SecurityFocus Linux Newsletter #109

SecurityFocus Linux Newsletter #109

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. SQL Injection and Oracle, Part Two
2. When Washington Mimics Sci Fi
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. LINUX VULNERABILITY SUMMARY
5. SSH Communications SSH Server Privilege Escalation Vulnerability
6. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities
7. VBulletin members2.php Cross Site Scripting Vulnerability
8. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability
9. Null HTTPD Remote Heap Corruption Vulnerability
10. FreeNews Include Undefined Variable Command Execution...
11. Pserv HTTP POST Request Buffer Overflow Vulnerability
12. phpBB Script Injection Vulnerability
13. Web Server Creator Web Portal Remote File Include Vulnerability
14. Bugzilla quips Feature Cross Site Scripting Vulnerability
15. YaBB YaBB.pl Cross Site Scripting Vulnerability
16. Traceroute-Nanog Hostname Buffer Overflow Vulnerability
17. SSH Communications Secure Shell Windows Client URL Catcher...
18. Lib CGI Include Buffer Overflow Vulnerability
19. News Evolution Include Undefined Variable Command Execution...
20. PortailPHP SQL Injection Vulnerability
21. pWins Web Server Directory Traversal Vulnerability
22. Bogofilter Bogopass Insecure Temporary File Creation...
23. Boozt index.cgi Buffer Overrun Vulnerability
24. Traceroute-Nanog Spray Buffer Overflow Vulnerability III. LINUX FOCUS LIST SUMMARY
25. iptables REJECT types for UDP (if any) (Thread)
26. kazaa, dante, and iptables (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORM
27. ArcSight Enterprise Security Management Software
28. NetVigil
29. Arkeia 5
30. NEW TOOLS FOR LINUX PLATFORMS
31. MasarLabs NoArp v1.0.0
32. BW-IPFM v1.1
33. Sysload server monitor v4.5 VI. SPONSOR INFORMATION
34. FRONT AND CENTER

    ---

35. 1. SQL Injection and Oracle, Part Two By Pete Finnigan

This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment looked at SQL injection and how Oracle database applications are vulnerable to this attack, and looked at some examples. This segment will look at detecting SQL injection attacks and protecting against SQL injection.

http://online.securityfocus.com/infocus/1646

2. When Washington Mimics Sci Fi
By George Smith

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

John Poindexter's evil design for an all-seeing God Machine seems torn from the pages of visionary science fiction, where such schemes rarely end well.

http://online.securityfocus.com/columnists/126

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. SSH Communications SSH Server Privilege Escalation Vulnerability BugTraq ID: 6247 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6247 Summary:

Secure Shell is the commercial SSH implementation distributed and maintained by SSH Communications. It is available for the Unix, Linux, and Microsoft Windows platforms.

SSH Communications has reported a vulnerability in SSH server, which could result in local privilege escalation.

The setsid() function is used to create a new process group for forked processes. It has been reported that SSH server fails to run setsid() on non-interactive sessions, resulting in user processes in the parent process group and retaining the 'root' login name.

By executing programs that verify privileges against the login name (for example, those that rely on the BSD getlogin() function), it may be possible to execute various actions with escalated privileges.

Exploiting this issue has varied results depending on the operating system.

For this issue to be exploitable an attacker must have a local account on the target system.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 6244
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6244
Summary:

PHP-Nuke is a web based Portal system. Implemented in PHP, it is available for a range of systems, including Microsoft Windows and Linux.

Several cross site scripting vulnerabilities have been reported for PHP-Nuke. Affected modules include the Discussion module, News module, and PM module among others. This vulnerability is due to insufficient sanitization of all HTML tags.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web-based forum.

Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

These vulnerabilities have been reported for PHP-Nuke 6.5b1 and earlier.

3. VBulletin members2.php Cross Site Scripting Vulnerability BugTraq ID: 6246
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6246
Summary:

vBulletin is commercial web forum software written in PHP and back-ended by a MySQL database. It will run on most Linux and Unix variants, as well as Microsoft operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The $perpage variable is used to control the way of reciting subscribed threads. This variable is later added to a query that is used to fetch database records. If an invalid value is passed to the $perpage variable, an error page is generated. Due to insufficient sanitization of data passed to the $perpage variable, it is possible to inject script code into the variable, which will be included in the error page.

As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running vBulletin.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may use cookie-based authentication credentials to hijack the session of the legitimate user.

4. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability BugTraq ID: 6254
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6254
Summary:

The Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Both products are available for a range of platforms, including Microsoft Windows and Linux.

An integer overflow vulnerability has been reported for the Netscape/Mozilla POP3 mail handler routines. These routines are found in
'mozilla/mailnews/local/src/nsPop3Protocol.cpp'. Reportedly, insufficient
checks are performed on some server-supplied values. Specifically, the value for m_pop3ConData->number_of_messages is not sufficiently checked for large values.

An attacker may exploit this vulnerability through an attacker-controlled POP3 server. By issuing a very large integer value that is used by the Netscape/Mozilla POP3 mail handler, it may be possible to cause the integer overflow condition and allocate a buffer that is too small. A buffer overflow condition may result if the malicious attacker-controlled server attempts to write into the buffer at a location beyond the boundary of what was actually allocated.

Successful exploitation of this vulnerability may allow an attacker to obtain control over the execution of the vulnerable Netscape/Mozilla process.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. Null HTTPD Remote Heap Corruption Vulnerability BugTraq ID: 6255
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6255
Summary:

The ReadPOSTData() function allocates in_ContentLength+1024 into the pPostData buffer, which is used to receive POST data. The server reads POST data into the pPostData buffer from a network socket until the data received is less then 1024 bytes.

Sending over 1024 bytes of POST data will cause the server to read up to another 1024 bytes from the socket. If a small ContentLength is supplied by the attacker, it is possible overflow the allocated buffer while reading in the second packet of data. This is due to an insufficient loop parameter while receiving data from the network.

An attacker may exploit this condition to overwrite arbitrary words in memory through the free() function. This may allow for the execution of arbitrary code.

It should be noted that this vulnerability is similar to the issue described in BID 5574, but requires a slightly different method to trigger.

6. FreeNews Include Undefined Variable Command Execution Vulnerability BugTraq ID: 6258
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6258
Summary:

FreeNews is a freely available, open source News software package. It is written in PHP, and designed for use on Unix and Linux operating systems.

A problem with FreeNews could make command execution possible.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Programming errors in FreeNews could lead to the inclusion of arbitrary files on remote servers in the web application. It is possible for a remote user to place commands in these include files that could result in execution on the local host. This would make remote arbitrary command execution as the web user possible.

The problem occurs in the aff_news.php file. By loading this file, and defining the chemin variable to an arbitrary location, commands can be executed on the local host. This vulnerability may also be used to reveal sensitive information on the local host.

7. Pserv HTTP POST Request Buffer Overflow Vulnerability BugTraq ID: 6242
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6242
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. Reportedly, it is possible to overflow a local buffer by making a malicious HTTP request.

Due to insufficient checks performed on user-supplied, by omitting the
'\n' character from a malicious POST request, it is possible to overrun
the 'token' buffer.

Exploitation of this issue will result in a denial of service. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

This vulnerability was reported for Pserv 2.0 beta 3. It is likely that earlier versions are affected.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. phpBB Script Injection Vulnerability
BugTraq ID: 6248
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6248
Summary:

phpBB2 is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

phpBB does not properly sanitize script code from HTML tags embedded in a forum posting. This vulnerability could allow a user to inject malicious script code into forum postings that would in turn be executed when the page is viewed by a legitimate user of the forum. The attacker-supplied code would be executed in the security context of the phpBB site.

The attacker supplied code would be able to access cookie data, including authentication credentials, and to take actions on the vulnerable site as the currently authenticated user.

9. Web Server Creator Web Portal Remote File Include Vulnerability BugTraq ID: 6251
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6251
Summary:

Web Server Creator is a PHP based portal that includes a forum, chat, guestbook, and news functions. It operates on Windows, Linux, and Unix systems.

The Web Server Creator Web Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in the customize.php and index.php scripts.

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the 'l' or
'pg' parameter.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.

1. Bugzilla quips Feature Cross Site Scripting Vulnerability BugTraq ID: 6257 Remote: Yes Date Published: Nov 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6257 Summary:

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Operating Systems.

A cross site scripting vulnerability has been reported for Bugzilla. This vulnerability only affects users who have the 'quips' feature enabled.

The quips feature is designed to put short, user-supplied comments at the top of bug lists. Reportedly, Bugzilla does not properly sanitize any input submitted by users.

As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.

1. YaBB YaBB.pl Cross Site Scripting Vulnerability BugTraq ID: 6272 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6272 Summary:

YaBB (Yet Another Bulletin Board) is freely available web forum software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms.

A cross-site scripting vulnerability has been reported in the YaBB forum
'YaBB.pl' script. This vulnerability is due to insufficient sanitization
of URI parameters.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

As a result, it is possible for a remote attacker to create a malicious link to the login page of a site hosting the web forum. The malicious link may contain arbitrary HTML code in URI parameters. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website.

It has been demonstrated that this vulnerability may be exploited to steal cookie-based authentication credentials.

This vulnerability has been reported for YaBB 1 Gold - SP 1. It is not known if other versions are affected.

1. Traceroute-Nanog Hostname Buffer Overflow Vulnerability BugTraq ID: 6274 Remote: No Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6274 Summary:

Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. This vulnerability affects the Traceroute-Nanog program, written for Unix and Linux operating systems.

A problem with Traceroute-Nanog may make it possible to execute arbitrary code locally on a vulnerable host.

It has been reported that a buffer overflow exists in Traceroute-Nanog. Due to insufficient bounds checking in the Traceroute-Nanog program, a user may execute the program with a hostname of arbitrary length, and cause the overwriting of stack memory within the process. This could result in the execution of attacker-supplied instructions.

This program may present a risk if installed with setuid privileges. By default, this program is installed with setuid privileges on Linux operating systems such as SuSE.

1. SSH Communications Secure Shell Windows Client URL Catcher Buffer Overflow Vulnerability BugTraq ID: 6263 Remote: Yes Date Published: Nov 27 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6263 Summary:

Secure Shell is the commercial SSH implementation distributed and maintained by SSH Communications. It is available for the Unix, Linux, and Microsoft Windows platforms.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overflow vulnerability has been reported for the Secure Shell Windows client. The vulnerability is due to an error in the URL handling of the Secure Shell client. Reportedly, it is possible for a buffer overflow condition to be triggered when a user clicks on a very long URL.

An attacker can exploit this vulnerability by crafting a malicious link, containing at least 480 characters, and enticing a victim user to click it. This will result in the buffer overflow condition being triggered and causing sensitive areas in memory to be overwritten with attacker-supplied values. Any malicious attacker-supplied code embedded in the URL will be executed on the victim system.

This vulnerability affects the Secure Shell client for Microsoft Windows.

1. Lib CGI Include Buffer Overflow Vulnerability BugTraq ID: 6264 Remote: Yes Date Published: Nov 27 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6264 Summary:

Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems.

A buffer overflow may make the remote execution of arbitrary code possible on a vulnerable host.

It has been reported that a buffer overflow exists in the Lib CGI development library. Due to improper bounds checking in an include file, programs making use of this include, or programs linked against libraries using this include could be vulnerable to a remote buffer overflow attack. This could result in an attacker gaining remote access with the privileges of the web server process.

The libcgi.h include distributed with the Lib CGI development package contains an erroneous piece of code. It has been reported that on line 76 of the include file, unchecked data is copied into a static buffer. This could result in the overflow of data, and potential execution of attacker-supplied instructions.

1. News Evolution Include Undefined Variable Command Execution Vulnerability BugTraq ID: 6260 Remote: Yes Date Published: Nov 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6260 Summary:

News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with News Evolution could make command execution possible.

Programming errors in News Evolution could lead to the inclusion of arbitrary files on remote servers in the web application. It is possible for a remote user to place commands in these include files that could result in execution on the local host. This would make remote arbitrary command execution as the web user possible.

The problem occurs in the aff_news.php file. By loading this file, and defining the chemin variable to an arbitrary location, commands can be executed on the local host. This vulnerability may also be used to reveal sensitive information on the local host. This same vulnerability also occurs in the export_news.php file.

An additional problem in the neurl variable could result in the same exposure in other files. It is possible to arbitrarily include code through the neurl variable in the file screen.php.

1. PortailPHP SQL Injection Vulnerability BugTraq ID: 6273 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6273 Summary:

Portail PHP is a Web portal project based PHP and MySQL. It is available for the Linux, Unix, and Microsoft Windows operating systems.

A vulnerability exists in the mod_search module included with PortailPHP. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in the 'index.php' script. Specifically, the 'rech' variable is not sanitized of malicious SQL input. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

By injecting SQL code into the 'rech' variable, it may be possible for an attacker to corrupt database information.

1. pWins Web Server Directory Traversal Vulnerability BugTraq ID: 6271 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6271 Summary:

pWins is a Web server implemented using Ruby and Perl. It is designed for use on Linux variant and Microsoft Windows operating environments.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that pWins fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root.

An attacker is able to traverse outside of the established web root by using dot-dot-slash (../) directory traversal sequences. An attacker may be able to obtain any web server readable files from outside of the web root directory.

Disclosure of sensitive system files may aid the attacker in launching further attacks against the target system.

This vulnerability has been reported for pWins 0.2.5 for the Microsoft Windows platform.

1. Bogofilter Bogopass Insecure Temporary File Creation Vulnerability BugTraq ID: 6278 Remote: No Date Published: Nov 29 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6278 Summary:

Bogofilter is a package used to filter spam from incoming email. It is available for Linux and Unix variant operating environments. Bogopass is a Perl script included with Bogofilter.

Reportedly, bogopass creates temporary files in a predictable manner. Specifically, temporary files will be created in '/tmp' as
'bogopass.<PID>'. As a result, it is possible for local attackers to read
or corrupt files readable by the bogopass process. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file which is created. Any actions performed by bogopass when it is executed will be performed on the file pointed to by the symbolic link.

An attacker may exploit this vulnerability to read, or corrupt, potentially critical system files.

1. Boozt index.cgi Buffer Overrun Vulnerability BugTraq ID: 6281 Remote: Yes Date Published: Nov 29 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6281 Summary:

Boozt is a banner management program available for the Linux operating system.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overrun has been discovered in the index.cgi script used by Boozt. By passing a string of excessive length, as the value for the $name parameter, to the vulnerable script, it is possible to overwrite a static buffer. This may result in the corruption of sensitive system memory.

By overwriting sensitive memory with attacker-supplied values, it may be possible to direct program flow to execute malicious instructions. Successful exploitation will result in the execution of arbitrary code with the privileges of the Boozt process.

This issue is known to affect Boozt 0.9.8 and it is not known whether other versions are affected.

20. Traceroute-Nanog Spray Buffer Overflow Vulnerability BugTraq ID: 6275
Remote: No
Date Published: Nov 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6275
Summary:

Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. This vulnerability affects the Traceroute-Nanog program, written for Unix and Linux operating systems.

A problem with Traceroute-Nanog may make it possible to execute arbitrary code locally on a vulnerable host.

It has been reported that a buffer overflow exists in Traceroute-Nanog. Due to insufficient bounds checking in the Traceroute-Nanog program, a user may execute the program with a spray packets amount of excessive size, and cause the overwriting of stack memory within the process. This could result in the execution of attacker-supplied instructions.

This program may present a risk if installed with setuid privileges. By default, this program is installed with setuid privileges on Linux operating systems such as SuSE.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. LINUX FOCUS LIST SUMMARY

1. iptables REJECT types for UDP (if any) (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/301524

2. kazaa, dante, and iptables (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/301501

IV. NEW PRODUCTS FOR LINUX PLATFORM

1. ArcSight Enterprise Security Management Software by ArcSight Platforms: AIX, Linux, Solaris, Windows 2000, Windows NT http://www.arcsight.com/product.htm Summary:

ArcSight is designed to distribute agents throughout the network, which will report events to central management stations. Administrators can then view events, control security policies and even replay a sequence of events to watch the attack unfold.

2. NetVigil
by Fidelia
Platforms: Linux, Solaris, Windows NT
http://www.fidelia.com/products/index.phtml Summary:

Fidelia NetVigil is a real-time integrated fault and performance management tool that provides end-to-end business visibility of your company's IT infrastructure. Fidelia NetVigil's unique architecture will scale with your organization and allow you to view and correlate data across your servers, applications and network devices. Fidelia NetVigil's instant configuration capabilities and multi-level views combine to expedite isolation and repair of IT problems, minimize downtime and reduce the cost of labor and implementation. This translates into savings for your bottom line.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Arkeia 5
by Arkeia
Platforms: AIX, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, SCO, Solaris, SunOS, True64 UNIX, Unixware, Windows 2000, Windows 95/98, Windows NT, Windows XP
http://arkeia.com/a5technical.html
Summary:

Safeguarding a company's priceless data can create a multitude of questions for system administrators. Arkeia provides proven answers: speedy, automated backup and recovery that is a reliable industry standard for heterogeneous network backup. Arkeia is quick on its feet, easy to use and smoothly compatible with almost all combinations of computers, operating systems and storage devices. It's simple to install, configured in minutes and readily adaptable to anything from a small business network to a complex enterprise. Arkeia automatically detects SCSI hardware and recognizes tape drive types. Administrators can easily choose full or incremental backups that preserve directory structure, registry, symbolic links and special attributes. Arkeia makes it easy to program "exceptions" to your backup schedule with a convenient calendar interface.

V. NEW TOOLS FOR LINUX PLATFORMS

1. MasarLabs NoArp v1.0.0 by Masar Relevant URL: http://www.masarlabs.com/noarp/ Platforms: Linux, POSIX Summary:

MasarLabs NoArp is a Linux kernel module that filters and drops unwanted ARP requests. It is useful when you need to add an alias to the loopback interface to use a load balancer.

2. BW-IPFM v1.1
by BW-IPFM
Relevant URL:
http://bw.intellos.net/
Platforms: Linux, POSIX
Summary:

BW-IPFM uses ipfm log files to generate easy-to-read reports. It can provide daily and monthly reports and reports for a specific period.

3. Sysload server monitor v4.5
by Good NRG
Relevant URL:
http://www.nrgglobal.com/products/sysload.php Platforms: AS/400, Linux, Netware, UNIX, Windows 2000, Windows NT, Windows XP
Summary:

Sysload does system performance monitoring on operating systems (Unix, Linux, Windows 2000/XP and NT, Netware, AS/400, GC0S7), databases (Oracle, SQL Server, DB2, Informix, Sybase), and applications (including Oracle Applications, SAP, Exchange, and IIS). It offers robust alerting and monitoring, and performance management solutions.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

VI. SPONSOR INFORMATION

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at https://www.qualys.com/forms/nsguideh_376.php