weak Password Encryption Vulnerability
42. Cool Cafe Chat LOGIN.ASP SQL Injection Vulnerability
43. OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
44. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
45. osCommerce Multiple HTTP Response Splitting Vulnerabilities
46. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
47. Yaws Remote Source Code Disclosure Vulnerability
48. XAMMP Lang.PHP HTML Injection Vulnerability
49. XAMMP Lang.PHP Directory Traversal Vulnerability
50. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerability
51. JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability
52. Ajax-Spell HTML Tag Script Injection Vulnerability
53. Contelligent Preview Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. MasterCard warns of massive credit-card breach
2. Phishers look to net small fry
3. Stealthy Trojan horses, modular bot software dodging defenses
4. Latest Bluetooth attack makes short work of weak passwords
5. Microsoft sues German spammer
6. Adware makers exploit BitTorrent
7. UK trojan siege has been running over a year
8. Ssshhh! Opera slips out security update
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Engineer, Dallas
2. [SJ-JOB] Sr. Security Analyst, PALO ALTO
3. [SJ-JOB] Security Engineer, New York
4. [SJ-JOB] Auditor, Miami
5. [SJ-JOB] Sales Engineer, Boston
6. [SJ-JOB] Security Consultant, New York
7. [SJ-JOB] Security Consultant, Chicago
8. [SJ-JOB] Information Assurance Engineer, Dulles/Falls Church/Washington D.C.
9. [SJ-JOB] Technology Risk Consultant, Portsmouth
10. [SJ-JOB] Security Auditor, McLean
11. [SJ-JOB] Application Security Engineer, West Coast
12. [SJ-JOB] Sales Engineer, NYC, and Los Angeles
13. [SJ-JOB] Sr. Security Engineer, Dallas
14. [SJ-JOB] Information Assurance Analyst, Arlington
15. [SJ-JOB] Sales Engineer, Dallas
16. [SJ-JOB] Information Assurance Engineer, DC
17. [SJ-JOB] Technical Writer, DC
18. [SJ-JOB] Developer, Boulder
19. [SJ-JOB] Security Architect, Ft Lauderdale
20. [SJ-JOB] Developer, Boulder
21. [SJ-JOB] Security Engineer, Santa Barbara
22. [SJ-JOB] Application Security Engineer, Foster City
23. [SJ-JOB] Channel / Business Development, TBD
V. INCIDENTS LIST SUMMARY
1. FTimes 3.5.0 Released
2. Digital forensics of the physical memory
VI. VULN-DEV RESEARCH LIST SUMMARY
1. exploiting/debuggin SetUnhandledException filter
2. Black Hat Briefings Announcements
3. the possibility of jumping back to code in an exploited program
4. Exploit development in Per
VII. MICROSOFT FOCUS LIST SUMMARY
1. Imaging question for MS OS.
2. Disclaimer on Active/active clustered exchange servers
3. WSUS/Reboot
4. IE in Kiosk mode
5. Windows Server 2K Lockdown Baseline
6. SecurityFocus Microsoft Newsletter #244
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Interview with Marcus Ranum
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/334
2. Your fingerprints are everywhere
By Scott Granneman
How much do you trust your government? That's a question that all of us have to ask, perhaps the more often the better.
http://www.securityfocus.com/columnists/333
3. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be circumvented by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840
II. BUGTRAQ SUMMARY
--------------------
1. Pico Server File Access Vulnerability
BugTraq ID: 13935
Remote: Yes
Date Published: 2005-06-11
Relevant URL: http://www.securityfocus.com/bid/13935
Summary:
Pico Server is a small web server written in C.
A vulnerability in Pico Server may allow for remote attackers to view file contents or execute programs outside of the web root directory. The vulnerability appears to be due to a design failure in a feature meant to prevent unauthorized access outside of the web root.
The vulnerability can be exploited to obtain the contents of files outside of the web root directory. It may also be exploited to run commands via the "/cgi-bin/" virtual directory.
2. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
BugTraq ID: 13936
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13936
Summary:
Sysreport is susceptible to an information disclosure vulnerability. This issue is due to a failure of the application to ensure that sensitive information is not included in its generated reports.
This vulnerability may result in sending unencrypted proxy authentication usernames and passwords to potentially malicious people. This may aid them in further attacks.
3. JamMail Jammail.pl Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 13937
Remote: Yes
Date Published: 2005-06-12
Relevant URL: http://www.securityfocus.com/bid/13937
Summary:
JamMail is prone to a remote arbitrary command execution vulnerability.
This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script.
This can lead to various attacks including unauthorized access to an affected computer.
JamMail 1.8 is affected by this issue.
4. Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13938
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13938
Summary:
Singapore image gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
5. FusionBB Multiple Input Validation Vulnerabilities
BugTraq ID: 13939
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13939
Summary:
FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input.
The following specific vulnerabilities were identified:
The application is affected by a local file include vulnerability. The attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
FusionBB is prone to multiple SQL injection vulnerabilities as well. These vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability
BugTraq ID: 13940
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13940
Summary:
Telnet clients provided by multiple vendors are susceptible to a remote information disclosure vulnerability.
Any information stored in the environment of clients utilizing the affected telnet application is available for attackers to retrieve. The contents of the environment variables may be sensitive in nature, allowing attackers to gain information that may aid them in further system compromise.
7. Microsoft Internet Explorer PNG Image Rendering Buffer Overflow Vulnerability
BugTraq ID: 13941
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13941
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability. This issue exists in the PNG image rendering library used by the browser.
Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.
This issue is present in the PNG image rendering library, so it is possible that other applications that use the library are affected. This is not confirmed and Symantec is not aware of any such applications.
8. Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability
BugTraq ID: 13942
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13942
Summary:
Microsoft SMB is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the kernel containing the vulnerable code. Microsoft has stated that other attack vectors may exist, in the form of passing malicious parameters to the affected component, either locally or remotely.
Failed exploit attempts will likely crash the affected computer, denying service to legitimate users.
9. Microsoft Internet Explorer XML Redirect Information Disclosure Vulnerability
BugTraq ID: 13943
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13943
Summary:
Microsoft Internet Explorer is prone to an information disclosure vulnerability. Specifically, it may be possible for remote users to read XML data from an affected computer via a malicious Web page.
This issue is a variant of BID 5560. This variant was not addressed with the release of MS02-047. Microsoft has released a new security bulletin to provide fixes for this variant. Microsoft has stated that Windows Server 2003 with the Enhanced Security Configuration enabled is not affected.
10. Microsoft Step-By-Step Interactive Training Bookmark Link Buffer Overflow Vulnerability
BugTraq ID: 13944
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13944
Summary:
Microsoft Step-By-Step Interactive Training is prone to a buffer overflow vulnerability. This is due to a boundary condition error related to validation of data in bookmark link files. As bookmark link files may originate from an external source, this issue may be remotely exploitable.
Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.
A number of third-party providers may supply the Step-by-Step Interactive training program as a part of their products. There is not a conclusive list of products that may have installed this software.
11. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13945
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13945
Summary:
Sun Java Web Start is susceptible to an unspecified privilege escalation vulnerability.
This vulnerability allows remote, untrusted Java applications to gain elevated privileges. This allows them to read or write local files, or to execute arbitrary local applications. These actions are normally forbidden for untrusted applications running in the Java virtual machine.
Further details are not available at this time. This BID will be updated as further information is disclosed.
12. Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability
BugTraq ID: 13946
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13946
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability in the DigWebX ActiveX control.
The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the control.
13. Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service Vulnerability
BugTraq ID: 13947
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13947
Summary:
Microsoft Internet Explorer is prone to a denial of service vulnerability when rendering malformed GIF and BMP images. Malformed images for other file formats may also cause a similar condition, though the vendor has not provided any further information.
The vendor has not released any further information about this issue other than to state that it is addressed by the Cumulative Security Update For Internet Explorer.
14. Microsoft Agent Trusted Content Spoofing Vulnerability
BugTraq ID: 13948
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13948
Summary:
Microsoft Agent is prone to a vulnerability that could allow a malicious Web site to spoof trusted content. This could result in a user downloading and executing malicious files thinking they are safe.
15. MAST RunAs Professional Local Privilege Escalation Vulnerability
BugTraq ID: 13949
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13949
Summary:
RunAs Professional (RunAsP.exe) is affected by a local privilege escalation vulnerability.
This issue presents itself because the affected application fails to verify the executable prior to running it with higher privileges.
RunAs Professional 3.5.1 is affected by this vulnerability. Other versions may be prone to this issue as well.
16. Microsoft Windows Web Client Service Remote Code Execution Vulnerability
BugTraq ID: 13950
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13950
Summary:
Microsoft Windows Web Client Service is affected by a remote code execution vulnerability. This is due to a buffer overflow in the affected component.
A remote authenticated attacker can exploit this issue by sending a malformed message to the Web Client Service. This can lead to arbitrary code execution resulting in privilege escalation.
An attacker may also exploit this issue through another application that passes data to the vulnerable component.
Web Client Service is disabled on Windows Server 2003 by default.
17. Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
BugTraq ID: 13951
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13951
Summary:
Microsoft Outlook Express is prone to a buffer overflow when parsing NNTP responses. Successful exploitation could allow arbitrary code execution in the context of the user running the application.
18. Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
BugTraq ID: 13952
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13952
Summary:
Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in the context of the affected user.
This issue is reported to affect Outlook Web Access for Exchange Server 5.5.
19. Microsoft Windows HTML Help Remote Code Execution Vulnerability
BugTraq ID: 13953
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13953
Summary:
Microsoft Windows HTML Help is affected by a remote code execution vulnerability.
The vulnerability presents itself when the application handles malformed data through the InfoTech protocol (ms-its, its, mk:@msitstore).
An attacker may exploit this issue from a malicious Web page or through HTML email to execute arbitrary code with the privileges of the currently logged in user.
This vulnerability affects any application that utilizes the Windows Help component of Internet Explorer.
20. Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability
BugTraq ID: 13954
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13954
Summary:
Microsoft Internet Security and Acceleration (ISA) server is prone to a policy bypass vulnerability. Reports indicate that the issue manifests when a Microsoft ISA server is utilizing the 'NetBIOS (all)' predefined filter.
A remote attacker may leverage this vulnerability to successfully make NetBIOS connections to NetBIOS based services that exist on a target ISA server.
21. Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure Vulnerability
BugTraq ID: 13955
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13955
Summary:
Microsoft Internet Security and Acceleration (ISA) server is prone to an information disclosure vulnerability. Reports indicate that the issue manifests when an ISA server is publishing a Web service that has Basic authentication enabled, but the Web publishing rules that process the request are configured as 'SSL required'.
An attacker that has the ability to intercept network communications between the ISA server and a client may leverage this issue to obtain Web site authentication credentials.
22. Microsoft ISA Server HTTP Request Smuggling Vulnerability
BugTraq ID: 13956
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13956
Summary:
Microsoft Internet Security and Acceleration (ISA) server is reported prone to a HTTP request smuggling attack.
The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header.
A remote attacker may exploit this issue to launch cache poisoning or content-restriction bypass attacks against the affected server.
23. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 13957
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13957
Summary:
Multiple unspecified buffer overflow vulnerabilities affect Iron Bars Shell. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
The details currently available regarding these issues are insufficient to provide an accurate technical description. It can be speculated that these issues may be leveraged by an attacker to gain escalated privileges on a local machine.
An attacker may leverage these issues to execute instructions with the privileges of the affected application.
24. Sun Java Runtime Environment Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13958
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13958
Summary:
Sun Java Runtime Environment is susceptible to an unspecified privilege escalation vulnerability.
This vulnerability allows remote, untrusted Java applications to gain elevated privileges. This allows them to read or write local files, or to execute arbitrary local applications. These actions are normally forbidden for untrusted applications running in the Java virtual machine.
Further details are not available at this time. This BID will be updated as further information is disclosed.
25. Finjan SurfinGate ASCII File Extension File Filter Circumvention Vulnerability
BugTraq ID: 13959
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13959
Summary:
SurfinGate may allow an attacker to circumvent file filters.
It has been reported that an attacker may bypass SurfinGate file filtering rules by using ASCII encoding in the file name.
SurfinGate version 7.0 SP2 and 7.0 SP3 are reportedly vulnerable. Other versions may be affected as well.
26. Annuaire 1Two Commentaires.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 13960
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13960
Summary:
Annuaire 1Two is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
27. Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13961
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13961
Summary:
Annuaire 1Two is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
28. Adobe Acrobat/Adobe Reader File Existence Disclosure Vulnerability
BugTraq ID: 13962
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13962
Summary:
Adobe Acrobat and Adobe Reader may allow remote attackers to determine the existence of files on a vulnerable computer.
Information gathered through the exploitation of this vulnerability may aid in other attacks.
29. McGallery Lang Argument File Disclosure Vulnerability
BugTraq ID: 13963
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13963
Summary:
McGallery is prone to a file disclosure vulnerability.
This could let remote attackers access files on the computer in the context of the Web server process.
30. ViRobot Linux Server Remote Buffer Overflow Vulnerability
BugTraq ID: 13964
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13964
Summary:
ViRobot Linux Server is prone to a remote buffer overflow vulnerability affecting the Web based management interface. This issue presents itself because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers.
An attacker can unauthorized access to a vulnerable computer by supplying malformed values through cookies. This issue can lead to a complete compromise.
ViRobot Linux Server 2.0 is vulnerable to this issue. Other versions may be affected as well.
31. Bitrix Site Manager Remote File Include Vulnerability
BugTraq ID: 13965
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13965
Summary:
Bitrix Site Manager is prone to a remote file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Bitrix Site Manager 4.0.5 and prior versions are considered to be vulnerable at the moment.
32. Mambo Open Source Com_Contents SQL Injection Vulnerability
BugTraq ID: 13966
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13966
Summary:
Mambo 'com_contents' component is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
As a result of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
33. PAFileDB Multiple Input Validation Vulnerabilities
BugTraq ID: 13967
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13967
Summary:
paFileDB is prone to multiple input validation vulnerabilities. The following issues are reported:
Multiple SQL injection issues exist in paFileDB.
The impact of these issues will vary depending on features supported by the database implementation but may be limited due to the nature of affected queries.
Multiple cross-site scripting issues are also reported when passing user-supplied arguments to the 'sortby', 'filelist', and 'pages' parameters of the 'pafiledb.php' script.
Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.
Finally, paFileDB is prone to a file disclosure vulnerability. The 'action' parameter of the 'pafiledb.php' script is affected by the vulnerability.
34. Sun LPAdmin Unspecified Arbitrary Local File Overwrite Vulnerability
BugTraq ID: 13968
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13968
Summary:
Sun lpadmin is susceptible to an unspecified arbitrary local file overwrite vulnerability.
This vulnerability allows local, unprivileged attackers to overwrite arbitrary files. This likely allows users to crash services, or possibly the whole computer, denying service to legitimate users. It is conjectured that it may also be possible to utilize this vulnerability to gain administrative privileges.
No further details were provided. This BID will be updated as new information is disclosed.
35. Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability
BugTraq ID: 13969
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13969
Summary:
Opera Web Browser is affected by a cross-site scripting vulnerability that can be leveraged to disclose local files as well.
Attackers may steal cookie-based authentication credentials, disclose local files in the context of the browser and carry out other attacks.
Opera Web Browser version 8.0 is prone to this issue.
36. Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability
BugTraq ID: 13970
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13970
Summary:
Opera Web Browser is prone to an issue that allows a violation of the cross-domain security model.
This issue arises due to an access validation error affecting the 'XMLHttpRequest' object.
Successful exploitation may result in cookie theft, content manipulation, information disclosure or other attacks.
Opera Web Browser version 8.0 is prone to this issue.
37. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13971
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13971
Summary:
Ultimate PHP Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
38. ATutor Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13972
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13972
Summary:
ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
39. SquirrelMail Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 13973
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13973
Summary:
SquirrelMail is affected by multiple unspecified cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
40. e107 Website System Multiple Input Validation and Information Disclosure Vulnerabilities
BugTraq ID: 13974
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13974
Summary:
e107 Website System is prone to multiple input validation and information disclosure vulnerabilities.
The application has an information disclosure vulnerability regarding valid usernames.
The application is also vulnerable to several cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Some of the cross-site scripting issues are the same as described in BID 10436, which were believed to be addressed in previous versions of the application. Further information has reported that the application is still affected.
41. Ultimate PHP Board Weak Password Encryption Vulnerability
BugTraq ID: 13975
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13975
Summary:
Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme.
This issue may allow a malicious user to gain access to user and administrator passwords for the affected application.
42. Cool Cafe Chat LOGIN.ASP SQL Injection Vulnerability
BugTraq ID: 13976
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13976
Summary:
Cool Cafe Chat is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Cool Cafe Chat 1.2.1 is reportedly vulnerable.
43. OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
BugTraq ID: 13977
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13977
Summary:
A local denial of service vulnerability affects OpenBSD.
The vendor reports that a local user may invoke 'getsockopt()' on an existing socket to trigger this vulnerability.
A local attacker may exploit this issue to trigger a kernel panic and deny service for legitimate users.
44. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
BugTraq ID: 13978
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle overly long email headers.
Further details regarding this vulnerability are currently not available. This BID will be updated as more information is disclosed.
An attacker may cause SpamAssassin to take inordinate amounts of time to check a specially crafted email message. By sending many malicious messages, it may be possible for attackers to cause extremely large delays in email delivery, denying service to legitimate users.
45. osCommerce Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 13979
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13979
Summary:
osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit any of these vulnerabilities to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
46. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
BugTraq ID: 13980
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13980
Summary:
SuSE Linux is affected by an unspecified vulnerability related to S/MIME signing using gpg2. The cause and impact of this issue is currently unknown.
Due to a lack of details, it cannot be confirmed whether this issue poses a security threat or results in an adverse affect on the functionality of the application. It is conjectured that this issue is remote in nature.
SUSE Linux 9.3 is affected by this issue.
47. Yaws Remote Source Code Disclosure Vulnerability
BugTraq ID: 13981
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13981
Summary:
A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code.
Information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system.
Yaws 1.55 and prior versions are affected.
48. XAMMP Lang.PHP HTML Injection Vulnerability
BugTraq ID: 13982
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13982
Summary:
XAMMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect the Linux distribution of XAMMP.
49. XAMMP Lang.PHP Directory Traversal Vulnerability
BugTraq ID: 13983
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13983
Summary:
XAMMP is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A remote unauthorized user can disclose the contents of arbitrary local PHP scripts through the use of directory traversal strings '../'. Exploitation of this vulnerability could lead to a loss of confidentiality.
This issue is reported to affect the Linux distribution of XAMMP.
50. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerability
BugTraq ID: 13984
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial of service vulnerabilities. The following issues are reported:
The first denial of service vulnerability exists in the discovery logic of Razor-agents.
The second issue exists in the preprocessing code of Razor-agents.
Both issues may be exploited to cause a denial of service for the vulnerable application.
51. JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability
BugTraq ID: 13985
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13985
Summary:
JBoss is prone to a remote information disclosure vulnerability. The issue exists in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data.
Information that is harvested through leveraging of this issue may be used to aid in further attacks that are launched against the affected service.
52. Ajax-Spell HTML Tag Script Injection Vulnerability
BugTraq ID: 13986
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13986
Summary:
ajax-spell is prone to a script injection vulnerability. This could permit an attacker to inject hostile HTML and script code into the session of a user of the Web site hosting the application.
Successful exploitation could let an attacker steal cookie-based authentication credentials or launch other attacks.
53. Contelligent Preview Privilege Escalation Vulnerability
BugTraq ID: 13987
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13987
Summary:
Contelligent is prone to a privilege escalation vulnerability. This issue is exposed by the preview mechanism of the software, allowing an attacker to gain elevated privileges within the application.
This issue was reported in Contelligent 9.0.15. Earlier versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. MasterCard warns of massive credit-card breach
By: Robert Lemos
Data thieves breached the systems of Atlanta, Georgia-based CardSystems Solutions, stealing data on as many as 40 million accounts affecting various credit-card brands, MasterCard says.
http://www.securityfocus.com/news/11219
2. Phishers look to net small fry
By: Robert Lemos
Online fraudsters are targeting the customers of small financial institutions, hoping to take advantage of less knowledgeable and more trusting consumers.
http://www.securityfocus.com/news/11214
3. Stealthy Trojan horses, modular bot software dodging defenses
By: Robert Lemos
Software that turns PCs into remotely controlled zombies is getting better, but defenses are not keeping up.
http://www.securityfocus.com/news/11209
4. Latest Bluetooth attack makes short work of weak passwords
By: Robert Lemos
Devices that use 4-digit PINs for security can be compromised in less than a second, but longer passwords are proof against the attack, researchers say.
http://www.securityfocus.com/news/11202
5. Microsoft sues German spammer
By: John Oates
Microsoft is taking legal action against an alleged spammer now resident in Germany.
http://www.securityfocus.com/news/11220
6. Adware makers exploit BitTorrent
By: John Leyden
A row has broken out after a marketing firm was caught hiding adware in files distributed on the BitTorrent file sharing network.
http://www.securityfocus.com/news/11215
7. UK trojan siege has been running over a year
By: Peter Warren
One of the UK's most secretive security organisations is hunting down a gang of high tech criminals in the Far East that has been attacking the computer systems of Government departments and multi-national companies to steal secrets.
http://www.securityfocus.com/news/11216
8. Ssshhh! Opera slips out security update
By: John Leyden
Opera users are urged to update their browser software following the discovery of a security flaw that creates a means for hackers to read local files using a form of cross-site scripting attack.
http://www.securityfocus.com/news/11217
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/402496
2. [SJ-JOB] Sr. Security Analyst, PALO ALTO
http://www.securityfocus.com/archive/77/402497
3. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/402498
4. [SJ-JOB] Auditor, Miami
http://www.securityfocus.com/archive/77/402509
5. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/402499
6. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/402500
7. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/402508
8. [SJ-JOB] Information Assurance Engineer, Dulles/Falls Church/Washington D.C.
http://www.securityfocus.com/archive/77/402507
9. [SJ-JOB] Technology Risk Consultant, Portsmouth
http://www.securityfocus.com/archive/77/402505
10. [SJ-JOB] Security Auditor, McLean
http://www.securityfocus.com/archive/77/402502
11. [SJ-JOB] Application Security Engineer, West Coast
http://www.securityfocus.com/archive/77/402503
12. [SJ-JOB] Sales Engineer, NYC, and Los Angeles
http://www.securityfocus.com/archive/77/402510
13. [SJ-JOB] Sr. Security Engineer, Dallas
http://www.securityfocus.com/archive/77/402501
14. [SJ-JOB] Information Assurance Analyst, Arlington
http://www.securityfocus.com/archive/77/402504
15. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/402486
16. [SJ-JOB] Information Assurance Engineer, DC
http://www.securityfocus.com/archive/77/402489
17. [SJ-JOB] Technical Writer, DC
http://www.securityfocus.com/archive/77/402493
18. [SJ-JOB] Developer, Boulder
http://www.securityfocus.com/archive/77/402488
19. [SJ-JOB] Security Architect, Ft Lauderdale
http://www.securityfocus.com/archive/77/402491
20. [SJ-JOB] Developer, Boulder
http://www.securityfocus.com/archive/77/402487
21. [SJ-JOB] Security Engineer, Santa Barbara
http://www.securityfocus.com/archive/77/402492
22. [SJ-JOB] Application Security Engineer, Foster City
http://www.securityfocus.com/archive/77/402490
23. [SJ-JOB] Channel / Business Development, TBD
http://www.securityfocus.com/archive/77/402494
V. INCIDENTS LIST SUMMARY
---------------------------
1. FTimes 3.5.0 Released
http://www.securityfocus.com/archive/75/402592
2. Digital forensics of the physical memory
http://www.securityfocus.com/archive/75/402311
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. exploiting/debuggin SetUnhandledException filter
http://www.securityfocus.com/archive/82/402718
2. Black Hat Briefings Announcements
http://www.securityfocus.com/archive/82/402564
3. the possibility of jumping back to code in an exploited program
http://www.securityfocus.com/archive/82/402347
4. Exploit development in Per
http://www.securityfocus.com/archive/82/402136
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Imaging question for MS OS.
http://www.securityfocus.com/archive/88/402892
2. Disclaimer on Active/active clustered exchange servers
http://www.securityfocus.com/archive/88/402785
3. WSUS/Reboot
http://www.securityfocus.com/archive/88/402572
4. IE in Kiosk mode
http://www.securityfocus.com/archive/88/402477
5. Windows Server 2K Lockdown Baseline
http://www.securityfocus.com/archive/88/402321
6. SecurityFocus Microsoft Newsletter #244
http://www.securityfocus.com/archive/88/402299
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 29 hands-on training courses and 10 conference tracks, networking opportunities with over 2,000 delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621
[ reply ]