SecurityFocus

White Paper: 0x00 vs ASP file upload scripts 2004-07-13
Brett Moore (brett moore security-assessment com)

We are proud to announce the release of our latest white paper
titled 0x00 vs ASP file upload scripts.

.Abstract.
The affects of the `Poison NULL byte` have not been widely
explored in ASP, but as with other languages the NULL byte
can cause problems when ASP passes data to objects.

Many upload sy

[ more ] [ reply ]

Re: current leading bots used in drone armies [June/July 2004] 2004-07-11
Jan Knutar (jknutar nic fi)

<snip and reordered>
> Over-time, a drone army can reach hundreds of thousands of infected drones
> in size, and new armies/drone are created daily. There are a lot more than
> just a few drone armies out there, and the Trojan horses used change
> constantly.
<snip and reorder>
> Trojan horses used

[ more ] [ reply ]

Trend Micro Officescan for Win2k strange behaviour 2004-07-14
Marco Monicelli (marco monicelli marcegaglia com)

Hello List!

I've noticed the following "weird" behaviour of the Trend Micro Officescan
client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for WinXP/2k/NT:

The AV client is protected for unloading the Realtime Scan agent prompting
for a password (which I don't know of course). Moreover I

[ more ] [ reply ]

Re: Security contact wanted 2004-07-11
Patrick van Zweden (patrick vanzweden org)

S G Masood wrote:
> Does anyone know the security contact for Rediff.com,
> Indiatimes.com or Sify.com? Please let me know if you
> do.

According to whois the technical contact seems to be:
Reddiff.com : bhushang (at) REDIFF.CO.IN
indiatimes.com : raman.gulati (at) timesgroup.com
sify.com: hostmast

[ more ] [ reply ]

RE: Unchecked buffer in mstask.dll 2004-07-14
Thor Larholm (tlarholm pivx com)

In MS02-022 the only workaround Microsoft lists is this: "Do not open or
save .job files that you receive from untrusted sources."

As you mentioned, this vulnerability can be triggered automatically
without user interaction and without opening or saving .job files by
navigating to an explorer folde

[ more ] [ reply ]

RE: Unchecked buffer in mstask.dll 2004-07-15
Thor Larholm (tlarholm pivx com)

My bad, I meant to say MS04-022 which correctly list a patch for Windows
XP. I tried correcting my error in an immediate followup post and wrote
bugtraq-owner (at) securityfocus (dot) com [email concealed] to clarify but the original post got
approved.

Regards

Thor Larholm

-----Original Message-----
From: Mark Litchfield [

[ more ] [ reply ]

Re: Microsoft Window Utility Manager Local Elevation of Privileges 2004-07-14
KF (lists) (kf_lists secnetops com)

>This isn't quite right - on my system at least, browsing for cmd.exe
>in this way generates an error:
>"The C:\WINNT\system32\cmd.exe file is not a Windows Help file, or the
>file is corrupted."
>
>
>
Right click on cmd.exe and choose Open (from the list) instead of
selecting it and pressing en

[ more ] [ reply ]

Re: aterm 0.4.2 tty permission weakness 2004-07-14
Sebastian Hans (hanss in tum de)

Maarten Tielemans wrote:
>
>
> Aterm has an issue with creating a terminal.
>
> A quick ?ls ?al? on a aterm with ?mesg y? shows:
> crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3
> with ?mesg n?:
> crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3
>
> 1) World (nobody) is

[ more ] [ reply ]

RE: Two Vulnerabilities in Mozilla may lead to remote compromise 2004-07-13
Pavel Kankovsky (peak argo troja mff cuni cz)

On Tue, 13 Jul 2004, Jelmer wrote:

> I was under the impression that mozilla firefox disallowed access to local
> files (not sure about mozilla but I assume it's the same)
>
> When I link to a local file from the internet, I get a
> Security Error: Content at http:///.... May not load or link to

[ more ] [ reply ]

Re: aterm 0.4.2 tty permission weakness 2004-07-14
Armin Wolfermann (aw osn de)

* Maarten Tielemans <TTIelu_DaInfraCrew (at) hotmail (dot) com [email concealed]> [14.07.2004 00:26]:
> Aterm has an issue with creating a terminal.

From the aterm ./configure --help output:

--enable-ttygid enable tty setting to group "tty" - use only if
your system uses this type of security

[ more ] [ reply ]

RE: Unchecked buffer in mstask.dll 2004-07-14
psz maths usyd edu au (Paul Szabo)

Thor wrote about IconHandler starting mstask. Are there any other dangerous
IconHandler entries: is there a way we can reassure ourselves that the
others are safe?

Being curious, on Win2k, I copied cmd.exe (from winnt\system32) as xyz.pif;
then (right-click) Properties, Program crashes explorer. Is

[ more ] [ reply ]

Re: Mac OS X stores login/Keychain/FileVault passwords on disk 2004-07-12
Adi Kriegisch (adi cg tuwien ac at)

The swapfiles are deleted on startup -- this means even a clean shutdown by
user leaves the passwords on disk.
So if you loose your powerbook someone might boot it in "target disk mode" and
will be able to get your password!

Adi

===
> It seems that Mac OS X (10.3.4 tested) doesn't bother clearin

[ more ] [ reply ]

[CLA-2004:846] Conectiva Security Announcement - kernel 2004-07-15
Conectiva Updates (secure conectiva com br)

[ GLSA 200407-13 ] PHP: Multiple security vulnerabilities 2004-07-15
Kurt Lieber (klieber gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

MDKSA-2004:068 - Updated php packages fix multiple vulnerabilities 2004-07-14
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:070 - Updated freeswan and super-freeswan packages fix certificate chain authentication vulnerability 2004-07-14
Mandrake Linux Security Team (security linux-mandrake com)

[HV-MED] DoS in Microsoft SMS Client 2004-07-14
vuln hexview com

RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC 2004-07-14
Drew Copley (dcopley eEye com)

> -----Original Message-----
> From: Ferruh Mavituna [mailto:ferruh (at) mavituna (dot) com [email concealed]]
> Sent: Wednesday, July 14, 2004 7:52 AM
> To: 'L33tPrincess'; bugtraq (at) securityfocus (dot) com [email concealed];
> full-disclosure (at) lists.netsys (dot) com [email concealed]
> Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and
> Execute, POC
>
> > Is

[ more ] [ reply ]

PHP BB bug 2004-07-11
sasan hezarkhani (gootiker gmail com)

Hello,

i dont know if my foundation is acceptable or not but here we go i post it...

when u right an SQL query in the highlight section of the PHPBB u'll get all of the page highlighted

example :

forums/viewtopic.php?t=[NUMBER HERE]&highlight=Bug,SELECT * FROM $table

Thank You

[ more ] [ reply ]

TSSA-2004-013 - php 2004-07-14
tinysofa Security Team (security tinysofa org)

========================================================================
===
_
|_ . _ _ _ (_ _
|_ | | ) \/ _) (_) | (_|
/

[ more ] [ reply ]

[security bulletin] SSRT4741 rev.1 DCE for HP OpenVMS Potential RPC Buffer Overflow Attack VU#259796, VU#568148, VU#326746 2004-07-14
Boren, Rich (SSRT) (rich boren hp com)

RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC 2004-07-14
Ferruh Mavituna (ferruh mavituna com)

> Is the vulnerability mitigated by
> today's Microsoft patch?

Both of POCs are working well (at least in my system -W2K3 all patches-)
after recent MS patches.

Can anyone confirm this ?

Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

> -----Original Me

[ more ] [ reply ]

RE: HijackClick 3 2004-07-14
http-equiv (at) excite (dot) com [email concealed] (1 malware com)

Thor Larholm ha scritto nel messaggio:

> From: Drew Copley
> > In fact, I don't think there has been a bug in about ten
> > months (coincidentally) that does not rely on either
Jelmer's
> > adodb bug or your shell.application bug.

> I'm sorry, but did everybody suddenly forget about codeBa

[ more ] [ reply ]

Advisory 11/2004: PHP memory_limit remote vulnerability 2004-07-13
Stefan Esser (s esser e-matters de)

Re: Microsoft Window Utility Manager Local Elevation of Privileges 2004-07-14
Chris Paget (ivegotta tombom co uk)

On Tue, 13 Jul 2004 16:00:33 -0400, you wrote:

>Microsoft Window Utility Manager Local Elevation of Privileges

<snip>

>To exploit the vulnerability, an attacker would need only to run the
>following code:
>
>After this code has been executed, winhlp32.exe will ask the attacker to
>locate the um

[ more ] [ reply ]

[ GLSA 200407-11 ] wv: Buffer overflow vulnerability 2004-07-14
Thierry Carrez (koon gentoo org)

Advisory 12/2004: PHP strip_tags() bypass vulnerability 2004-07-13
Stefan Esser (s esser e-matters de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

e-matters GmbH
www.e-matters.de

-= Security Advisory =-

Advisory: PHP strip_tags() bypass vulnerability
Release Date: 2004/07/14
Last Modified: 2004/07/14
Autho

[ more ] [ reply ]

Ref: http://www.securityfocus.com/archive/1/367866, Jul 1 2004 1:19PM, Subj: Brightmail leaks other user's spam 2004-07-14
Sym Security (secure symantec com)

Thomas Springer posted:

Brightmail Spamfilter 6.0 offer a possibility to manage mails identified
as spam in a http-driven "control-center" on the
Brightmail-Server via links like
http://SERVER:41080/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-
3;3-0

Simply altering the last numbers in th

[ more ] [ reply ]

Microsoft Windows Task Scheduler '.job' Stack Overflow 2004-07-14
NGSSoftware Insight Security Research (nisr nextgenss com)

NGSSoftware Insight Security Research Advisory

Name: Microsoft Windows Task Scheduler '.job' Stack Overflow
Confirmed Systems Affected: Microsoft Windows XP
Systems Reportedly Affected: Windows 2000 and Windows NT SP6 with
Microsoft Internet Explorer 6.
Severity: Criti

[ more ] [ reply ]

Unchecked buffer in mstask.dll 2004-07-14
Brett Moore (brett moore security-assessment com)

========================================================================

= Unchecked buffer in mstask.dll
=
= MS Bulletin posted:
= http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
=
= Affected Software:
= Microsoft Windows 2000 Service Pack 4
= Microsoft Windows XP, Microsoft Windo

[ more ] [ reply ]