SecurityFocus Microsoft Newsletter #127
---------------------------------------
This Issue is sponsored by: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack Step-by-Step It's as
simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
I. FRONT AND CENTER
1. Intrusion Prevention Systems: the Next Step in the Evolution...
2. U.S. Information Security Law, Part One
3. The Consequences of Criminalizing Crypto
4. Media Gone Mad
5. SecurityFocus DPP Program
6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL)
II. MICROSOFT VULNERABILITY SUMMARY
1. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
2. PlatinumFTPServer Directory Traversal Variant Vulnerability
3. Mambo Site Server Cookie Validation Vulnerability
4. Microsoft Internet Explorer Self Executing HTML File Vulnerability
5. AMX Mod Remote 'amx_say' Format String Vulnerability
6. Apache Web Server MIME Boundary Information Disclosure...
7. Apple QuickTime/Darwin Streaming Server Command Execution...
8. Apple QuickTime/Darwin Streaming Administration Server...
9. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI...
10. Apache Web Server ETag Header Information Disclosure Weakness
11. Microsoft Windows ME Help and Support Center Buffer Overflow...
12. Electronic Arts Battlefield 1942 Remote Administration...
13. InstantServer ISMail Remote User Fields Buffer Overflow...
14. Netscape JavaScript Regular Expression Denial Of Service...
15. Typo3 Showpic.PHP File Enumeration Vulnerability
16. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
17. Typo3 Log HTML Injection Vulnerability
18. Typo3 Translations.PHP Remote File Include Vulnerability
19. Typo3 Translations.PHP File Disclosure Vulnerability
22. Microsoft Outlook and Outlook Express Arbitrary Program...
23. Netscape Style Sheet Denial Of Service Vulnerability
24. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun...
25. Apple QuickTime/Darwin Streaming Server Malicious Port Request...
26. Opera Automatic Redirection Cross Site Scripting Vulnerability
28. Typo3 Runtime Error Page Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Hostname given to XP clients (Thread)
2. DMZ boxes in the domain - Bad moderator (Thread)
3. How do you patch yours? (was: Monitor Services on Windows...
4. Monitor Services on Windows machines (Thread)
5. [despammed] Utility to determine who deteled files (Thread)
6. Utility to determine who deteled files (Thread)
7. Administrivia: Results (Thread)
8. Article Announcement: Exchange 2000 in the Enterprise: Tips...
9. One Time Passwords (Thread)
10. DMZ boxes in the domain (Thread)
11. Windows2000 QuickLaunch (Thread)
12. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread)
13. Antwort: Monitor Services on Windows machines (Thread)
14. SecurityFocus Microsoft Newsletter #126 (Thread)
15. Administrivia (Thread)
16. MS Software Update Service (Thread)
17. Windows 2000 Static arp not static (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. AbsoluteShield Internet Eraser Pro
2. InTrust
3. iPrism
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Anti-Spam SMTP Proxy v0.1.4
2. SSHTerm v0.1.0 beta
3. Funned vFinal
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Intrusion Prevention Systems: the Next Step in the Evolution of IDS
By Neil Desai
Intrusion prevention systems combine the blocking capabilities of a
firewall with the deep packet inspection of intrusion detection systems.
this discussion will look at five different categories of IPSs that focus
on attack prevention at layers that most firewalls are not yet able to
decipher.
http://www.securityfocus.com/infocus/1670
2. U.S. Information Security Law, Part One: Protecting Private Sector
Systems, and Information Security Professionals and Trade Secrets
by Steven Robinson
Information security professionals work within an enterprise to protect it
from all non-physical threats to the integrity and availability of its
data and systems. Performing this function draws security professionals
into simultaneous, ongoing relationships between the enterprise on the one
hand and, successively on the other, the enterprise's employees and other
agents, its customers, suppliers, competitors, government officials and
regulators, to say nothing of unidentified and sometimes unidentifiable
actors.
http://www.securityfocus.com/infocus/1669
3. The Consequences of Criminalizing Crypto
By Mark Rasch
There is nothing like the fear of weapons of mass destruction to bring out
weary old legislative proposals. Earlier this month, it leaked out that
the Justice Department was considering a broad expansion of its
investigative authority, including the creation of new criminal offenses,
ostensibly to assist in the fight against terrorism. Many of the proposals
contained in the "Domestic Security Enhancement Act of 2003" had nothing
to do with fighting terrorism, but would substantially increase penalties
for such mundane offenses as wire fraud or claiming too many deductions on
a federal tax return.
http://www.securityfocus.com/columnists/145
4. Media Gone Mad
By Tim Mullen
"Windows XP Kills Dog, Steals Toaster"
That's the next headline I'm expecting to read after wallowing through a
week of technology press misreporting about the latest security issue in
Windows XP -- an "issue" that's really nothing of the sort.
http://www.securityfocus.com/columnists/144
5. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today?s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
BugTraq ID: 6974
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6974
Summary:
tcpdump is a freely available, open source network monitoring tool. It is
available for the Unix, Linux, and Microsoft Windows operating systems.
A vulnerability in the processing of some packet types may result in an
inability to further use the tcpdump application.
It has been reported that tcpdump is vulnerable to a denial of service
when some packet types are received. By sending a maliciously formatted
packet to a system using a vulnerable version of tcpdump, it is possible
for a remote user to cause tcpdump to ignore network traffic from the time
the packet is received until the application is terminated and restarted.
The problem is in the handling of ISAKMP packets. When tcpdump receives a
maliciously crafted ISAKMP packet, the application enters an infinite loop
and ceases to further monitor network traffic. This could allow the
passing of undetected network traffic that would typically be seen by
tcpdump.
PlatinumFTPServer is an FTP server for Microsoft Windows systems. It is
commercially available, and distributed by BYTE/400.
Some PlatinumFTPServer commands may allow remote users to break out of the
FTP root directory. This is due to insufficient sanitization of directory
traversal sequences from FTP commands.
This may potentially be exploited to list files that are on the local
system. Under some circumstances, it may be possible to retrieve files or
upload malicious files to directories on the local system which are
accessible by the FTP server.
This issue is a variant of the issues described in BID 6554 and BID 6691.
3. Mambo Site Server Cookie Validation Vulnerability
BugTraq ID: 6926
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6926
Summary:
Mambo Site Server is a freely available, open source web content
management tool. It is written in PHP, and available for Unix, Linux, and
Microsoft Windows operating systems.
Mambo Site Server may grant access without sufficiently validating cookie
based authentication credentials. It has been reported that Mambo will
accept a user cookie sent by the site as an administrative credential.
To exploit this issue, the attacker must receive a cookie and then use MD5
to encode their session ID in the cookie. The attacker may then access
administrative pages using the modified cookie. Reportedly, session IDs
are not issued during normal use of Mambo, but will be issued during
logout. A session ID issued during logout is sufficient to exploit this
issue.
The attacker may gain unauthorized access to the underlying database
through an administrative account. Other administrative actions are also
possible.
This issue was reported in Mambo Site Server 4.0.12 RC2. Earlier versions
may also be affected.
4. Microsoft Internet Explorer Self Executing HTML File Vulnerability
BugTraq ID: 6961
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6961
Summary:
Microsoft Internet Explorer is vulnerable to a condition that may allow an
executable file embedded within an HTML file to automatically execute.
If an executable file is embedded within an HTML file and script code
within that HTML file points to the embedded executable file, Internet
Explorer will parse and execute the code.
This could allow Internet Explorer to automatically execute any code
contained within an HTML file. Such code would potentially execute in the
security context of Internet Explorer.
This vulnerability could potentially be exploited through HTML email,
though this has not been confirmed.
All versions of Internet Explorer 5.5 and 6.0 are reported to be
vulnerable. Earlier versions may also be vulnerable.
There have been reports that some users may not be able to reproduce this
vulnerability. When more information becomes available, this record will
be updated.
5. AMX Mod Remote 'amx_say' Format String Vulnerability
BugTraq ID: 6968
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6968
Summary:
AMX Mod is a plugin for Half-Life and expands game servers to include
additional functionality. It is available for the Linux and Microsoft
Windows operating systems.
A format string vulnerability has been discovered in AMX Mod. The issue
occurs in the 'amx_say' command and may be exploited to execute arbitrary
code on an affected Half-Life server. This vulnerability likely exists due
to the insecure implementation of printf-like functions.
An attacker can exploit this bug by supplying specially crafted format
specifiers as an argument to the 'amx_say' command. By using specifiers,
such as '%hn', it is possible for an attacker to overwrite arbitrary
locations in memory.
Successful exploitation of this issue would allow an attacker to execute
arbitrary code on a target Half-Life server. As servers are typically run
with root/admin level privileges this may result in the complete
compromise of an affected server.
It should be noted that the affected command can be accessed only by those
who have been authenticated by rcon.
6. Apache Web Server MIME Boundary Information Disclosure Vulnerability
BugTraq ID: 6943
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6943
Summary:
Apache is a freely available web server. It is available for a variety of
platforms including the Unix, Linux and, Microsoft Windows operating
systems.
A vulnerability has been discovered in the Apache web server that may
result in the disclosure of sensitive information. Specifically, the
getpid() function is used when generating MIME message boundaries. This
will effectively disclose the Apache child process identification (PID) to
a remote attacker.
Access to this information may aid an attacker in launching attacks
further attacks against target services.
OpenBSD has released a patch that addresses this issue. MIME boundaries
are now generated by the server using BASE64 encoded random numbers.
7. Apple QuickTime/Darwin Streaming Server Command Execution Vulnerability
BugTraq ID: 6954
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6954
Summary:
The Darwin/QuickTime Streaming Servers are used as a web interface for
Streaming Server configuration. They are available for the Linux, Solaris,
Microsoft Windows and MacOS X operating systems.
A command execution vulnerability has been discovered in the
Darwin/QuickTime Streaming Servers. The vulnerability exists due to
insufficient sanitization performed on some user-supplied input.
Specifically, input supplied to the parse_xml.cgi is not sufficiently
sanitized of pipe ('|') characters.
An attacker can exploit this vulnerability by submitting a specially
crafted string to the parse_xml.cgi application that include malicious
shell commands. These commands, when received by the Streaming Servers,
will be executed and may be used to compromise a vulnerable system.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
8. Apple QuickTime/Darwin Streaming Administration Server Parse_XML.CGI Directory Listing Vulnerability
BugTraq ID: 6955
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6955
Summary:
The QuickTime/Darwin Streaming Adminstration Servers are used as a web
interface for Streaming Server configuration. They are available for the
Linux, Solaris, Microsoft Windows and MacOS X operating systems.
QuickTime/Darwin Streaming Administration Server is prone to an issue
which may allow remote attackers to browse the contents of directories.
This is due to insufficient sanitization of user-supplied input, which is
passed through an open() function in the 'parse_xml.cgi' script.
Exploitation may lead to disclosure of sensitive information which may aid
in further attacks against the system hosting the software. The attacker
may need to view the source code of the page to view the directory listing
output.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
9. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 6958
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6958
Summary:
The Apple QuickTime/Darwin Streaming Servers are used as a web interface
for Streaming Server configuration. They are available for the Linux,
Solaris, Microsoft Windows and MacOS X operating systems.
The Apple QuickTime/Darwin Streaming Server is prone to cross-site
scripting attacks. When an invalid filename is specified from this page,
it is output to an error page without sufficient sanitization of HTML and
script code. The filename may be specified as a URI parameter. This
issue exists in the 'parse_xml.cgi' script.
An attacker may take advantage of this lack of sanitization to embed
malicious HTML and script code in a link to the vulnerable script. If the
link is visited, the attacker-supplied code may be interpreted in the web
client of the user who visits the malicious link.
Successful exploitation may allow the attacker to steal cookie-based
authentication credentials from a legitimate user of the site hosting the
software. Other attacks will also be possible.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
10. Apache Web Server ETag Header Information Disclosure Weakness
BugTraq ID: 6939
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6939
Summary:
Apache is a freely available web server. It is available for a variety of
platforms including the Unix, Linux and, Microsoft Windows operating
systems.
A cache management feature is available for Apache that makes use of an
entity tag (ETag) header. When this option is enabled and a request is
made for a document relating to a file, for caching purposes, an ETag
response header is returned containing various file attributes. ETag
information allows further requests for files to contain specific
information, such as the file's inode number, which allows for faster
lookup times.
A weakness has been found in the generation of ETag headers under certain
configurations implementing the FileETag directive. Among the file
attributes included in the header is the file inode number that is
returned to a client. This poses a security risk, as this information may
aid in launching attacks against other network-based services. For
instance, NFS uses inode numbers to generate file handles.
OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid the
release of sensitive information.
Apache 1.3.22 and earlier are not configurable to disable the use of
inodes in ETag headers. However, default behaviour in later versions will
still release this sensitive information.
11. Microsoft Windows ME Help and Support Center Buffer Overflow Vulnerability
BugTraq ID: 6966
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6966
Summary:
Microsoft Windows ME contains a Help and Support Center (HSC) facility
that provides help on several topics such as Windows features and hardware
support. The HSC also contains a URI handler that allows pages to be
opened through an hcp:// prefix.
The hcp:// prefix does not perform sufficient bounds checking on supplied
input. This could allow an unusually long string supplied to the HSC
through the URI handler to overrun the buffer. Arbitrary code could be
executed on the system in the security context of the HSC.
This vulnerability could be exploited by including a malformed link using
hcp:// prefixes in a web page or through HTML email.
A similar vulnerability was reported in the Windows XP Help and Support
Center (BID 6802). These vulnerabilities may be related.
** Conflicting details have been reported about this vulnerability. The
discoverer claims that the issue is cross site scripting that allows
script code emebedded into the HCP URL to be executed. ActiveX controls
and scripts could be executed without any warnings to the user and in the
security context of the HSC. The following example of such a URL was
provided by the discoverer:
hcp://vulnerable_help_page.htm?topic=javascript:alert('Malicious script
here can read, delete and execute any file')
The discoverer also claims that Windows XP without SP1 is also vulnerable
to this issue, while Microsoft claims that it is not.
12. Electronic Arts Battlefield 1942 Remote Administration Authentication Buffer Overflow Vulnerability
BugTraq ID: 6967
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6967
Summary:
Battlefield 1942 is a video game distributed and maintained by Electronic
Arts. The server software is available for the Linux and Microsoft
Windows platforms.
A problem with the software could make it possible for a remote user to
potentially perform denial of service or code execution.
It has been reported that Battlefield 1942 does not properly check input
sent to the administration port of a game server. By sending a string of
excessive length, a remote attacker could crash the server, resulting in a
denial of service. A manual restart of the server process would be
required to resume normal service.
The problem has been reported as a heap overflow in the authentication
infrastructure for the game server. When a user with access to the
administrative interface of the game server connects via default port
4711, a long string sent to the port will cause the corruption of heap
memory. This could also potentially result in the overwriting of heap
memory to execute malicious instructions with the privileges of the game
server process. Execution of code through this vulnerability has not been
confirmed.
13. InstantServer ISMail Remote User Fields Buffer Overflow Vulnerability
BugTraq ID: 6972
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6972
Summary:
ISMail is a commercially available mail server implementation by
InstantServers. It is available for the Microsoft Windows operating
system.
A problem with ISMail could make it possible for a remote attacker to
execute arbitrary code on systems using vulnerable software.
It has been reported that ISMail does not properly handle long strings
under some circumstances. When an email containing specifically crafted
strings in various fields of the email header is passed through the
server, a buffer overflow occurs. This could be exploited to execute code
on vulnerable server.
The problem is in the RCPT TO and FROM fields. When domain names of
excessive length are supplied in these fields, a stack overflow occurs.
This problem could be exploited to execute code with the privileges of the
ISMail process, which is typically run as SYSTEM.
14. Netscape JavaScript Regular Expression Denial Of Service Vulnerability
BugTraq ID: 6959
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6959
Summary:
Netscape is a Web browser developed for a variety of platforms including
Microsoft Windows and Linux and Unix variant operating environments.
It has been reported that Netscape based browsers may be vulnerable to a
persistent denial of service condition when executing maliciously crafted
JavaScript regular expression methods.
If a malicious page containing a specially crafted JavaScript regular
expression method is viewed the browser reportedly becomes un-stable this
may result in a critical failure of the affected browser. Specifically, by
making a malformed split() function call, it is possible to trigger this
Denial of Service condition.
This vulnerability was reported for Netscape version 7. It is not known if
previous versions are also affected.
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYPO3 is prone to a vulnerability that will allow remote attackers to
enumerate whether or not files exist on the system hosting the software.
This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be
exploited by submitting a malicious request for a file (including the
relative path). These scripts will return information about whether or
not a file exists.
This type of information may be useful in mounting further attacks against
the host system, since the scripts will reveal information about the
layout of the host's filesystem.
16. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability
BugTraq ID: 6990
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6990
Summary:
QuickTime/Darwin Streaming Administration Server is server technology
which allows you to send streaming QuickTime data to clients across the
Internet.
A file retrieval vulnerability has been reported for QuickTime/Darwin
Streaming Server (SS). The vulnerability exists due to insufficient
sanitization of some parameters given to the parse_xml.cgi script.
Specifically, directory traversal sequences are not sanitized from the
value supplied to the 'filename' URI parameter. Information obtained in
this manner may be used by an attacker to launch more organinzed attacks
against a vulnerable system.
An attacker may exploit this vulnerability by making a request to the
parse_xml.cgi script containing dot-dot-slash ('../') sequences followed
by a filename. When the malicious request is processed, the Streaming
Server will disclose the contents of the file to an attacker.
This vulnerability was tested on SS for Microsoft Windows systems. Linux
versions of Darwin SS are reportedly not vulnerable to this issue.
17. Typo3 Log HTML Injection Vulnerability
BugTraq ID: 6983
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6983
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYP03 logs all system and access related errors in the TYPO3 database and
provides a facility for administrators to view this information from the
web. However, data is not sanitized of HTML before being logged. As a
result, remote attackers may inject malicious HTML and script code into
log files. When these logs are viewed, the hostile code will be
interpreted in the web client of the user viewing the logs.
This may allow for theft of administrative cookie-based authentication
credentials and other attacks.
18. Typo3 Translations.PHP Remote File Include Vulnerability
BugTraq ID: 6984
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6984
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYPO3 is prone to an issue that may allow remote attackers to include
files located on attacker-controlled servers.
This vulnerability is as a result of insufficient sanitization performed
on remote user supplied data used by a URI parameter of the
'translations.php' PHP page.
Under some circumstances, it is possible for remote attackers to influence
the path for an include file to point to an external file by manipulating
the '$ONLY' URI parameter.
If the remote file is a malicious file, this may be exploited to execute
arbitrary system commands in the context of the web server.
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYPO3 does not sufficiently sanitize input submitted via URI parameters of
potentially malicious data. This issue exists in the 'translations.php'
script. Specifically, variations of directory traversal sequences and
null characters (%00) may be specified as a value for the 'ONLY' URI
parameter. By submitting a malicious web request to this script that
contains a relative path to a resource and a null character (%00), it is
possible to retrieve arbitrary files that are readable by the web server
process.
Successful exploitation will permit the attacker to gain access to
sensitive information that may aid in mounting further attacks against the
system hosting the software.
20. Typo3 Webroot Folders Information Disclosure Weakness
BugTraq ID: 6988
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6988
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
It has been reported that TYPO3 installs, by default, several directories
into the TYPO3 webroot. These directories are reportedly readable or
lacking sufficient authentication mechanisms and contain log,
configuration and script files. This weakness may result in the disclosure
of sensitive system based information to malicious web users.
The following directories and files have been reported to be prone to this
issue: /install /fileadmin/ /typo3conf/
The information gathered as a result of this weakness may be used in
further attacks against the system.
21. Typo3 HTML Hidden Form Field Information Disclosure Weakness
BugTraq ID: 6993
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6993
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
Clients of TYPO3 systems may access potentially sensitive data that have
been obfuscated through hidden form fields. Such fields may contain
potentially sensitive information which may provide determined attackers
with valuable information which may be useful in exploiting other known
issues in the software.
This vulnerability was reported for TYPO3 3.5b5.
22. Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability
BugTraq ID: 6923
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6923
Summary:
Microsoft Outlook and Outlook Express use Internet Explorer to render HTML
email and newsgroup messages by default. When an HTML message is viewed,
a temporary object is created in the Internet Explorer cache. The
security zone applied to this cache should be the Internet Zone by
default, as set by Internet Explorer.
It is possible to execute arbitrary programs through an object embedded
within an HTML message viewed with Outlook or Outlook Express.
If an object embedded within the HTML message contains a CODEBASE
reference to an executable file on the local system, the program file will
be executed. The object must use a CLASSID that does not contain only
zeroes.
It may also be possible for an attacker to place a file in a known
temporary folder through other means and have it executed through this
method.
This issue is similar in nature to BID 3867, which was reportedly fixed by
Microsoft. It is possible that the issue was not correctly fixed in cases
where Internet Explorer is used by another application to render HTML
content. As a result, other applications that rely on Internet Explorer
other than Outlook and Outlook Express may also be vulnerable to this
issue.
23. Netscape Style Sheet Denial Of Service Vulnerability
BugTraq ID: 6937
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6937
Summary:
Netscape is a Web browser developed for a variety of platforms including
Microsoft Windows and Linux and Unix variant operating environments.
It has been reported that Netscape based browsers may be vulnerable to a
persistent denial of service or performance degradation condition when
rendering certain style sheet code.
If a malicious page is viewed, the browser reportedly becomes unstable.
One possible condition mentioned was critical failure of the browser while
another condition reportedly utilized all CPU resources.
This vulnerability was reported for Netscape browser version 6 and 7. It
is not known if previous versions are also affected.
24. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun Vulnerability
BugTraq ID: 6957
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6957
Summary:
The Apple QuickTime/Darwin MP3 Broadcaster is encoding software used to
stream online broadcasts. They are available for the Linux, Solaris,
Microsoft Windows and MacOS X operating systems.
A vulnerability has been discovered in MP3 Broadcaster. The problem occurs
due to insufficient bounds checking on MP3 filenames. Processing an MP3
file with a name containing 256 or more bytes of data will trigger this
condition. When this overflow occurs, sensitive locations in memory will
be overwritten.
By overwriting sensitive memory, such as a return address, this issue may
be exploitable by a remote attacker to execute arbitrary commands. All
instructions run in this manner would be executed with the privileges of
the user running the vulnerable application.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
25. Apple QuickTime/Darwin Streaming Server Malicious Port Request Code Injection Vulnerability
BugTraq ID: 6960
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6960
Summary:
The Apple QuickTime/Darwin Streaming Servers are used as a web interface
for Streaming Server configuration. They are available for the Linux,
Solaris, Microsoft Windows and MacOS X operating systems.
A problem with QuickTime/Darwin Streaming Server could make the execution
of arbitrary script code possible.
It has been reported that a vulnerability exists in the handling of
malicious requests for streaming media in the Apple QuickTime/Darwin
Streaming Server. By placing a malicious request to the streaming port of
the software, an attacker could potentially cause execution of script code
in the security context of an administrator.
Because of the method in which the QuickTime/Darwin Streaming Server
administrative interface handles log input, script code inserted into to
log files by way of malicious streaming media requests would be executed
in the security context of a vulnerable administrator. This is performed
through the DESCRIBE option supplied through rtsp, and could result in the
execution of malicious HTML and script code when logs containing injected
code are viewed. The request will not be sanitized of script code when it
is logged.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
26. Opera Automatic Redirection Cross Site Scripting Vulnerability
BugTraq ID: 6962
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6962
Summary:
Opera is a web client available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
A cross site scripting vulnerability has been reported in Opera browsers
for Windows and Linux platforms. The vulnerability exists due to
insufficient sanitization of some user-supplied input when redirecting
visitors to another page or site. Specifically, Opera generates a
temporary page to display a redirection URL. The generated page does not
filter out any malicious HTML code before being displayed to a user.
When a user visits a site that redirects a user to another page,
attacker-supplied script code will be interpreted by Opera in the security
context of the malicious site.
Exploitation of this issue may enable an attacker to steal cookie-based
authentication credentials of victim users. Other attacks are also
possible.
This vulnerability was reported for Opera 7.01 and earlier for Windows
operating systems and Opera 6 for Linux systems.
27. Netscape Communicator Password Disclosure Weakness
BugTraq ID: 6981
Remote: No
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6981
Summary:
Netscape Communicator is a combined web browser and e-Mail Client
developed for a variety of platforms including Microsoft Windows, Linux
and Unix variant operating environments.
It has been reported that the Netscape Communicator roaming profile
function may store sensitive user credentials in the 'prefs.js'
configuration file using plaintext or easily disclosed format.
This weakness may result in an attacker accessing sensitive user
credentials that may be used in further attacks launched against the
system.
Conflicting details have been reported suggesting that perhaps this issue
may be due to a user initiated configuration change and that password data
may be encrypted using a trivial XOR based encryption algorithm by
default.
This report is closely related to the issue described in BID 6215.
28. Typo3 Runtime Error Page Information Disclosure Vulnerability
BugTraq ID: 6986
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6986
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
An information disclosure vulnerability has been reported for TYPO3. The
vulnerability exists in several 'test', 'class' and 'library' scripts that
are included with TYPO3.
These scripts may be forced to execute and generate runtime errors. When
these errors occur, the scripts will output path information.
Information obtained in this manner may be used by an attacker to launch
further attacks against a vulnerable system.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Hostname given to XP clients (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313437
2. DMZ boxes in the domain - Bad moderator (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313394
3. How do you patch yours? (was: Monitor Services on Windows machines) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313388
4. Monitor Services on Windows machines (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313373
5. [despammed] Utility to determine who deteled files (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313293
6. Utility to determine who deteled files (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313318
7. Administrivia: Results (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313254
8. Article Announcement: Exchange 2000 in the Enterprise: Tips and Tricks Part Three (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313264
9. One Time Passwords (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313236
10. DMZ boxes in the domain (Thread)
Relevant URL:
12. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313235
13. Antwort: Monitor Services on Windows machines (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313120
14. SecurityFocus Microsoft Newsletter #126 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313111
15. Administrivia (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313004
16. MS Software Update Service (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313012
17. Windows 2000 Static arp not static (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313025
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. AbsoluteShield Internet Eraser Pro
by SysShield Consulting, Inc
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.internet-track-eraser.com/
Summary:
AbsoluteShield Internet Eraser protects your privacy by cleaning up all
the tracks of your Internet and computer activities. The tool is
integrated with IE and it can erase the browser cache, history, cookies,
typed URLs, autocomplete list and so on in one click. You can also set the
tool to automatically erase those tracks when you quit IE or quit Windows.
The tool is also featured to erase the disk free space and has the open
plugin support. With the plugin support, AbsoluteShield Internet Eraser
now supports to erase the tracks left by any applications. We currently
offer more than 20 plugins which supports the most popular programs such
as MS Office, WinZip, UltraEdit, RealPlayer, Media Player... Beside the
ability to erase the tracks of your Internet and computer activities, the
tool also has an integrated, small, configurable and intelligent Ad window
and popup blocker.
2. InTrust
by Aelita Software
Platforms: Windows 2000, Windows NT
Relevant URL:
http://www.aelita.com/products/intrust.htm
Summary:
InTrust, formerly EventAdmin, offers consolidated security auditing and
monitoring for Windows-centric and heterogeneous networks. Together,Aelita
Enterprise Directory Reporter and InTrust fill the security gap between
corporate policies and IT infrastructure.
3. iPrism
by St. Bernard Software
Platforms: N/A
Relevant URL:
http://www.stbernard.com/products_iprism.asp
Summary:
iPrism is the premier plug and play Internet appliance that enables
organizations to monitor and control Internet access, making the Internet
a more productive environment for employees. It reduces management
problems and legal liability for administrators, managers and executives
by allowing precise tailoring and enforcement of Acceptable Use Policies
for Internet access. Our I-Guard technology sets us apart because our URL
review utilizes artificial intelligence combined with human review of each
and every site. I-Guard categorization makes our database as accurate as
possible, so you can be sure the right sites are blocked or available.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. Anti-Spam SMTP Proxy v0.1.4
by John Hanna
Relevant URL:
http://assp.sourceforge.net/
Platforms: Linux, MacOS, Os Independent, POSIX, UNIX, Windows 2000,
Windows NT
Summary:
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open
source platform independent SMTP Proxy server which implements whitelists
and Bayesian filtering to help stop unsolicited commercial email (UCE).
Anti-spam tools should be adaptive to new spam and customized for each
site’s email patterns. This easy to use tool works with any mail
transport and achieves these goals requiring no operator intervention
after the initial setup phase.
2. SSHTerm v0.1.0 beta
by Richard Pernavas
Relevant URL:
http://www.sshtools.com/
Platforms: Os Independent
Summary:
SSHTerm is a Java SSH client that provides a whole range of features,
including port forwarding, password authentication, public-key
authentication, ANSI/VT100/VT220/VT320 terminal, full clipboard support,
record and playback input/output, and the ability to load/save connection
settings to a file.
3. Funned vFinal
by Gorka Lertxundi Osa
Relevant URL:
http://gip.mundurat.net
Platforms: N/A
Summary:
Funned is a very simple port scan detection tool, that alerts you in
syslog when someone is scanning your host.
VI. SPONSOR INFORMATION
-----------------------
This Issue is sponsored by: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack Step-by-Step It's as
simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
---------------------------------------
This Issue is sponsored by: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack Step-by-Step It's as
simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
http://www.spidynamics.com/mktg/sqlinjection30
------------------------------------------------------------------------
-------
I. FRONT AND CENTER
1. Intrusion Prevention Systems: the Next Step in the Evolution...
2. U.S. Information Security Law, Part One
3. The Consequences of Criminalizing Crypto
4. Media Gone Mad
5. SecurityFocus DPP Program
6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL)
II. MICROSOFT VULNERABILITY SUMMARY
1. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
2. PlatinumFTPServer Directory Traversal Variant Vulnerability
3. Mambo Site Server Cookie Validation Vulnerability
4. Microsoft Internet Explorer Self Executing HTML File Vulnerability
5. AMX Mod Remote 'amx_say' Format String Vulnerability
6. Apache Web Server MIME Boundary Information Disclosure...
7. Apple QuickTime/Darwin Streaming Server Command Execution...
8. Apple QuickTime/Darwin Streaming Administration Server...
9. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI...
10. Apache Web Server ETag Header Information Disclosure Weakness
11. Microsoft Windows ME Help and Support Center Buffer Overflow...
12. Electronic Arts Battlefield 1942 Remote Administration...
13. InstantServer ISMail Remote User Fields Buffer Overflow...
14. Netscape JavaScript Regular Expression Denial Of Service...
15. Typo3 Showpic.PHP File Enumeration Vulnerability
16. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
17. Typo3 Log HTML Injection Vulnerability
18. Typo3 Translations.PHP Remote File Include Vulnerability
19. Typo3 Translations.PHP File Disclosure Vulnerability
22. Microsoft Outlook and Outlook Express Arbitrary Program...
23. Netscape Style Sheet Denial Of Service Vulnerability
24. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun...
25. Apple QuickTime/Darwin Streaming Server Malicious Port Request...
26. Opera Automatic Redirection Cross Site Scripting Vulnerability
28. Typo3 Runtime Error Page Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Hostname given to XP clients (Thread)
2. DMZ boxes in the domain - Bad moderator (Thread)
3. How do you patch yours? (was: Monitor Services on Windows...
4. Monitor Services on Windows machines (Thread)
5. [despammed] Utility to determine who deteled files (Thread)
6. Utility to determine who deteled files (Thread)
7. Administrivia: Results (Thread)
8. Article Announcement: Exchange 2000 in the Enterprise: Tips...
9. One Time Passwords (Thread)
10. DMZ boxes in the domain (Thread)
11. Windows2000 QuickLaunch (Thread)
12. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread)
13. Antwort: Monitor Services on Windows machines (Thread)
14. SecurityFocus Microsoft Newsletter #126 (Thread)
15. Administrivia (Thread)
16. MS Software Update Service (Thread)
17. Windows 2000 Static arp not static (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. AbsoluteShield Internet Eraser Pro
2. InTrust
3. iPrism
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Anti-Spam SMTP Proxy v0.1.4
2. SSHTerm v0.1.0 beta
3. Funned vFinal
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Intrusion Prevention Systems: the Next Step in the Evolution of IDS
By Neil Desai
Intrusion prevention systems combine the blocking capabilities of a
firewall with the deep packet inspection of intrusion detection systems.
this discussion will look at five different categories of IPSs that focus
on attack prevention at layers that most firewalls are not yet able to
decipher.
http://www.securityfocus.com/infocus/1670
2. U.S. Information Security Law, Part One: Protecting Private Sector
Systems, and Information Security Professionals and Trade Secrets
by Steven Robinson
Information security professionals work within an enterprise to protect it
from all non-physical threats to the integrity and availability of its
data and systems. Performing this function draws security professionals
into simultaneous, ongoing relationships between the enterprise on the one
hand and, successively on the other, the enterprise's employees and other
agents, its customers, suppliers, competitors, government officials and
regulators, to say nothing of unidentified and sometimes unidentifiable
actors.
http://www.securityfocus.com/infocus/1669
3. The Consequences of Criminalizing Crypto
By Mark Rasch
There is nothing like the fear of weapons of mass destruction to bring out
weary old legislative proposals. Earlier this month, it leaked out that
the Justice Department was considering a broad expansion of its
investigative authority, including the creation of new criminal offenses,
ostensibly to assist in the fight against terrorism. Many of the proposals
contained in the "Domestic Security Enhancement Act of 2003" had nothing
to do with fighting terrorism, but would substantially increase penalties
for such mundane offenses as wire fraud or claiming too many deductions on
a federal tax return.
http://www.securityfocus.com/columnists/145
4. Media Gone Mad
By Tim Mullen
"Windows XP Kills Dog, Steals Toaster"
That's the next headline I'm expecting to read after wallowing through a
week of technology press misreporting about the latest security issue in
Windows XP -- an "issue" that's really nothing of the sort.
http://www.securityfocus.com/columnists/144
5. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today?s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
BugTraq ID: 6974
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6974
Summary:
tcpdump is a freely available, open source network monitoring tool. It is
available for the Unix, Linux, and Microsoft Windows operating systems.
A vulnerability in the processing of some packet types may result in an
inability to further use the tcpdump application.
It has been reported that tcpdump is vulnerable to a denial of service
when some packet types are received. By sending a maliciously formatted
packet to a system using a vulnerable version of tcpdump, it is possible
for a remote user to cause tcpdump to ignore network traffic from the time
the packet is received until the application is terminated and restarted.
The problem is in the handling of ISAKMP packets. When tcpdump receives a
maliciously crafted ISAKMP packet, the application enters an infinite loop
and ceases to further monitor network traffic. This could allow the
passing of undetected network traffic that would typically be seen by
tcpdump.
2. PlatinumFTPServer Directory Traversal Variant Vulnerability
BugTraq ID: 6925
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6925
Summary:
PlatinumFTPServer is an FTP server for Microsoft Windows systems. It is
commercially available, and distributed by BYTE/400.
Some PlatinumFTPServer commands may allow remote users to break out of the
FTP root directory. This is due to insufficient sanitization of directory
traversal sequences from FTP commands.
This may potentially be exploited to list files that are on the local
system. Under some circumstances, it may be possible to retrieve files or
upload malicious files to directories on the local system which are
accessible by the FTP server.
This issue is a variant of the issues described in BID 6554 and BID 6691.
3. Mambo Site Server Cookie Validation Vulnerability
BugTraq ID: 6926
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6926
Summary:
Mambo Site Server is a freely available, open source web content
management tool. It is written in PHP, and available for Unix, Linux, and
Microsoft Windows operating systems.
Mambo Site Server may grant access without sufficiently validating cookie
based authentication credentials. It has been reported that Mambo will
accept a user cookie sent by the site as an administrative credential.
To exploit this issue, the attacker must receive a cookie and then use MD5
to encode their session ID in the cookie. The attacker may then access
administrative pages using the modified cookie. Reportedly, session IDs
are not issued during normal use of Mambo, but will be issued during
logout. A session ID issued during logout is sufficient to exploit this
issue.
The attacker may gain unauthorized access to the underlying database
through an administrative account. Other administrative actions are also
possible.
This issue was reported in Mambo Site Server 4.0.12 RC2. Earlier versions
may also be affected.
4. Microsoft Internet Explorer Self Executing HTML File Vulnerability
BugTraq ID: 6961
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6961
Summary:
Microsoft Internet Explorer is vulnerable to a condition that may allow an
executable file embedded within an HTML file to automatically execute.
If an executable file is embedded within an HTML file and script code
within that HTML file points to the embedded executable file, Internet
Explorer will parse and execute the code.
This could allow Internet Explorer to automatically execute any code
contained within an HTML file. Such code would potentially execute in the
security context of Internet Explorer.
This vulnerability could potentially be exploited through HTML email,
though this has not been confirmed.
All versions of Internet Explorer 5.5 and 6.0 are reported to be
vulnerable. Earlier versions may also be vulnerable.
There have been reports that some users may not be able to reproduce this
vulnerability. When more information becomes available, this record will
be updated.
5. AMX Mod Remote 'amx_say' Format String Vulnerability
BugTraq ID: 6968
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6968
Summary:
AMX Mod is a plugin for Half-Life and expands game servers to include
additional functionality. It is available for the Linux and Microsoft
Windows operating systems.
A format string vulnerability has been discovered in AMX Mod. The issue
occurs in the 'amx_say' command and may be exploited to execute arbitrary
code on an affected Half-Life server. This vulnerability likely exists due
to the insecure implementation of printf-like functions.
An attacker can exploit this bug by supplying specially crafted format
specifiers as an argument to the 'amx_say' command. By using specifiers,
such as '%hn', it is possible for an attacker to overwrite arbitrary
locations in memory.
Successful exploitation of this issue would allow an attacker to execute
arbitrary code on a target Half-Life server. As servers are typically run
with root/admin level privileges this may result in the complete
compromise of an affected server.
It should be noted that the affected command can be accessed only by those
who have been authenticated by rcon.
6. Apache Web Server MIME Boundary Information Disclosure Vulnerability
BugTraq ID: 6943
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6943
Summary:
Apache is a freely available web server. It is available for a variety of
platforms including the Unix, Linux and, Microsoft Windows operating
systems.
A vulnerability has been discovered in the Apache web server that may
result in the disclosure of sensitive information. Specifically, the
getpid() function is used when generating MIME message boundaries. This
will effectively disclose the Apache child process identification (PID) to
a remote attacker.
Access to this information may aid an attacker in launching attacks
further attacks against target services.
OpenBSD has released a patch that addresses this issue. MIME boundaries
are now generated by the server using BASE64 encoded random numbers.
7. Apple QuickTime/Darwin Streaming Server Command Execution Vulnerability
BugTraq ID: 6954
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6954
Summary:
The Darwin/QuickTime Streaming Servers are used as a web interface for
Streaming Server configuration. They are available for the Linux, Solaris,
Microsoft Windows and MacOS X operating systems.
A command execution vulnerability has been discovered in the
Darwin/QuickTime Streaming Servers. The vulnerability exists due to
insufficient sanitization performed on some user-supplied input.
Specifically, input supplied to the parse_xml.cgi is not sufficiently
sanitized of pipe ('|') characters.
An attacker can exploit this vulnerability by submitting a specially
crafted string to the parse_xml.cgi application that include malicious
shell commands. These commands, when received by the Streaming Servers,
will be executed and may be used to compromise a vulnerable system.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
8. Apple QuickTime/Darwin Streaming Administration Server Parse_XML.CGI Directory Listing Vulnerability
BugTraq ID: 6955
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6955
Summary:
The QuickTime/Darwin Streaming Adminstration Servers are used as a web
interface for Streaming Server configuration. They are available for the
Linux, Solaris, Microsoft Windows and MacOS X operating systems.
QuickTime/Darwin Streaming Administration Server is prone to an issue
which may allow remote attackers to browse the contents of directories.
This is due to insufficient sanitization of user-supplied input, which is
passed through an open() function in the 'parse_xml.cgi' script.
Exploitation may lead to disclosure of sensitive information which may aid
in further attacks against the system hosting the software. The attacker
may need to view the source code of the page to view the directory listing
output.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
9. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 6958
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6958
Summary:
The Apple QuickTime/Darwin Streaming Servers are used as a web interface
for Streaming Server configuration. They are available for the Linux,
Solaris, Microsoft Windows and MacOS X operating systems.
The Apple QuickTime/Darwin Streaming Server is prone to cross-site
scripting attacks. When an invalid filename is specified from this page,
it is output to an error page without sufficient sanitization of HTML and
script code. The filename may be specified as a URI parameter. This
issue exists in the 'parse_xml.cgi' script.
An attacker may take advantage of this lack of sanitization to embed
malicious HTML and script code in a link to the vulnerable script. If the
link is visited, the attacker-supplied code may be interpreted in the web
client of the user who visits the malicious link.
Successful exploitation may allow the attacker to steal cookie-based
authentication credentials from a legitimate user of the site hosting the
software. Other attacks will also be possible.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
10. Apache Web Server ETag Header Information Disclosure Weakness
BugTraq ID: 6939
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6939
Summary:
Apache is a freely available web server. It is available for a variety of
platforms including the Unix, Linux and, Microsoft Windows operating
systems.
A cache management feature is available for Apache that makes use of an
entity tag (ETag) header. When this option is enabled and a request is
made for a document relating to a file, for caching purposes, an ETag
response header is returned containing various file attributes. ETag
information allows further requests for files to contain specific
information, such as the file's inode number, which allows for faster
lookup times.
A weakness has been found in the generation of ETag headers under certain
configurations implementing the FileETag directive. Among the file
attributes included in the header is the file inode number that is
returned to a client. This poses a security risk, as this information may
aid in launching attacks against other network-based services. For
instance, NFS uses inode numbers to generate file handles.
OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid the
release of sensitive information.
Apache 1.3.22 and earlier are not configurable to disable the use of
inodes in ETag headers. However, default behaviour in later versions will
still release this sensitive information.
11. Microsoft Windows ME Help and Support Center Buffer Overflow Vulnerability
BugTraq ID: 6966
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6966
Summary:
Microsoft Windows ME contains a Help and Support Center (HSC) facility
that provides help on several topics such as Windows features and hardware
support. The HSC also contains a URI handler that allows pages to be
opened through an hcp:// prefix.
The hcp:// prefix does not perform sufficient bounds checking on supplied
input. This could allow an unusually long string supplied to the HSC
through the URI handler to overrun the buffer. Arbitrary code could be
executed on the system in the security context of the HSC.
This vulnerability could be exploited by including a malformed link using
hcp:// prefixes in a web page or through HTML email.
A similar vulnerability was reported in the Windows XP Help and Support
Center (BID 6802). These vulnerabilities may be related.
** Conflicting details have been reported about this vulnerability. The
discoverer claims that the issue is cross site scripting that allows
script code emebedded into the HCP URL to be executed. ActiveX controls
and scripts could be executed without any warnings to the user and in the
security context of the HSC. The following example of such a URL was
provided by the discoverer:
hcp://vulnerable_help_page.htm?topic=javascript:alert('Malicious script
here can read, delete and execute any file')
The discoverer also claims that Windows XP without SP1 is also vulnerable
to this issue, while Microsoft claims that it is not.
12. Electronic Arts Battlefield 1942 Remote Administration Authentication Buffer Overflow Vulnerability
BugTraq ID: 6967
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6967
Summary:
Battlefield 1942 is a video game distributed and maintained by Electronic
Arts. The server software is available for the Linux and Microsoft
Windows platforms.
A problem with the software could make it possible for a remote user to
potentially perform denial of service or code execution.
It has been reported that Battlefield 1942 does not properly check input
sent to the administration port of a game server. By sending a string of
excessive length, a remote attacker could crash the server, resulting in a
denial of service. A manual restart of the server process would be
required to resume normal service.
The problem has been reported as a heap overflow in the authentication
infrastructure for the game server. When a user with access to the
administrative interface of the game server connects via default port
4711, a long string sent to the port will cause the corruption of heap
memory. This could also potentially result in the overwriting of heap
memory to execute malicious instructions with the privileges of the game
server process. Execution of code through this vulnerability has not been
confirmed.
13. InstantServer ISMail Remote User Fields Buffer Overflow Vulnerability
BugTraq ID: 6972
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6972
Summary:
ISMail is a commercially available mail server implementation by
InstantServers. It is available for the Microsoft Windows operating
system.
A problem with ISMail could make it possible for a remote attacker to
execute arbitrary code on systems using vulnerable software.
It has been reported that ISMail does not properly handle long strings
under some circumstances. When an email containing specifically crafted
strings in various fields of the email header is passed through the
server, a buffer overflow occurs. This could be exploited to execute code
on vulnerable server.
The problem is in the RCPT TO and FROM fields. When domain names of
excessive length are supplied in these fields, a stack overflow occurs.
This problem could be exploited to execute code with the privileges of the
ISMail process, which is typically run as SYSTEM.
14. Netscape JavaScript Regular Expression Denial Of Service Vulnerability
BugTraq ID: 6959
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6959
Summary:
Netscape is a Web browser developed for a variety of platforms including
Microsoft Windows and Linux and Unix variant operating environments.
It has been reported that Netscape based browsers may be vulnerable to a
persistent denial of service condition when executing maliciously crafted
JavaScript regular expression methods.
If a malicious page containing a specially crafted JavaScript regular
expression method is viewed the browser reportedly becomes un-stable this
may result in a critical failure of the affected browser. Specifically, by
making a malformed split() function call, it is possible to trigger this
Denial of Service condition.
This vulnerability was reported for Netscape version 7. It is not known if
previous versions are also affected.
15. Typo3 Showpic.PHP File Enumeration Vulnerability
BugTraq ID: 6982
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6982
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYPO3 is prone to a vulnerability that will allow remote attackers to
enumerate whether or not files exist on the system hosting the software.
This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be
exploited by submitting a malicious request for a file (including the
relative path). These scripts will return information about whether or
not a file exists.
This type of information may be useful in mounting further attacks against
the host system, since the scripts will reveal information about the
layout of the host's filesystem.
16. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability
BugTraq ID: 6990
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6990
Summary:
QuickTime/Darwin Streaming Administration Server is server technology
which allows you to send streaming QuickTime data to clients across the
Internet.
A file retrieval vulnerability has been reported for QuickTime/Darwin
Streaming Server (SS). The vulnerability exists due to insufficient
sanitization of some parameters given to the parse_xml.cgi script.
Specifically, directory traversal sequences are not sanitized from the
value supplied to the 'filename' URI parameter. Information obtained in
this manner may be used by an attacker to launch more organinzed attacks
against a vulnerable system.
An attacker may exploit this vulnerability by making a request to the
parse_xml.cgi script containing dot-dot-slash ('../') sequences followed
by a filename. When the malicious request is processed, the Streaming
Server will disclose the contents of the file to an attacker.
This vulnerability was tested on SS for Microsoft Windows systems. Linux
versions of Darwin SS are reportedly not vulnerable to this issue.
17. Typo3 Log HTML Injection Vulnerability
BugTraq ID: 6983
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6983
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYP03 logs all system and access related errors in the TYPO3 database and
provides a facility for administrators to view this information from the
web. However, data is not sanitized of HTML before being logged. As a
result, remote attackers may inject malicious HTML and script code into
log files. When these logs are viewed, the hostile code will be
interpreted in the web client of the user viewing the logs.
This may allow for theft of administrative cookie-based authentication
credentials and other attacks.
18. Typo3 Translations.PHP Remote File Include Vulnerability
BugTraq ID: 6984
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6984
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYPO3 is prone to an issue that may allow remote attackers to include
files located on attacker-controlled servers.
This vulnerability is as a result of insufficient sanitization performed
on remote user supplied data used by a URI parameter of the
'translations.php' PHP page.
Under some circumstances, it is possible for remote attackers to influence
the path for an include file to point to an external file by manipulating
the '$ONLY' URI parameter.
If the remote file is a malicious file, this may be exploited to execute
arbitrary system commands in the context of the web server.
19. Typo3 Translations.PHP File Disclosure Vulnerability
BugTraq ID: 6985
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6985
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
TYPO3 does not sufficiently sanitize input submitted via URI parameters of
potentially malicious data. This issue exists in the 'translations.php'
script. Specifically, variations of directory traversal sequences and
null characters (%00) may be specified as a value for the 'ONLY' URI
parameter. By submitting a malicious web request to this script that
contains a relative path to a resource and a null character (%00), it is
possible to retrieve arbitrary files that are readable by the web server
process.
Successful exploitation will permit the attacker to gain access to
sensitive information that may aid in mounting further attacks against the
system hosting the software.
20. Typo3 Webroot Folders Information Disclosure Weakness
BugTraq ID: 6988
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6988
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
It has been reported that TYPO3 installs, by default, several directories
into the TYPO3 webroot. These directories are reportedly readable or
lacking sufficient authentication mechanisms and contain log,
configuration and script files. This weakness may result in the disclosure
of sensitive system based information to malicious web users.
The following directories and files have been reported to be prone to this
issue: /install /fileadmin/ /typo3conf/
The information gathered as a result of this weakness may be used in
further attacks against the system.
21. Typo3 HTML Hidden Form Field Information Disclosure Weakness
BugTraq ID: 6993
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6993
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
Clients of TYPO3 systems may access potentially sensitive data that have
been obfuscated through hidden form fields. Such fields may contain
potentially sensitive information which may provide determined attackers
with valuable information which may be useful in exploiting other known
issues in the software.
This vulnerability was reported for TYPO3 3.5b5.
22. Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability
BugTraq ID: 6923
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6923
Summary:
Microsoft Outlook and Outlook Express use Internet Explorer to render HTML
email and newsgroup messages by default. When an HTML message is viewed,
a temporary object is created in the Internet Explorer cache. The
security zone applied to this cache should be the Internet Zone by
default, as set by Internet Explorer.
It is possible to execute arbitrary programs through an object embedded
within an HTML message viewed with Outlook or Outlook Express.
If an object embedded within the HTML message contains a CODEBASE
reference to an executable file on the local system, the program file will
be executed. The object must use a CLASSID that does not contain only
zeroes.
It may also be possible for an attacker to place a file in a known
temporary folder through other means and have it executed through this
method.
This issue is similar in nature to BID 3867, which was reportedly fixed by
Microsoft. It is possible that the issue was not correctly fixed in cases
where Internet Explorer is used by another application to render HTML
content. As a result, other applications that rely on Internet Explorer
other than Outlook and Outlook Express may also be vulnerable to this
issue.
23. Netscape Style Sheet Denial Of Service Vulnerability
BugTraq ID: 6937
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6937
Summary:
Netscape is a Web browser developed for a variety of platforms including
Microsoft Windows and Linux and Unix variant operating environments.
It has been reported that Netscape based browsers may be vulnerable to a
persistent denial of service or performance degradation condition when
rendering certain style sheet code.
If a malicious page is viewed, the browser reportedly becomes unstable.
One possible condition mentioned was critical failure of the browser while
another condition reportedly utilized all CPU resources.
This vulnerability was reported for Netscape browser version 6 and 7. It
is not known if previous versions are also affected.
24. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun Vulnerability
BugTraq ID: 6957
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6957
Summary:
The Apple QuickTime/Darwin MP3 Broadcaster is encoding software used to
stream online broadcasts. They are available for the Linux, Solaris,
Microsoft Windows and MacOS X operating systems.
A vulnerability has been discovered in MP3 Broadcaster. The problem occurs
due to insufficient bounds checking on MP3 filenames. Processing an MP3
file with a name containing 256 or more bytes of data will trigger this
condition. When this overflow occurs, sensitive locations in memory will
be overwritten.
By overwriting sensitive memory, such as a return address, this issue may
be exploitable by a remote attacker to execute arbitrary commands. All
instructions run in this manner would be executed with the privileges of
the user running the vulnerable application.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
25. Apple QuickTime/Darwin Streaming Server Malicious Port Request Code Injection Vulnerability
BugTraq ID: 6960
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6960
Summary:
The Apple QuickTime/Darwin Streaming Servers are used as a web interface
for Streaming Server configuration. They are available for the Linux,
Solaris, Microsoft Windows and MacOS X operating systems.
A problem with QuickTime/Darwin Streaming Server could make the execution
of arbitrary script code possible.
It has been reported that a vulnerability exists in the handling of
malicious requests for streaming media in the Apple QuickTime/Darwin
Streaming Server. By placing a malicious request to the streaming port of
the software, an attacker could potentially cause execution of script code
in the security context of an administrator.
Because of the method in which the QuickTime/Darwin Streaming Server
administrative interface handles log input, script code inserted into to
log files by way of malicious streaming media requests would be executed
in the security context of a vulnerable administrator. This is performed
through the DESCRIBE option supplied through rtsp, and could result in the
execution of malicious HTML and script code when logs containing injected
code are viewed. The request will not be sanitized of script code when it
is logged.
This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.
26. Opera Automatic Redirection Cross Site Scripting Vulnerability
BugTraq ID: 6962
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6962
Summary:
Opera is a web client available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
A cross site scripting vulnerability has been reported in Opera browsers
for Windows and Linux platforms. The vulnerability exists due to
insufficient sanitization of some user-supplied input when redirecting
visitors to another page or site. Specifically, Opera generates a
temporary page to display a redirection URL. The generated page does not
filter out any malicious HTML code before being displayed to a user.
When a user visits a site that redirects a user to another page,
attacker-supplied script code will be interpreted by Opera in the security
context of the malicious site.
Exploitation of this issue may enable an attacker to steal cookie-based
authentication credentials of victim users. Other attacks are also
possible.
This vulnerability was reported for Opera 7.01 and earlier for Windows
operating systems and Opera 6 for Linux systems.
27. Netscape Communicator Password Disclosure Weakness
BugTraq ID: 6981
Remote: No
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6981
Summary:
Netscape Communicator is a combined web browser and e-Mail Client
developed for a variety of platforms including Microsoft Windows, Linux
and Unix variant operating environments.
It has been reported that the Netscape Communicator roaming profile
function may store sensitive user credentials in the 'prefs.js'
configuration file using plaintext or easily disclosed format.
This weakness may result in an attacker accessing sensitive user
credentials that may be used in further attacks launched against the
system.
Conflicting details have been reported suggesting that perhaps this issue
may be due to a user initiated configuration change and that password data
may be encrypted using a trivial XOR based encryption algorithm by
default.
This report is closely related to the issue described in BID 6215.
28. Typo3 Runtime Error Page Information Disclosure Vulnerability
BugTraq ID: 6986
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6986
Summary:
TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.
An information disclosure vulnerability has been reported for TYPO3. The
vulnerability exists in several 'test', 'class' and 'library' scripts that
are included with TYPO3.
These scripts may be forced to execute and generate runtime errors. When
these errors occur, the scripts will output path information.
Information obtained in this manner may be used by an attacker to launch
further attacks against a vulnerable system.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Hostname given to XP clients (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313437
2. DMZ boxes in the domain - Bad moderator (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313394
3. How do you patch yours? (was: Monitor Services on Windows machines) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313388
4. Monitor Services on Windows machines (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313373
5. [despammed] Utility to determine who deteled files (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313293
6. Utility to determine who deteled files (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313318
7. Administrivia: Results (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313254
8. Article Announcement: Exchange 2000 in the Enterprise: Tips and Tricks Part Three (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313264
9. One Time Passwords (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313236
10. DMZ boxes in the domain (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313289
11. Windows2000 QuickLaunch (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313266
12. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313235
13. Antwort: Monitor Services on Windows machines (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313120
14. SecurityFocus Microsoft Newsletter #126 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313111
15. Administrivia (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313004
16. MS Software Update Service (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313012
17. Windows 2000 Static arp not static (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/313025
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. AbsoluteShield Internet Eraser Pro
by SysShield Consulting, Inc
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.internet-track-eraser.com/
Summary:
AbsoluteShield Internet Eraser protects your privacy by cleaning up all
the tracks of your Internet and computer activities. The tool is
integrated with IE and it can erase the browser cache, history, cookies,
typed URLs, autocomplete list and so on in one click. You can also set the
tool to automatically erase those tracks when you quit IE or quit Windows.
The tool is also featured to erase the disk free space and has the open
plugin support. With the plugin support, AbsoluteShield Internet Eraser
now supports to erase the tracks left by any applications. We currently
offer more than 20 plugins which supports the most popular programs such
as MS Office, WinZip, UltraEdit, RealPlayer, Media Player... Beside the
ability to erase the tracks of your Internet and computer activities, the
tool also has an integrated, small, configurable and intelligent Ad window
and popup blocker.
2. InTrust
by Aelita Software
Platforms: Windows 2000, Windows NT
Relevant URL:
http://www.aelita.com/products/intrust.htm
Summary:
InTrust, formerly EventAdmin, offers consolidated security auditing and
monitoring for Windows-centric and heterogeneous networks. Together,Aelita
Enterprise Directory Reporter and InTrust fill the security gap between
corporate policies and IT infrastructure.
3. iPrism
by St. Bernard Software
Platforms: N/A
Relevant URL:
http://www.stbernard.com/products_iprism.asp
Summary:
iPrism is the premier plug and play Internet appliance that enables
organizations to monitor and control Internet access, making the Internet
a more productive environment for employees. It reduces management
problems and legal liability for administrators, managers and executives
by allowing precise tailoring and enforcement of Acceptable Use Policies
for Internet access. Our I-Guard technology sets us apart because our URL
review utilizes artificial intelligence combined with human review of each
and every site. I-Guard categorization makes our database as accurate as
possible, so you can be sure the right sites are blocked or available.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. Anti-Spam SMTP Proxy v0.1.4
by John Hanna
Relevant URL:
http://assp.sourceforge.net/
Platforms: Linux, MacOS, Os Independent, POSIX, UNIX, Windows 2000,
Windows NT
Summary:
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open
source platform independent SMTP Proxy server which implements whitelists
and Bayesian filtering to help stop unsolicited commercial email (UCE).
Anti-spam tools should be adaptive to new spam and customized for each
site’s email patterns. This easy to use tool works with any mail
transport and achieves these goals requiring no operator intervention
after the initial setup phase.
2. SSHTerm v0.1.0 beta
by Richard Pernavas
Relevant URL:
http://www.sshtools.com/
Platforms: Os Independent
Summary:
SSHTerm is a Java SSH client that provides a whole range of features,
including port forwarding, password authentication, public-key
authentication, ANSI/VT100/VT220/VT320 terminal, full clipboard support,
record and playback input/output, and the ability to load/save connection
settings to a file.
3. Funned vFinal
by Gorka Lertxundi Osa
Relevant URL:
http://gip.mundurat.net
Platforms: N/A
Summary:
Funned is a very simple port scan detection tool, that alerts you in
syslog when someone is scanning your host.
VI. SPONSOR INFORMATION
-----------------------
This Issue is sponsored by: SPI Dynamics
ALERT: How a Hacker Launches a SQL Injection Attack Step-by-Step It's as
simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
http://www.spidynamics.com/mktg/sqlinjection30
------------------------------------------------------------------------
-------
[ reply ]