Zotob got you down?
Attend the The Detroit IT Security Summit
This premier Midwest security event is all about "Security That Works"
Register online at:
------------------------------------------------------------------
I. FRONT AND CENTER
1. The great firewall of China
II. BUGTRAQ SUMMARY
1. Elm Expires Header Remote Buffer Overflow Vulnerability
2. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability
3. Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
4. Land Down Under Multiple SQL Injection Vulnerabilities
5. Land Down Under Multiple Cross-Site Scripting Vulnerabilities
6. PCRE Regular Expression Heap Overflow Vulnerability
7. Computer Associates Message Queuing Denial Of Service Vulnerability
8. Computer Associates Message Queuing Buffer Overflow Vulnerability
9. Computer Associates Message Queuing CAFT Spoofing Vulnerability
10. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
11. Coppermine Displayimage.PHP Script Injection Vulnerability
12. NEPHP Browse.PHP Cross Site Scripting Vulnerability
13. DTLink Software AreaEdit SpellChecker Plugin Arbitrary Command Execution Vulnerability
14. Cisco IDS Management Software SSL Certificate Validation Vulnerability
15. PHPKit Multiple SQL Injection Vulnerabilities
16. RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities
17. BEA WebLogic Portal Access Validation Vulnerability
18. Cisco Intrusion Prevention System Local Privilege Escalation Vulnerability
19. RunCMS Arbitrary Variable Overwrite Vulnerability
20. PostNuke Multiple Cross Site Scripting Vulnerabilities
21. PostNuke DL-viewdownload.PHP SQL Injection Vulnerability
22. Netquery Host Parameter Arbitrary Command Execution Vulnerability
23. Adobe Version Cue for Mac OS X Local Privilege Escalation Vulnerabilities
24. SaveWebPortal Unauthorized Access Vulnerability
25. SLocate Local Database Corruption Vulnerability
26. SaveWebPortal Multiple Remote File Include Vulnerabilities
27. SaveWebPortal Multiple Cross Site Scripting Vulnerabilities
28. SaveWebPortal Multiple Directory Traversal Vulnerabilities
29. Ventrilo Status Requests Denial Of Service Vulnerability
30. ZipTorrent Proxy Server Password Disclosure Vulnerability
31. Mercora IMRadio Plaintext Password Disclosure Weakness
32. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow Vulnerability
33. PADL Software PAM_LDAP Authentication Bypass Vulnerability
34. SqWebMail File Attachment Script Injection Vulnerability
35. WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
36. MPlayer Audio Header Buffer Overflow Vulnerability
37. Home Ftp Server Multiple Vulnerabilities
38. PAFileDB Auth.PHP SQL Injection Vulnerability
39. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
40. QNX RTOS InputTrap Local Arbitrary File Disclosure Vulnerability
41. Foojan PHPWeblog Html Injection Vulnerability
42. Tor Cryptographic Handshake Remote Information Disclosure Vulnerability
43. Apache CGI Byterange Request Denial of Service Vulnerability
44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of Service Vulnerability
45. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
46. HP-UX Veritas File System Unauthorized Data Access Vulnerability
47. Quake 2 Lithium II Mod Memory Corruption Vulnerability
48. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
49. Simpleproxy Remote Syslog() Format String Vulnerability
50. Simple PHP Blog Remote Arbitrary File Upload Vulnerability
51. Gallery Script Injection Vulnerability
52. PHPgraphy Script Injection Vulnerability
53. YaPig Script Injection Vulnerability
54. PhotoPost Script Injection Vulnerability
55. Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
56. NTPD Insecure Privileges Vulnerability
III. SECURITYFOCUS NEWS
1. Zotob suspects arrested in Turkey and Morocco
2. Storm brewing over SHA-1 as further breaks are found
3. Plug-and-play bots worming and warring among Windows systems
4. Worm spreading through Microsoft Plug-and-Play flaw
5. Zotob arrests throws open trade in compromised PCs
6. Brazil cuffs 85 in online bank hack dragnet
7. Polyglot IM worm targets MSN
8. The GIMP threatens PIN number security
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Auditor, Charlotte
2. [SJ-JOB] Security Consultant, Various
3. [SJ-JOB] Security System Administrator, Seattle
4. [SJ-JOB] Security Engineer, Santa Clara
5. [SJ-JOB] Security Engineer, Bayarea
6. [SJ-JOB] Database Security Engineer, Santa Clara
7. [SJ-JOB] Information Assurance Engineer, Seattle
8. [SJ-JOB] Information Assurance Analyst, Seattle
9. [SJ-JOB] Sr. Security Engineer, New York
10. [SJ-JOB] Security Consultant, UK-wide
11. [SJ-JOB] Sr. Security Analyst, beijing
12. [SJ-JOB] Security Engineer, Berkshire
13. [SJ-JOB] Disaster Recovery Coordinator, Washington
14. [SJ-JOB] Sales Engineer, Washington
15. [SJ-JOB] Sales Representative, Atlanta
16. [SJ-JOB] Information Assurance Analyst, Arlington
17. [SJ-JOB] Security Consultant, Munich or Frankfurt
18. [SJ-JOB] Sales Engineer, New York
19. [SJ-JOB] Channel / Business Development, New York
20. [SJ-JOB] Channel / Business Development, Dallas/Austin
21. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
22. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
23. [SJ-JOB] Application Security Architect, Amsterdam
24. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
25. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
26. [SJ-JOB] Management, Cincinnatti
27. [SJ-JOB] Sales Representative, TBA
28. [SJ-JOB] Security Architect, Sunnyvale
29. [SJ-JOB] Sales Representative, St. Louis or Kansas City, MO.
30. [SJ-JOB] Manager, Information Security, Wales
31. [SJ-JOB] Forensics Engineer, London
32. [SJ-JOB] Sr. Security Analyst, Parsippany
33. [SJ-JOB] Sr. Security Analyst, central
34. [SJ-JOB] VP / Dir / Mgr engineering, Pune
35. [SJ-JOB] Quality Assurance, Cupertino
36. [SJ-JOB] Technical Marketing Engineer, Cupertino
37. [SJ-JOB] Security System Administrator, Appleton
V. INCIDENTS LIST SUMMARY
1. strange icmp echo request
2. SSH compiled with backdoor
3. Looking for Analysts in the Calgary, Alberta Canada - UI design workshop
4. cuebot-d infection method
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Xcon2005 papers released
2. 22nd Chaos Communication Congress 2005: Call for Papers
3. Windows Multi-Languages OPcodes DB
4. rm fileutils Segmentation fault
5. osx bugs in realplayer, grapher, and garage band
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #253
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. POC /dev/input/event* keylogger
2. Re[2]: Linux hardening
3. Xvfb Question
4. Linux hardening
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. The great firewall of China
By Scott Granneman
When a barrage of attacks and hacking attempts come from IP addresses traced back to China, and you don't do any business in China, do you block their entire IP address range and call it a day?
http://www.securityfocus.com/columnists/350
II. BUGTRAQ SUMMARY
--------------------
1. Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an attacker to execute malicious code. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can result in overflowing a finite sized buffer and may ultimately lead to arbitrary code execution in the context of the affected application.
2. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability
BugTraq ID: 14616
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14616
Summary:
Process Explorer is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can result in the overflowing of a finite sized buffer and may ultimately lead to the execution of arbitrary code in the context of the affected application.
3. Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
BugTraq ID: 14617
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14617
Summary:
Woltlab Burning Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
It should be noted an attacker must have moderator credentials to access the vulnerable script.
4. Land Down Under Multiple SQL Injection Vulnerabilities
BugTraq ID: 14618
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14618
Summary:
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
5. Land Down Under Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14619
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14619
Summary:
Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
6. PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied input prior to copying data to an internal memory buffer.
The impact of successful exploitation of this vulnerability depends on the application and the user credentials utilizing the vulnerable library. Successful attack may ultimately permit an attacker to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.
7. Computer Associates Message Queuing Denial Of Service Vulnerability
BugTraq ID: 14621
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14621
Summary:
Computer Associates Message Queuing (CAM) is prone to a remote denial of service vulnerability.
A remote attacker can exploit this vulnerability to deny service to legitimate users.
It should be noted exploitation of this issue does not cause the affected application to consume system resources. The only known consequence is no further connections to the TCP port can take place.
8. Computer Associates Message Queuing Buffer Overflow Vulnerability
BugTraq ID: 14622
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14622
Summary:
Computer Associates Message Queuing (CAM) is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can cause the process's execution stack to overflow and may ultimately lead to the execution of arbitrary code in the context of the affected application. This may facilitate privilege escalation to SYSTEM level privileges.
9. Computer Associates Message Queuing CAFT Spoofing Vulnerability
BugTraq ID: 14623
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14623
Summary:
CAM is prone to a vulnerability that could permit the spoofing of a CAFT application utilizing the CAM instance. This may ultimately allow the execution of arbitrary commands.
CAFT is a file transfer application that utilizes CAM to send and receive the files. The problem presents itself due to a failure in the CAM service to verify the legitimacy of the CAFT application. An attacker can spoof a legitimate CAFT instance and ultimately execute arbitrary CAM commands with elevated privileges.
10. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
BugTraq ID: 14624
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14624
Summary:
lm_sensors creates temporary files in an insecure manner. The issue exists in the 'pwmconfig' script.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
lm_sensors version 2.9.1 is reportedly affected, however, other versions may be vulnerable as well.
11. Coppermine Displayimage.PHP Script Injection Vulnerability
BugTraq ID: 14625
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14625
Summary:
Coppermine is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
12. NEPHP Browse.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14626
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14626
Summary:
nePHP is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied input.
This vulnerability will allow a malicious user to perform attacks on an unsuspecting user in the context of the site hosting the affected application.
This can lead to the theft of cookie-based authentication credentials, as well as other attacks.
13. DTLink Software AreaEdit SpellChecker Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 14627
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14627
Summary:
AreaEdit is affected by a remote arbitrary command execution vulnerability.
Successful exploitation of this issue results in command execution with the privileges of the Web server process. This can lead to various attacks including unauthorized access to an affected computer.
AreaEdit versions prior to 0.4.3 are affected by this vulnerability.
14. Cisco IDS Management Software SSL Certificate Validation Vulnerability
BugTraq ID: 14628
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14628
Summary:
CiscoWorks Management Center for IDS Sensors, and Cisco Monitoring Center for Security are both susceptible to an SSL certificate validation vulnerability. This issue is due to a failure of the software to properly validate SSL certificates.
Attackers may exploit this vulnerability to spoof SSL certificates, allowing them to impersonate Cisco Intrusion Detection Sensor or Cisco Intrusion Prevention System devices.
By spoofing these connections attackers may gain access to login credentials, aiding them in further attacks. Spoofed connections may also allow for the insertion of false data or the modification or destruction of other valid data contained in the affected management software. This allows attackers to hide the traces of their malicious activity, creating a false sense of security. Other attacks may also be possible.
15. PHPKit Multiple SQL Injection Vulnerabilities
BugTraq ID: 14629
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14629
Summary:
PHPKit is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
16. RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities
BugTraq ID: 14631
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14631
Summary:
RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
17. BEA WebLogic Portal Access Validation Vulnerability
BugTraq ID: 14632
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14632
Summary:
BEA WebLogic Portal is affected by an access validation vulnerability.
An attacker can gain access to restricted content including all pages of the Book by issuing a specially crafted HTTP GET request.
WebLogic Portal 8.1 Service Pack 4 and prior are affected by this vulnerability.
18. Cisco Intrusion Prevention System Local Privilege Escalation Vulnerability
BugTraq ID: 14633
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14633
Summary:
Cisco IPS is susceptible to a local privilege escalation vulnerability. This issue is due to a flaw in the logic of the command line interface (CLI).
Users with VIEWER or OPERATOR privileges may exploit this vulnerability to gain administrative access on affected devices. These privileges are non-privileged accounts designated for monitoring and troubleshooting of IPS devices.
By exploiting this vulnerability, attackers may gain full administrative privileges on affected devices. This allows them to bypass the network security features of the device, aiding them in further attacks. Arbitrary code execution and denial of network services is also possible.
19. RunCMS Arbitrary Variable Overwrite Vulnerability
BugTraq ID: 14634
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14634
Summary:
RunCMS is prone to a vulnerability that permits the overwriting of arbitrary variables.
RunCMS is prone to a vulnerability that permits the overwriting of arbitrary variables.
An attacker can exploit this vulnerability to overwrite arbitrary application global variables. The attacker supplies new values through use of the POST method.
Successful exploitation of this vulnerability can have multiple ramifications depending on the variables overwritten and the scope and permissions of the vulnerable application.
20. PostNuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14635
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14635
Summary:
PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
This can lead to theft of cookie-based authentication credentials, as well as other types of attacks.
21. PostNuke DL-viewdownload.PHP SQL Injection Vulnerability
BugTraq ID: 14636
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14636
Summary:
PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack of sufficient sanitization of user-supplied input.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
22. Netquery Host Parameter Arbitrary Command Execution Vulnerability
BugTraq ID: 14637
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14637
Summary:
Netquery is affected a remote command execution vulnerability.
An attacker can supply arbitrary commands through the 'host' parameter of the 'nquser.php' script. This can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access.
Netquery 3.11 is affected by this vulnerability. It is possible that prior versions are vulnerable as well.
23. Adobe Version Cue for Mac OS X Local Privilege Escalation Vulnerabilities
BugTraq ID: 14638
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14638
Summary:
Adobe Version Cue for Mac OS X is prone to two local privilege escalation vulnerabilities. This issue could allow a local attacker to load arbitrary libraries or overwrite files.
The first issue (CAN-2005-1842) allows a local user to overwrite arbitrary files in the context of the superuser through the VCNative application. This vulnerability permits privilege escalation as files may be overwritten with custom data.
The second issue (CAN-2005-1843) allows a local user to load arbitrary libraries in the context of the superuser through the VCNative application. This will permit privilege escalation.
Adobe Version Cue 1.0 and 1.0.1 are vulnerable to this issue.
24. SaveWebPortal Unauthorized Access Vulnerability
BugTraq ID: 14639
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14639
Summary:
SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access and further attacks on the affected site.
25. SLocate Local Database Corruption Vulnerability
BugTraq ID: 14640
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14640
Summary:
slocate is susceptible to a local database corruption vulnerability. This issue is due to a failure of the application to handle unexpected directory and filename input.
This issue presents itself when the affected utility attempts to index specially crafted directory structures. The utility fails to handle the directory structure, and fails to complete the indexing process.
This vulnerability allows local attackers to cause the premature failure of the index process, resulting in an incomplete database. If the database is used in further security, backup, or other critical functions, incomplete data may result in the failure of services dependent on it.
This issue is reported in version 2.7 of slocate, but other versions may also be affected.
26. SaveWebPortal Multiple Remote File Include Vulnerabilities
BugTraq ID: 14641
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14641
Summary:
SaveWebPortal is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
27. SaveWebPortal Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14642
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14642
Summary:
SaveWebPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
28. SaveWebPortal Multiple Directory Traversal Vulnerabilities
BugTraq ID: 14643
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14643
Summary:
SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Exploitation of this vulnerability could lead to a loss of confidentiality and integrity. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
An attacker can also execute arbitrary local PHP files through exploitation of this vulnerability. The impact of this will depend on the PHP files available.
29. Ventrilo Status Requests Denial Of Service Vulnerability
BugTraq ID: 14644
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14644
Summary:
Ventrilo is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to handle execeptional conditions.
Successful exploitation will terminate the software denying service to legitimate users.
30. ZipTorrent Proxy Server Password Disclosure Vulnerability
BugTraq ID: 14645
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14645
Summary:
ZipTorrent is affected by a vulnerability that may allow local attackers to obtain the proxy server passwords of affected users.
This may lead to various attacks against affected users including the disclosure of sensitive information.
ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be affected as well.
31. Mercora IMRadio Plaintext Password Disclosure Weakness
BugTraq ID: 14646
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14646
Summary:
Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry keys for the application are not encrypted or obfuscated in any way.
A local attacker may monitor the keyboard, CRT and mouse activity of a local administrator and retrieve the usernames and passwords for other users of the affected application.It should be noted that normal user accounts do not have the ability to read these registry keys.
In the event that an attacker gains administrative privileges by some other means, these usernames and passwords could be viewed and recorded to launch further attacks on the affected computer.
32. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 14647
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14647
Summary:
HAURI Anti-Virus is affected by a remote buffer overflow vulnerability when handling ACE archives.
An attacker can exploit this issue by crafting a malicious ACE archive containing a specially crafted file name and sending this archive to a vulnerable computer.
The attacker may exploit this vulnerability to gain unauthorized remote access in the context of the superuser.
33. PADL Software PAM_LDAP Authentication Bypass Vulnerability
BugTraq ID: 14649
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14649
Summary:
PAM_LDAP is prone to an authentication bypass vulnerability when handling new password policy control. This could allow an unauthorized user to bypass authentication.
This vulnerability was reported to affect PAM_LDAP builds 169 through 179.
34. SqWebMail File Attachment Script Injection Vulnerability
BugTraq ID: 14650
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14650
Summary:
SqWebMail is prone to a vulnerability with regards to an email containing file attachments.
Successful exploitation will lead to the execution of malicious script code in the context of the victim's account. The attacker's malicious code will be able to perform the same functions as the victim, for example, sending and viewing email messages; other attacks may also be possible.
35. WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
BugTraq ID: 14651
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14651
Summary:
WebCalendar is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
36. MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
The problem presents itself when the affected application attempts to process audio streams that contain overly large values in their header.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
37. Home Ftp Server Multiple Vulnerabilities
BugTraq ID: 14653
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14653
Summary:
Home Ftp Server is affected by multiple vulnerabilities. These issues can allow local attackers to disclose sensitive information and remote attackers to carry out directory traversal attacks.
Home Ftp Server 1.0.7 b45 is reported to be vulnerable. Other versions may be affected as well.
38. PAFileDB Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14654
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14654
Summary:
paFileDB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Exploitation of this issue may allow for compromise of the software, session hijacking, or attacks against the underlying database. Other attacks are also possible.
39. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
BugTraq ID: 14655
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14655
Summary:
LeapFTP client is prone to a remote buffer overflow vulnerability.
The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq) file.
A remote attacker may gain unauthorized access in the context of the user running the application.
LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.
40. QNX RTOS InputTrap Local Arbitrary File Disclosure Vulnerability
BugTraq ID: 14656
Remote: No
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14656
Summary:
QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions.
This vulnerability allows local malicious users to gain access to the contents of arbitrary files with superuser privileges, aiding them in further attacks.
QNX RTOS versions 6.1 and 6.3 are affected by this issue. Other versions are also likely affected. This issue is similar to the one described in BID 4901.
41. Foojan PHPWeblog Html Injection Vulnerability
BugTraq ID: 14658
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14658
Summary:
Foojan PHPWeblog is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
42. Tor Cryptographic Handshake Remote Information Disclosure Vulnerability
BugTraq ID: 14659
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14659
Summary:
Tor is susceptible to a remote information disclosure vulnerability. This issue is due to a flaw in the implementation of the Diffie-Hellman key exchange protocol.
Specifically, certain values used during the Diffie-Hellman key exchange protocol are insecure, and when used, lead to the ability of attackers to access the negotiated encryption keys.
This vulnerability allows attackers to gain access to the negotiated keys used to encrypt the communications between Tor servers and clients. This allows attackers to read or modify all the traffic that is sent from the targeted user over the Tor network. The anonymity, confidentiality, and integrity guarantees of the network are lost through the exploitation of this issue.
43. Apache CGI Byterange Request Denial of Service Vulnerability
BugTraq ID: 14660
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14660
Summary:
Apache is prone to a denial of service when handling large CGI byterange requests.
44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of Service Vulnerability
BugTraq ID: 14661
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14661
Summary:
A local denial of service vulnerability affects the Linux kernel's ELF header processing functionality on 64 bit x86 platforms.
A successful attack can allow a local attacker to trigger a denial of service condition in the kernel.
This issue may be related to BID 11846 (Linux Kernel 64 Bit ELF Header Local Denial Of Service Vulnerability). Due to a lack of information, this cannot be confirmed at the moment. This BID will be retired if further analysis reveals that the issues are identical.
45. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 14662
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14662
Summary:
HP OpenView Network Node Manager is prone to multiple remote arbitrary command execution vulnerabilities.
These issue arises when the user-specified 'node' URI parameter of various scripts is utilized as a part of a command to be executed with the 'system()' function.
These issues may facilitate unauthorized remote access in the context of the Web server to the affected computer.
These issues affects version 6.41 and 7.5 on the Solaris platform. Unknown versions of the package on Microsoft Windows platforms is also affected. It is likely that other versions and platforms are also affected.
46. HP-UX Veritas File System Unauthorized Data Access Vulnerability
BugTraq ID: 14663
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14663
Summary:
HP-UX is affected by a vulnerability that may allow local unauthorized users to access potentially sensitive data.
This vulnerability presents itself in HP-UX systems running the Veritas File System (VxFS).
A successful attack may disclose sensitive information and aid in other attacks against a vulnerable computer.
47. Quake 2 Lithium II Mod Memory Corruption Vulnerability
BugTraq ID: 14664
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14664
Summary:
Quake 2 Lithium II Mod is affected by a memory corruption vulnerability.
A successful attack may allow the attacker to corrupt process memory and execute arbitrary code resulting in unauthorized remote access.
It is conjectured that this issue may also facilitate format string attacks, however, this has not been confirmed at the moment.
Lithium II version 1.24 is affected by this vulnerability.
48. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
BugTraq ID: 14665
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14665
Summary:
Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer.
This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.
Astaro Security Linux 6.001 is prone to this weakness.
49. Simpleproxy Remote Syslog() Format String Vulnerability
BugTraq ID: 14666
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14666
Summary:
It is reported that simpleproxy contains a format string vulnerability. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function.
Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the affected package. This application may be run as the superuser in order to proxy privileged TCP ports.
Versions of simpleproxy prior to 3.4 are reported susceptible to this vulnerability.
50. Simple PHP Blog Remote Arbitrary File Upload Vulnerability
BugTraq ID: 14667
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14667
Summary:
Simple PHP Blog is prone to a remote arbitrary file upload vulnerability.
This issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the script on the affected server.
Simple PHP Blog 0.4.0 is affected by this issue. Other versions may be vulnerable as well.
51. Gallery Script Injection Vulnerability
BugTraq ID: 14668
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14668
Summary:
Gallery is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
52. PHPgraphy Script Injection Vulnerability
BugTraq ID: 14669
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14669
Summary:
phpGraphy is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
53. YaPig Script Injection Vulnerability
BugTraq ID: 14670
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14670
Summary:
YaPig is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
54. PhotoPost Script Injection Vulnerability
BugTraq ID: 14671
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14671
Summary:
PhotoPost is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
55. Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
BugTraq ID: 14672
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14672
Summary:
Nokia Affix BTSRV is affected by a remote command execution vulnerability.
An attacker can supply arbitrary commands through a device name and have them executed in the context of the service. This can lead to a complete compromise.
56. NTPD Insecure Privileges Vulnerability
BugTraq ID: 14673
Remote: Yes
Date Published: 2005-08-27
Relevant URL: http://www.securityfocus.com/bid/14673
Summary:
ntpd is prone to an insecure privileges vulnerability.
The application may be started with the effective permissions of a privileged user, and if the application is compromised by some other means, may allow an attacker to conduct further exploits.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Zotob suspects arrested in Turkey and Morocco
By: Robert Lemos
UPDATE: Law enforcement arrested two men--one living in Turkey and the other in Morocco--in connection with the release of the recent Zotob worm.
http://www.securityfocus.com/news/11297
2. Storm brewing over SHA-1 as further breaks are found
By: Robert Lemos
Three Chinese researchers refine an attack on the encryption standard used to digitally sign documents, leaving cryptographers to debate whether the Secure Hash Algorithm needs to be mothballed more quickly.
http://www.securityfocus.com/news/11292
3. Plug-and-play bots worming and warring among Windows systems
By: Robert Lemos
A dozen different worms based on bot software have started attacking already-compromised Windows 2000 systems with the aim of creating a lasting bot net, security experts warn. Several companies, such as CNN and the New York Times, have been infected because they failed to patch in time.
http://www.securityfocus.com/news/11285
4. Worm spreading through Microsoft Plug-and-Play flaw
By: Robert Lemos
Dubbed Zotob, the worm infects computers using a flaw in the Windows operating system's Plug-and-Play functionality, but security experts believe that the attack won't be as significant as previous epidemics.
http://www.securityfocus.com/news/11281
5. Zotob arrests throws open trade in compromised PCs
By: John Leyden
One of two men arrested last week over the Zotob worm outbreak has been linked to the creation of 20 other viruses.
http://www.securityfocus.com/news/11299
6. Brazil cuffs 85 in online bank hack dragnet
By: Lester Haines
Brazilian federal police last week cuffed 85 people across seven states suspected of hacking online bank accounts and netting $33m, Reuters reports.
http://www.securityfocus.com/news/11298
7. Polyglot IM worm targets MSN
By: John Leyden
A new worm spreading over IM networks is the first to check system settings in order to send a message in the appropriate language.
http://www.securityfocus.com/news/11295
8. The GIMP threatens PIN number security
By: Lester Haines
This must be a first: Linux image manipualtion programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post.
http://www.securityfocus.com/news/11296
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/409517
2. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/409516
3. [SJ-JOB] Security System Administrator, Seattle
http://www.securityfocus.com/archive/77/409470
4. [SJ-JOB] Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/409474
5. osx bugs in realplayer, grapher, and garage band
http://www.securityfocus.com/archive/82/409441
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #253
http://www.securityfocus.com/archive/88/409064
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. POC /dev/input/event* keylogger
http://www.securityfocus.com/archive/91/409017
2. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012
4. Linux hardening
http://www.securityfocus.com/archive/91/408758
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: IT-Harvest
Zotob got you down?
Attend the The Detroit IT Security Summit
This premier Midwest security event is all about "Security That Works"
Register online at:
----------------------------------------
This Issue is Sponsored By: IT-Harvest
Zotob got you down?
Attend the The Detroit IT Security Summit
This premier Midwest security event is all about "Security That Works"
Register online at:
http://www.securityfocus.com/sponsor/ITHarvest_sf-news_050830
------------------------------------------------------------------
I. FRONT AND CENTER
1. The great firewall of China
II. BUGTRAQ SUMMARY
1. Elm Expires Header Remote Buffer Overflow Vulnerability
2. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability
3. Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
4. Land Down Under Multiple SQL Injection Vulnerabilities
5. Land Down Under Multiple Cross-Site Scripting Vulnerabilities
6. PCRE Regular Expression Heap Overflow Vulnerability
7. Computer Associates Message Queuing Denial Of Service Vulnerability
8. Computer Associates Message Queuing Buffer Overflow Vulnerability
9. Computer Associates Message Queuing CAFT Spoofing Vulnerability
10. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
11. Coppermine Displayimage.PHP Script Injection Vulnerability
12. NEPHP Browse.PHP Cross Site Scripting Vulnerability
13. DTLink Software AreaEdit SpellChecker Plugin Arbitrary Command Execution Vulnerability
14. Cisco IDS Management Software SSL Certificate Validation Vulnerability
15. PHPKit Multiple SQL Injection Vulnerabilities
16. RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities
17. BEA WebLogic Portal Access Validation Vulnerability
18. Cisco Intrusion Prevention System Local Privilege Escalation Vulnerability
19. RunCMS Arbitrary Variable Overwrite Vulnerability
20. PostNuke Multiple Cross Site Scripting Vulnerabilities
21. PostNuke DL-viewdownload.PHP SQL Injection Vulnerability
22. Netquery Host Parameter Arbitrary Command Execution Vulnerability
23. Adobe Version Cue for Mac OS X Local Privilege Escalation Vulnerabilities
24. SaveWebPortal Unauthorized Access Vulnerability
25. SLocate Local Database Corruption Vulnerability
26. SaveWebPortal Multiple Remote File Include Vulnerabilities
27. SaveWebPortal Multiple Cross Site Scripting Vulnerabilities
28. SaveWebPortal Multiple Directory Traversal Vulnerabilities
29. Ventrilo Status Requests Denial Of Service Vulnerability
30. ZipTorrent Proxy Server Password Disclosure Vulnerability
31. Mercora IMRadio Plaintext Password Disclosure Weakness
32. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow Vulnerability
33. PADL Software PAM_LDAP Authentication Bypass Vulnerability
34. SqWebMail File Attachment Script Injection Vulnerability
35. WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
36. MPlayer Audio Header Buffer Overflow Vulnerability
37. Home Ftp Server Multiple Vulnerabilities
38. PAFileDB Auth.PHP SQL Injection Vulnerability
39. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
40. QNX RTOS InputTrap Local Arbitrary File Disclosure Vulnerability
41. Foojan PHPWeblog Html Injection Vulnerability
42. Tor Cryptographic Handshake Remote Information Disclosure Vulnerability
43. Apache CGI Byterange Request Denial of Service Vulnerability
44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of Service Vulnerability
45. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
46. HP-UX Veritas File System Unauthorized Data Access Vulnerability
47. Quake 2 Lithium II Mod Memory Corruption Vulnerability
48. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
49. Simpleproxy Remote Syslog() Format String Vulnerability
50. Simple PHP Blog Remote Arbitrary File Upload Vulnerability
51. Gallery Script Injection Vulnerability
52. PHPgraphy Script Injection Vulnerability
53. YaPig Script Injection Vulnerability
54. PhotoPost Script Injection Vulnerability
55. Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
56. NTPD Insecure Privileges Vulnerability
III. SECURITYFOCUS NEWS
1. Zotob suspects arrested in Turkey and Morocco
2. Storm brewing over SHA-1 as further breaks are found
3. Plug-and-play bots worming and warring among Windows systems
4. Worm spreading through Microsoft Plug-and-Play flaw
5. Zotob arrests throws open trade in compromised PCs
6. Brazil cuffs 85 in online bank hack dragnet
7. Polyglot IM worm targets MSN
8. The GIMP threatens PIN number security
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Auditor, Charlotte
2. [SJ-JOB] Security Consultant, Various
3. [SJ-JOB] Security System Administrator, Seattle
4. [SJ-JOB] Security Engineer, Santa Clara
5. [SJ-JOB] Security Engineer, Bayarea
6. [SJ-JOB] Database Security Engineer, Santa Clara
7. [SJ-JOB] Information Assurance Engineer, Seattle
8. [SJ-JOB] Information Assurance Analyst, Seattle
9. [SJ-JOB] Sr. Security Engineer, New York
10. [SJ-JOB] Security Consultant, UK-wide
11. [SJ-JOB] Sr. Security Analyst, beijing
12. [SJ-JOB] Security Engineer, Berkshire
13. [SJ-JOB] Disaster Recovery Coordinator, Washington
14. [SJ-JOB] Sales Engineer, Washington
15. [SJ-JOB] Sales Representative, Atlanta
16. [SJ-JOB] Information Assurance Analyst, Arlington
17. [SJ-JOB] Security Consultant, Munich or Frankfurt
18. [SJ-JOB] Sales Engineer, New York
19. [SJ-JOB] Channel / Business Development, New York
20. [SJ-JOB] Channel / Business Development, Dallas/Austin
21. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
22. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
23. [SJ-JOB] Application Security Architect, Amsterdam
24. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
25. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
26. [SJ-JOB] Management, Cincinnatti
27. [SJ-JOB] Sales Representative, TBA
28. [SJ-JOB] Security Architect, Sunnyvale
29. [SJ-JOB] Sales Representative, St. Louis or Kansas City, MO.
30. [SJ-JOB] Manager, Information Security, Wales
31. [SJ-JOB] Forensics Engineer, London
32. [SJ-JOB] Sr. Security Analyst, Parsippany
33. [SJ-JOB] Sr. Security Analyst, central
34. [SJ-JOB] VP / Dir / Mgr engineering, Pune
35. [SJ-JOB] Quality Assurance, Cupertino
36. [SJ-JOB] Technical Marketing Engineer, Cupertino
37. [SJ-JOB] Security System Administrator, Appleton
V. INCIDENTS LIST SUMMARY
1. strange icmp echo request
2. SSH compiled with backdoor
3. Looking for Analysts in the Calgary, Alberta Canada - UI design workshop
4. cuebot-d infection method
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Xcon2005 papers released
2. 22nd Chaos Communication Congress 2005: Call for Papers
3. Windows Multi-Languages OPcodes DB
4. rm fileutils Segmentation fault
5. osx bugs in realplayer, grapher, and garage band
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #253
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. POC /dev/input/event* keylogger
2. Re[2]: Linux hardening
3. Xvfb Question
4. Linux hardening
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. The great firewall of China
By Scott Granneman
When a barrage of attacks and hacking attempts come from IP addresses traced back to China, and you don't do any business in China, do you block their entire IP address range and call it a day?
http://www.securityfocus.com/columnists/350
II. BUGTRAQ SUMMARY
--------------------
1. Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an attacker to execute malicious code. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can result in overflowing a finite sized buffer and may ultimately lead to arbitrary code execution in the context of the affected application.
2. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability
BugTraq ID: 14616
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14616
Summary:
Process Explorer is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can result in the overflowing of a finite sized buffer and may ultimately lead to the execution of arbitrary code in the context of the affected application.
3. Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
BugTraq ID: 14617
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14617
Summary:
Woltlab Burning Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
It should be noted an attacker must have moderator credentials to access the vulnerable script.
4. Land Down Under Multiple SQL Injection Vulnerabilities
BugTraq ID: 14618
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14618
Summary:
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
5. Land Down Under Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14619
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14619
Summary:
Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
6. PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied input prior to copying data to an internal memory buffer.
The impact of successful exploitation of this vulnerability depends on the application and the user credentials utilizing the vulnerable library. Successful attack may ultimately permit an attacker to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.
7. Computer Associates Message Queuing Denial Of Service Vulnerability
BugTraq ID: 14621
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14621
Summary:
Computer Associates Message Queuing (CAM) is prone to a remote denial of service vulnerability.
A remote attacker can exploit this vulnerability to deny service to legitimate users.
It should be noted exploitation of this issue does not cause the affected application to consume system resources. The only known consequence is no further connections to the TCP port can take place.
8. Computer Associates Message Queuing Buffer Overflow Vulnerability
BugTraq ID: 14622
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14622
Summary:
Computer Associates Message Queuing (CAM) is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can cause the process's execution stack to overflow and may ultimately lead to the execution of arbitrary code in the context of the affected application. This may facilitate privilege escalation to SYSTEM level privileges.
9. Computer Associates Message Queuing CAFT Spoofing Vulnerability
BugTraq ID: 14623
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14623
Summary:
CAM is prone to a vulnerability that could permit the spoofing of a CAFT application utilizing the CAM instance. This may ultimately allow the execution of arbitrary commands.
CAFT is a file transfer application that utilizes CAM to send and receive the files. The problem presents itself due to a failure in the CAM service to verify the legitimacy of the CAFT application. An attacker can spoof a legitimate CAFT instance and ultimately execute arbitrary CAM commands with elevated privileges.
10. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
BugTraq ID: 14624
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14624
Summary:
lm_sensors creates temporary files in an insecure manner. The issue exists in the 'pwmconfig' script.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
lm_sensors version 2.9.1 is reportedly affected, however, other versions may be vulnerable as well.
11. Coppermine Displayimage.PHP Script Injection Vulnerability
BugTraq ID: 14625
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14625
Summary:
Coppermine is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
12. NEPHP Browse.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14626
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14626
Summary:
nePHP is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied input.
This vulnerability will allow a malicious user to perform attacks on an unsuspecting user in the context of the site hosting the affected application.
This can lead to the theft of cookie-based authentication credentials, as well as other attacks.
13. DTLink Software AreaEdit SpellChecker Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 14627
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14627
Summary:
AreaEdit is affected by a remote arbitrary command execution vulnerability.
Successful exploitation of this issue results in command execution with the privileges of the Web server process. This can lead to various attacks including unauthorized access to an affected computer.
AreaEdit versions prior to 0.4.3 are affected by this vulnerability.
14. Cisco IDS Management Software SSL Certificate Validation Vulnerability
BugTraq ID: 14628
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14628
Summary:
CiscoWorks Management Center for IDS Sensors, and Cisco Monitoring Center for Security are both susceptible to an SSL certificate validation vulnerability. This issue is due to a failure of the software to properly validate SSL certificates.
Attackers may exploit this vulnerability to spoof SSL certificates, allowing them to impersonate Cisco Intrusion Detection Sensor or Cisco Intrusion Prevention System devices.
By spoofing these connections attackers may gain access to login credentials, aiding them in further attacks. Spoofed connections may also allow for the insertion of false data or the modification or destruction of other valid data contained in the affected management software. This allows attackers to hide the traces of their malicious activity, creating a false sense of security. Other attacks may also be possible.
15. PHPKit Multiple SQL Injection Vulnerabilities
BugTraq ID: 14629
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14629
Summary:
PHPKit is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
16. RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities
BugTraq ID: 14631
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14631
Summary:
RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
17. BEA WebLogic Portal Access Validation Vulnerability
BugTraq ID: 14632
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14632
Summary:
BEA WebLogic Portal is affected by an access validation vulnerability.
An attacker can gain access to restricted content including all pages of the Book by issuing a specially crafted HTTP GET request.
WebLogic Portal 8.1 Service Pack 4 and prior are affected by this vulnerability.
18. Cisco Intrusion Prevention System Local Privilege Escalation Vulnerability
BugTraq ID: 14633
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14633
Summary:
Cisco IPS is susceptible to a local privilege escalation vulnerability. This issue is due to a flaw in the logic of the command line interface (CLI).
Users with VIEWER or OPERATOR privileges may exploit this vulnerability to gain administrative access on affected devices. These privileges are non-privileged accounts designated for monitoring and troubleshooting of IPS devices.
By exploiting this vulnerability, attackers may gain full administrative privileges on affected devices. This allows them to bypass the network security features of the device, aiding them in further attacks. Arbitrary code execution and denial of network services is also possible.
19. RunCMS Arbitrary Variable Overwrite Vulnerability
BugTraq ID: 14634
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14634
Summary:
RunCMS is prone to a vulnerability that permits the overwriting of arbitrary variables.
RunCMS is prone to a vulnerability that permits the overwriting of arbitrary variables.
An attacker can exploit this vulnerability to overwrite arbitrary application global variables. The attacker supplies new values through use of the POST method.
Successful exploitation of this vulnerability can have multiple ramifications depending on the variables overwritten and the scope and permissions of the vulnerable application.
20. PostNuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14635
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14635
Summary:
PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
This can lead to theft of cookie-based authentication credentials, as well as other types of attacks.
21. PostNuke DL-viewdownload.PHP SQL Injection Vulnerability
BugTraq ID: 14636
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14636
Summary:
PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack of sufficient sanitization of user-supplied input.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
22. Netquery Host Parameter Arbitrary Command Execution Vulnerability
BugTraq ID: 14637
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14637
Summary:
Netquery is affected a remote command execution vulnerability.
An attacker can supply arbitrary commands through the 'host' parameter of the 'nquser.php' script. This can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access.
Netquery 3.11 is affected by this vulnerability. It is possible that prior versions are vulnerable as well.
23. Adobe Version Cue for Mac OS X Local Privilege Escalation Vulnerabilities
BugTraq ID: 14638
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14638
Summary:
Adobe Version Cue for Mac OS X is prone to two local privilege escalation vulnerabilities. This issue could allow a local attacker to load arbitrary libraries or overwrite files.
The first issue (CAN-2005-1842) allows a local user to overwrite arbitrary files in the context of the superuser through the VCNative application. This vulnerability permits privilege escalation as files may be overwritten with custom data.
The second issue (CAN-2005-1843) allows a local user to load arbitrary libraries in the context of the superuser through the VCNative application. This will permit privilege escalation.
Adobe Version Cue 1.0 and 1.0.1 are vulnerable to this issue.
24. SaveWebPortal Unauthorized Access Vulnerability
BugTraq ID: 14639
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14639
Summary:
SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access and further attacks on the affected site.
25. SLocate Local Database Corruption Vulnerability
BugTraq ID: 14640
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14640
Summary:
slocate is susceptible to a local database corruption vulnerability. This issue is due to a failure of the application to handle unexpected directory and filename input.
This issue presents itself when the affected utility attempts to index specially crafted directory structures. The utility fails to handle the directory structure, and fails to complete the indexing process.
This vulnerability allows local attackers to cause the premature failure of the index process, resulting in an incomplete database. If the database is used in further security, backup, or other critical functions, incomplete data may result in the failure of services dependent on it.
This issue is reported in version 2.7 of slocate, but other versions may also be affected.
26. SaveWebPortal Multiple Remote File Include Vulnerabilities
BugTraq ID: 14641
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14641
Summary:
SaveWebPortal is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
27. SaveWebPortal Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14642
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14642
Summary:
SaveWebPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
28. SaveWebPortal Multiple Directory Traversal Vulnerabilities
BugTraq ID: 14643
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14643
Summary:
SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Exploitation of this vulnerability could lead to a loss of confidentiality and integrity. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
An attacker can also execute arbitrary local PHP files through exploitation of this vulnerability. The impact of this will depend on the PHP files available.
29. Ventrilo Status Requests Denial Of Service Vulnerability
BugTraq ID: 14644
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14644
Summary:
Ventrilo is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to handle execeptional conditions.
Successful exploitation will terminate the software denying service to legitimate users.
30. ZipTorrent Proxy Server Password Disclosure Vulnerability
BugTraq ID: 14645
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14645
Summary:
ZipTorrent is affected by a vulnerability that may allow local attackers to obtain the proxy server passwords of affected users.
This may lead to various attacks against affected users including the disclosure of sensitive information.
ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be affected as well.
31. Mercora IMRadio Plaintext Password Disclosure Weakness
BugTraq ID: 14646
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14646
Summary:
Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry keys for the application are not encrypted or obfuscated in any way.
A local attacker may monitor the keyboard, CRT and mouse activity of a local administrator and retrieve the usernames and passwords for other users of the affected application.It should be noted that normal user accounts do not have the ability to read these registry keys.
In the event that an attacker gains administrative privileges by some other means, these usernames and passwords could be viewed and recorded to launch further attacks on the affected computer.
32. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 14647
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14647
Summary:
HAURI Anti-Virus is affected by a remote buffer overflow vulnerability when handling ACE archives.
An attacker can exploit this issue by crafting a malicious ACE archive containing a specially crafted file name and sending this archive to a vulnerable computer.
The attacker may exploit this vulnerability to gain unauthorized remote access in the context of the superuser.
33. PADL Software PAM_LDAP Authentication Bypass Vulnerability
BugTraq ID: 14649
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14649
Summary:
PAM_LDAP is prone to an authentication bypass vulnerability when handling new password policy control. This could allow an unauthorized user to bypass authentication.
This vulnerability was reported to affect PAM_LDAP builds 169 through 179.
34. SqWebMail File Attachment Script Injection Vulnerability
BugTraq ID: 14650
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14650
Summary:
SqWebMail is prone to a vulnerability with regards to an email containing file attachments.
Successful exploitation will lead to the execution of malicious script code in the context of the victim's account. The attacker's malicious code will be able to perform the same functions as the victim, for example, sending and viewing email messages; other attacks may also be possible.
35. WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
BugTraq ID: 14651
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14651
Summary:
WebCalendar is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
36. MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
The problem presents itself when the affected application attempts to process audio streams that contain overly large values in their header.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
37. Home Ftp Server Multiple Vulnerabilities
BugTraq ID: 14653
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14653
Summary:
Home Ftp Server is affected by multiple vulnerabilities. These issues can allow local attackers to disclose sensitive information and remote attackers to carry out directory traversal attacks.
Home Ftp Server 1.0.7 b45 is reported to be vulnerable. Other versions may be affected as well.
38. PAFileDB Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14654
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14654
Summary:
paFileDB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Exploitation of this issue may allow for compromise of the software, session hijacking, or attacks against the underlying database. Other attacks are also possible.
39. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
BugTraq ID: 14655
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14655
Summary:
LeapFTP client is prone to a remote buffer overflow vulnerability.
The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq) file.
A remote attacker may gain unauthorized access in the context of the user running the application.
LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.
40. QNX RTOS InputTrap Local Arbitrary File Disclosure Vulnerability
BugTraq ID: 14656
Remote: No
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14656
Summary:
QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions.
This vulnerability allows local malicious users to gain access to the contents of arbitrary files with superuser privileges, aiding them in further attacks.
QNX RTOS versions 6.1 and 6.3 are affected by this issue. Other versions are also likely affected. This issue is similar to the one described in BID 4901.
41. Foojan PHPWeblog Html Injection Vulnerability
BugTraq ID: 14658
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14658
Summary:
Foojan PHPWeblog is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
42. Tor Cryptographic Handshake Remote Information Disclosure Vulnerability
BugTraq ID: 14659
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14659
Summary:
Tor is susceptible to a remote information disclosure vulnerability. This issue is due to a flaw in the implementation of the Diffie-Hellman key exchange protocol.
Specifically, certain values used during the Diffie-Hellman key exchange protocol are insecure, and when used, lead to the ability of attackers to access the negotiated encryption keys.
This vulnerability allows attackers to gain access to the negotiated keys used to encrypt the communications between Tor servers and clients. This allows attackers to read or modify all the traffic that is sent from the targeted user over the Tor network. The anonymity, confidentiality, and integrity guarantees of the network are lost through the exploitation of this issue.
43. Apache CGI Byterange Request Denial of Service Vulnerability
BugTraq ID: 14660
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14660
Summary:
Apache is prone to a denial of service when handling large CGI byterange requests.
44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of Service Vulnerability
BugTraq ID: 14661
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14661
Summary:
A local denial of service vulnerability affects the Linux kernel's ELF header processing functionality on 64 bit x86 platforms.
A successful attack can allow a local attacker to trigger a denial of service condition in the kernel.
This issue may be related to BID 11846 (Linux Kernel 64 Bit ELF Header Local Denial Of Service Vulnerability). Due to a lack of information, this cannot be confirmed at the moment. This BID will be retired if further analysis reveals that the issues are identical.
45. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 14662
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14662
Summary:
HP OpenView Network Node Manager is prone to multiple remote arbitrary command execution vulnerabilities.
These issue arises when the user-specified 'node' URI parameter of various scripts is utilized as a part of a command to be executed with the 'system()' function.
These issues may facilitate unauthorized remote access in the context of the Web server to the affected computer.
These issues affects version 6.41 and 7.5 on the Solaris platform. Unknown versions of the package on Microsoft Windows platforms is also affected. It is likely that other versions and platforms are also affected.
46. HP-UX Veritas File System Unauthorized Data Access Vulnerability
BugTraq ID: 14663
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14663
Summary:
HP-UX is affected by a vulnerability that may allow local unauthorized users to access potentially sensitive data.
This vulnerability presents itself in HP-UX systems running the Veritas File System (VxFS).
A successful attack may disclose sensitive information and aid in other attacks against a vulnerable computer.
47. Quake 2 Lithium II Mod Memory Corruption Vulnerability
BugTraq ID: 14664
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14664
Summary:
Quake 2 Lithium II Mod is affected by a memory corruption vulnerability.
A successful attack may allow the attacker to corrupt process memory and execute arbitrary code resulting in unauthorized remote access.
It is conjectured that this issue may also facilitate format string attacks, however, this has not been confirmed at the moment.
Lithium II version 1.24 is affected by this vulnerability.
48. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
BugTraq ID: 14665
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14665
Summary:
Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer.
This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.
Astaro Security Linux 6.001 is prone to this weakness.
49. Simpleproxy Remote Syslog() Format String Vulnerability
BugTraq ID: 14666
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14666
Summary:
It is reported that simpleproxy contains a format string vulnerability. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function.
Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the affected package. This application may be run as the superuser in order to proxy privileged TCP ports.
Versions of simpleproxy prior to 3.4 are reported susceptible to this vulnerability.
50. Simple PHP Blog Remote Arbitrary File Upload Vulnerability
BugTraq ID: 14667
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14667
Summary:
Simple PHP Blog is prone to a remote arbitrary file upload vulnerability.
This issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the script on the affected server.
Simple PHP Blog 0.4.0 is affected by this issue. Other versions may be vulnerable as well.
51. Gallery Script Injection Vulnerability
BugTraq ID: 14668
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14668
Summary:
Gallery is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
52. PHPgraphy Script Injection Vulnerability
BugTraq ID: 14669
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14669
Summary:
phpGraphy is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
53. YaPig Script Injection Vulnerability
BugTraq ID: 14670
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14670
Summary:
YaPig is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
54. PhotoPost Script Injection Vulnerability
BugTraq ID: 14671
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14671
Summary:
PhotoPost is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.
A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.
Further attacks are also possible.
55. Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
BugTraq ID: 14672
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14672
Summary:
Nokia Affix BTSRV is affected by a remote command execution vulnerability.
An attacker can supply arbitrary commands through a device name and have them executed in the context of the service. This can lead to a complete compromise.
56. NTPD Insecure Privileges Vulnerability
BugTraq ID: 14673
Remote: Yes
Date Published: 2005-08-27
Relevant URL: http://www.securityfocus.com/bid/14673
Summary:
ntpd is prone to an insecure privileges vulnerability.
The application may be started with the effective permissions of a privileged user, and if the application is compromised by some other means, may allow an attacker to conduct further exploits.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Zotob suspects arrested in Turkey and Morocco
By: Robert Lemos
UPDATE: Law enforcement arrested two men--one living in Turkey and the other in Morocco--in connection with the release of the recent Zotob worm.
http://www.securityfocus.com/news/11297
2. Storm brewing over SHA-1 as further breaks are found
By: Robert Lemos
Three Chinese researchers refine an attack on the encryption standard used to digitally sign documents, leaving cryptographers to debate whether the Secure Hash Algorithm needs to be mothballed more quickly.
http://www.securityfocus.com/news/11292
3. Plug-and-play bots worming and warring among Windows systems
By: Robert Lemos
A dozen different worms based on bot software have started attacking already-compromised Windows 2000 systems with the aim of creating a lasting bot net, security experts warn. Several companies, such as CNN and the New York Times, have been infected because they failed to patch in time.
http://www.securityfocus.com/news/11285
4. Worm spreading through Microsoft Plug-and-Play flaw
By: Robert Lemos
Dubbed Zotob, the worm infects computers using a flaw in the Windows operating system's Plug-and-Play functionality, but security experts believe that the attack won't be as significant as previous epidemics.
http://www.securityfocus.com/news/11281
5. Zotob arrests throws open trade in compromised PCs
By: John Leyden
One of two men arrested last week over the Zotob worm outbreak has been linked to the creation of 20 other viruses.
http://www.securityfocus.com/news/11299
6. Brazil cuffs 85 in online bank hack dragnet
By: Lester Haines
Brazilian federal police last week cuffed 85 people across seven states suspected of hacking online bank accounts and netting $33m, Reuters reports.
http://www.securityfocus.com/news/11298
7. Polyglot IM worm targets MSN
By: John Leyden
A new worm spreading over IM networks is the first to check system settings in order to send a message in the appropriate language.
http://www.securityfocus.com/news/11295
8. The GIMP threatens PIN number security
By: Lester Haines
This must be a first: Linux image manipualtion programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post.
http://www.securityfocus.com/news/11296
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/409517
2. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/409516
3. [SJ-JOB] Security System Administrator, Seattle
http://www.securityfocus.com/archive/77/409470
4. [SJ-JOB] Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/409474
5. [SJ-JOB] Security Engineer, Bayarea
http://www.securityfocus.com/archive/77/409467
6. [SJ-JOB] Database Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/409471
7. [SJ-JOB] Information Assurance Engineer, Seattle
http://www.securityfocus.com/archive/77/409472
8. [SJ-JOB] Information Assurance Analyst, Seattle
http://www.securityfocus.com/archive/77/409465
9. [SJ-JOB] Sr. Security Engineer, New York
http://www.securityfocus.com/archive/77/409466
10. [SJ-JOB] Security Consultant, UK-wide
http://www.securityfocus.com/archive/77/409272
11. [SJ-JOB] Sr. Security Analyst, beijing
http://www.securityfocus.com/archive/77/409273
12. [SJ-JOB] Security Engineer, Berkshire
http://www.securityfocus.com/archive/77/409271
13. [SJ-JOB] Disaster Recovery Coordinator, Washington
http://www.securityfocus.com/archive/77/409270
14. [SJ-JOB] Sales Engineer, Washington
http://www.securityfocus.com/archive/77/409193
15. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/409194
16. [SJ-JOB] Information Assurance Analyst, Arlington
http://www.securityfocus.com/archive/77/409183
17. [SJ-JOB] Security Consultant, Munich or Frankfurt
http://www.securityfocus.com/archive/77/409185
18. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/409186
19. [SJ-JOB] Channel / Business Development, New York
http://www.securityfocus.com/archive/77/409188
20. [SJ-JOB] Channel / Business Development, Dallas/Austin
http://www.securityfocus.com/archive/77/409184
21. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
http://www.securityfocus.com/archive/77/409175
22. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
http://www.securityfocus.com/archive/77/409172
23. [SJ-JOB] Application Security Architect, Amsterdam
http://www.securityfocus.com/archive/77/409170
24. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
http://www.securityfocus.com/archive/77/409169
25. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
http://www.securityfocus.com/archive/77/409176
26. [SJ-JOB] Management, Cincinnatti
http://www.securityfocus.com/archive/77/409091
27. [SJ-JOB] Sales Representative, TBA
http://www.securityfocus.com/archive/77/409061
28. [SJ-JOB] Security Architect, Sunnyvale
http://www.securityfocus.com/archive/77/409062
29. [SJ-JOB] Sales Representative, St. Louis or Kansas City, MO.
http://www.securityfocus.com/archive/77/409029
30. [SJ-JOB] Manager, Information Security, Wales
http://www.securityfocus.com/archive/77/409032
31. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/409028
32. [SJ-JOB] Sr. Security Analyst, Parsippany
http://www.securityfocus.com/archive/77/409027
33. [SJ-JOB] Sr. Security Analyst, central
http://www.securityfocus.com/archive/77/405941
34. [SJ-JOB] VP / Dir / Mgr engineering, Pune
http://www.securityfocus.com/archive/77/405939
35. [SJ-JOB] Quality Assurance, Cupertino
http://www.securityfocus.com/archive/77/405943
36. [SJ-JOB] Technical Marketing Engineer, Cupertino
http://www.securityfocus.com/archive/77/405946
37. [SJ-JOB] Security System Administrator, Appleton
http://www.securityfocus.com/archive/77/405947
V. INCIDENTS LIST SUMMARY
---------------------------
1. strange icmp echo request
http://www.securityfocus.com/archive/75/409494
2. SSH compiled with backdoor
http://www.securityfocus.com/archive/75/409497
3. Looking for Analysts in the Calgary, Alberta Canada - UI design workshop
http://www.securityfocus.com/archive/75/409209
4. cuebot-d infection method
http://www.securityfocus.com/archive/75/409026
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Xcon2005 papers released
http://www.securityfocus.com/archive/82/409605
2. 22nd Chaos Communication Congress 2005: Call for Papers
http://www.securityfocus.com/archive/82/409443
3. Windows Multi-Languages OPcodes DB
http://www.securityfocus.com/archive/82/409444
4. rm fileutils Segmentation fault
http://www.securityfocus.com/archive/82/409442
5. osx bugs in realplayer, grapher, and garage band
http://www.securityfocus.com/archive/82/409441
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #253
http://www.securityfocus.com/archive/88/409064
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. POC /dev/input/event* keylogger
http://www.securityfocus.com/archive/91/409017
2. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012
3. Xvfb Question
http://www.securityfocus.com/archive/91/409023
4. Linux hardening
http://www.securityfocus.com/archive/91/408758
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: IT-Harvest
Zotob got you down?
Attend the The Detroit IT Security Summit
This premier Midwest security event is all about "Security That Works"
Register online at:
http://www.securityfocus.com/sponsor/ITHarvest_sf-news_050830
[ reply ]