SecurityFocus Linux Newsletter #113

SecurityFocus Linux Newsletter #113

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Securing Outlook, Part Two: Many Choices to Make
2. SecurityFocus DPP Program
3. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. LINUX VULNERABILITY SUMMARY
4. CUPS File Descriptor Leakage Denial Of Service Vulnerability
5. CUPS Insecure Temporary File Creation Vulnerability
6. CUPS HTTP Interface Integer Overflow Vulnerability
7. CUPS Remote Printer Addition Vulnerability
8. CUPS strncat() Function Call Buffer Overflow Vulnerability
9. CUPS Image Filter Zero Width GIF Memory Corruption Vulnerability
10. CUPS lp Image Handler Integer Overflow Vulnerabilities
11. CUPS Negative Length HTTP Header Vulnerability
12. Axis Embedded Device Authentication Buffer Overflow Vulnerability
13. RealNetworks Helix Universal Server RTSP Transport Buffer...
14. W-Agora EditForm.PHP Cross-Site Scripting Vulnerability
15. MATLAB Mex Insecure Temporary Files Vulnerability
16. MATLAB Mex Local Command Execution Vulnerability
17. SPGPartenaires Multiple SQL Injection Vulnerabilities
18. R ealNetworks Helix Universal Server Long URI Dual HTTP...
19. Internet Junkbuster Proxy Unauthorized Connections Vulnerability
20. RealNetworks Helix Universal Server RTSP Describe Buffer...
21. PHP-Nuke CRLF Injection Vulnerability
22. CHETCPASSWD Shadow File Disclosure Vulnerability
23. KDE Parameter Quoting Shell Command Execution Vulnerability
24. W -Agora EditForm.PHP PHP Include Vulnerability
25. PHP-Nuke Modules.PHP Denial Of Service Vulnerability
26. Apache printenv Sample Script Cross Site Scripting Vulnerability
27. MATLAB Insecure Temporary Files Vulnerability III. LINUX FOCUS LIST SUMMARY
28. User?s and Shells (Thread)
29. re: quotas on Redhat 7.3 problem (Thread)
30. User´s and Shells (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORM
31. Covalent Fast Start Server
32. DirectorySmart
33. EncrLib ECC Cryptographic Library
34. NEW TOOLS FOR LINUX PLATFORMS
35. CmosPwd 2.1 (Linux)
36. dkbf 0.1.1b
37. pycrack 0.1 VI. SPONSOR INFORMATION
38. FRONT AND CENTER

    ---

39. Securing Outlook, Part Two: Many Choices to Make By Scott Granneman

This is the second of two articles focusing on ways to secure one of the world's most popular e-mail clients, Microsoft's Outlook. The first article offered a brief overview of Outlook, as well as some security issues. It also discussed configuring Outlook for optimal security. This article will look at some more things that Outlook users can do to secure their e-mail.

http://online.securityfocus.com/infocus/1652

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

3. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. CUPS File Descriptor Leakage Denial Of Service Vulnerability BugTraq ID: 6440 Remote: Yes Date Published: Dec 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6440 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

A vulnerability has been discovered in CUPS that may, under some circumstances, leak file descriptor information. This issue exists because CUPS does not adequately check any return values on file and socket operations. By exploiting this vulnerability it may be possible for a remote attacker to cause a denial of service.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

2. CUPS Insecure Temporary File Creation Vulnerability BugTraq ID: 6435
Remote: No
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6435
Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

It has been reported that some versions of CUPS may create temporary files in an insecure manner.

The vulnerability occurs when creating the '/etc/cups/certs/<pid>' file. An attacker can exploit this vulnerability to create or overwrite any file with elevated privileges.

Successful exploitation is time dependent and require the attacker to obtain the 'lp' user privileges. Obtaining 'lp' privileges may be achieved by exploiting the vulnerabilities described in BIDs 6433 and 6434.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Several vendors distribute CUPS by default; in some cases, it is the default method used for printing.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

3. CUPS HTTP Interface Integer Overflow Vulnerability BugTraq ID: 6433
Remote: Yes
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6433
Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

An integer overflow vulnerability has been reported in the HTTP server component of CUPS. The condition is related to the processing of HTML variables and their values.

It is reportedly possible for remote attackers to exploit this vulnerability to execute instructions on target systems. Successful attacks may grant local access to adversaries with user 'lp' and group
'sys' privileges. It is significantly easier for attackers to obtain
superuser privileges once local access has been obtained.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

4. CUPS Remote Printer Addition Vulnerability BugTraq ID: 6436
Remote: Yes
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6436
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

CUPS is prone to a vulnerability which may allow attackers to add printers.

It has been reported that an attacker may send a specially crafted UDP packet to the CUPS server which will cause a printer to be temporarily added and configured to listen on a high port. It is then reportedly possible for an attacker to request and receive the local root certificate. This certificate may be used to authenticate to the web administrative interface, where it is possible to create a printer with root privileges.

Technical details about the exact nature of this issue are not known at this time. This issue is believed to be caused, in part, by a design flaw in the certificate authentication scheme employed by CUPS.

Successful exploitation may provide an attacker with means to exploit other known issues in CUPS.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

5. CUPS strncat() Function Call Buffer Overflow Vulnerability BugTraq ID: 6438
Remote: Yes
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6438
Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for CUPS that may allow attackers to execute code with root privileges. The vulnerability exists in the jobs.c source file. Reportedly, some functions use the strncat() function call improperly. Specifically, strncat()is used in an insecure manner to build the 'options' string.

When the CUPS daemon receives specially constructed printer attributes, it will trigger a buffer overflow condition when building the 'options' string and may result in the corruption of sensitive memory with attacker-supplied values.

By exploiting this vulnerability in conjunction with the vulnerability described in BID 6436, it may be possible for an attacker to execute code with root privileges.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

6. CUPS Image Filter Zero Width GIF Memory Corruption Vulnerability BugTraq ID: 6439
Remote: Yes
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6439
Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

CUPS image filters do not properly handle GIF files with a width field set to zero. As a result, if an attacker submits a properly malformed image, it may be possible to manipulate and corrupt chunk headers with attacker-supplied data. Given the ability to corrupt memory with attacker-supplied data, it is possible to cause arbitrary code to be executed.

Successful exploitation will result in code execution in the security context of CUPS. The attacker must be able to cause the malformed image to be processed by CUPS to exploit this issue.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

7. CUPS lp Image Handler Integer Overflow Vulnerabilities BugTraq ID: 6434
Remote: Unknown
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6434
Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

It has been reported that the image handling component of CUPS is vulnerable to integer overflow conditions. These flaws may be exploited by local attackers to execute instructions with elevated privileges. Attackers may gain user 'lp', group 'sys' privileges. Depending on system configuration, other privileges may be gained.

Though it is believed that this vulnerability is locally exploitable, it has not been confirmed that it isn't remotely exploitable. Malicious remote attackers with access to print may be able to leverage this condition to execute code on the affected print server by printing documents with malformed images.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

8. CUPS Negative Length HTTP Header Vulnerability BugTraq ID: 6437
Remote: Yes
Date Published: Dec 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6437
Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems.

An attacker can exploit this vulnerability by connecting to a vulnerable system on TCP port 631 and issuing malformed HTTP headers with a negative value for the 'Content-Length' or 'Transfer-Encoding' field. When the cupsd service receives this request, it will crash.

This vulnerability is very similar to the issue described in BID 5033. It may be very likely that this vulnerability may be exploited to execute malicious attacker-supplied code on BSD, and possibly other, platforms.

It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

9. Axis Embedded Device Authentication Buffer Overflow Vulnerability BugTraq ID: 6452
Remote: Yes
Date Published: Dec 20 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6452
Summary:

Axis Network Cameras, Video Servers, and Network Digital Video Recorders contain a modified version of the Boa web server running on embedded Linux.

There is an unchecked buffer in the authentication code for the modified Boa web server. Successful exploitation of this vulnerability may lead to a denial of service or execution of arbitrary code. Since this issue exists in the authentication code, it may be possible for an attacker to exploit this vulnerability without being logged in.

This vulnerability only exists in this modified version of Boa and not the official Boa distribution version.

1. RealNetworks Helix Universal Server RTSP Transport Buffer Overflow Vulnerability BugTraq ID: 6454 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6454 Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.

A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'transport' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Due to this server running on TCP port 554 on most Windows systems, and the server being installed as a system service, exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.

1. W-Agora EditForm.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6464 Remote: Yes Date Published: Dec 22 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6464 Summary:

W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems.

A problem with W-Agora may make cross-site scripting attacks possible.

It has been reported that W-Agora has a vulnerability in the handling of script code. It is possible to format a malicious link containing arbitrary script code or HTML that when clicked on would execute in the security context of the vulnerable site. This would result in a browser security violation, and could lead to the theft of authentication cookies of administrators.

1. MATLAB Mex Insecure Temporary Files Vulnerability BugTraq ID: 6469 Remote: No Date Published: Dec 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6469 Summary:

MATLAB is a language and technical computing environment. It is available for a number of platforms, including Linux and Unix variants and Microsoft Windows.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

MATLAB is prone to an issue which may allow local attackers to corrupt files.

The MATLAB Mex script uses the process ID (PID) when naming temporary files. If an attacker can anticipate the name of temporary files created by Mex, then the attacker can place a malicious symbolic link in place of the temporary files. If the symbolic link points to a file which is writeable by the user running the program, then they will be corrupted when the Mex script performs any actions on temporary files.

This may result in critical files being overwritten. If an attacker can cause files to be overwritten with custom data, then it may be possible to elevate privileges.

1. MATLAB Mex Local Command Execution Vulnerability BugTraq ID: 6470 Remote: No Date Published: Dec 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6470 Summary:

MATLAB is a language and technical computing environment. It is available for a number of platforms, including Linux and Unix variants and Microsoft Windows.

MATLAB is prone to an issue which may allow local attackers to execute arbitrary commands with elevated privileges.

The MATLAB Mex script creates temporary files which are later executed to perform various actions. If an attacker can anticipate the name of a temporary file created by the Mex script, it is possible to create a malicious file in the place of the temporary file. The Mex script will then reportedly execute the malicious file.

Successful exploitation will result in arbitrary command execution with the privileges of the user running the Mex script.

This issue is compounded by the fact that Mex uses predictable names when creating temporary files, as described in BID 6469 "MATLAB Mex Insecure Temporary Files Vulnerability".

1. SPGPartenaires Multiple SQL Injection Vulnerabilities BugTraq ID: 6455 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6455 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SPGPartenaires is a partner management script written in PHP and that uses a SQL backend. It is available for the Linux, Unix, and Microsoft Windows operating systems.

Several vulnerabilities have been discovered in SPGPartenaires. These vulnerabilities are due to insufficient sanitization of variables used to construct SQL queries in various scripts, including 'indent.php',
'index2.php', and 'delete.php'. Specifically, the 'pass' and 'SPGP'
variables are not sanitized of malicious SQL input. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

By injecting SQL code into the 'pass' or 'SPGP' variable, it may be possible for an attacker to corrupt member information. It may also be possible for attackers to perform more advanced attacks on the underlying database.

1. RealNetworks Helix Universal Server Long URI Dual HTTP Request Buffer Overflow Vulnerability BugTraq ID: 6458 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6458 Summary:

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.

A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking, when a long URI is requested via the HTTP server in two separate connections, a boundry condition error occurs. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.

1. Internet Junkbuster Proxy Unauthorized Connections Vulnerability BugTraq ID: 6471 Remote: Yes Date Published: Dec 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6471 Summary:

Internet Junkbuster is a utility that prevents a web browser from displaying advertisement images.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability in Junkbuster may allow remote attackers to abuse the proxy to make unauthorized connections to arbitrary ports on any hosts that the proxy may access.

It is possible to exploit this issue using the CONNECT method to proxy an unauthorized connection to an arbitrary port on any host the proxy may access. The affected product does not appear to have a mechanism for restricting which ports can be connected to using the CONNECT method.

This vulnerability has been reported for Junkbuster 2.01. Junkbuster is installed as part of RedHat Linux's complete installation.

1. RealNetworks Helix Universal Server RTSP Describe Buffer Overflow Vulnerability BugTraq ID: 6456 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6456 Summary:

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.

A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'describe' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Due to this server running on TCP port 554 on most Windows systems, and the server being installed as a system service, exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.

1. PHP-Nuke CRLF Injection Vulnerability BugTraq ID: 6446 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6446 Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Throughout PHP-Nuke, the PHP mail() function is implemented to handle email through web-based intefaces for various purposes (for features such as "feedback", "send this to a friend", etc). There is no input validation performed on user data passed to this function. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages.

Attackers may exploit this weakness to manipulate the structure of outgoing messages. For example, it may be possible for attackers to set the recipient to an arbitrary value. This could be leveraged by individuals to send mass unsolicited mail in a manner similar to how "formmail" is actively exploited (BID 3955).

1. CHETCPASSWD Shadow File Disclosure Vulnerability BugTraq ID: 6472 Remote: Yes Date Published: Dec 22 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6472 Summary:

CHETCPASSWD is a web-based utility which allows users to change their system passwords remotely. It is available for Unix and Linux variants.

CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker.

It is possible to exploit this issue by sending an overly long string (120+ characters) as a value for the 'user' URI parameter in a request to the 'chetcpasswd.cgi'.

The type of information disclosed may aid the attacker in mounting further attacks against the system hosting the vulnerable software.

20. KDE Parameter Quoting Shell Command Execution Vulnerability BugTraq ID: 6462
Remote: Yes
Date Published: Dec 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6462
Summary:

KDE is a freely available, open source X Desktop Manager. It has application features to make systems user-friendly, and is designed for Unix and Linux operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with KDE could lead to arbitrary command execution.

It has been discovered that KDE insecurely handles some types of input. Under some circumstances, KDE does not properly quote parameters of commands passed to the command shell. By creating a custom, malicious string in an attacker-controlled medium of delivery, it would be possible execute commands with the privileges of the user receiving the malicious string.

This vulnerability could be exploited through one of several mediums, such as email, webpages, or files on a network file system. This vulnerability additional has the potential to give the attacker remote access with the privileges of the user receiving the malicious string.

21. W-Agora EditForm.PHP PHP Include Vulnerability BugTraq ID: 6463
Remote: No
Date Published: Dec 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6463
Summary:

W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems.

A problem with W-Agora may make possible the execution of arbitrary commands.

It has been reported that W-Agora has a vulnerability in the handling of PHP includes. By placing a file on a local system, a user could cause the execution of commands in the file to be carried out in the context of the web server process. This would require an administrator clicking a link after having logged into to access the editform.php page.

22. PHP-Nuke Modules.PHP Denial Of Service Vulnerability BugTraq ID: 6465
Remote: Yes
Date Published: Dec 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6465
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate URI parameters.

An attacker can exploit this vulnerability by modifying the 'name' parameter when making a request for modules.php. This will prevent visitors to the site hosting PHP-Nuke from creating a new account thereby leading to a denial of service condition.

This vulnerability was reported for PHP-Nuke 6.0. It is not known whether earlier versions are affected.

23. Apache printenv Sample Script Cross Site Scripting Vulnerability BugTraq ID: 6466
Remote: Yes
Date Published: Dec 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6466
Summary:

Apache is a freely available webserver for Unix and Linux variants, as well as Microsoft operating systems.

A cross site scripting vulnerability has been reported in a sample script included with Apache. The vulnerability exists in the 'printenv' sample script, which is typically installed in the 'cgi-bin' directory.

Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code. Attacker-supplied HTML and script code may be executed on a web client visiting the malicious link in the context of the vulnerable server.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may be exploited to steal cookie-based authentication credentials.

It should be noted that this script is not installed as an executable script and any output is generated as plain text. However, some browsers may not properly interpret the TEXT/PLAIN MIME header and may render any output messages in HTML.

24. MATLAB Insecure Temporary Files Vulnerability BugTraq ID: 6468
Remote: No
Date Published: Dec 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6468
Summary:

MATLAB is a language and technical computing environment. It is available for a number of platforms, including Linux and Unix variants and Microsoft Windows.

MATLAB is prone to an issue which may allow local attackers to corrupt files.

MATLAB uses the process ID (PID) when naming temporary files. If an attacker can anticipate the name of temporary files created by MATLAB, then the attacker can place a malicious symbolic link in place of the temporary files. If the symbolic link points to a file which is writeable by the user running the program, then they will be corrupted when MATLAB performs any actions on temporary files.

This may result in critical files being overwritten. If an attacker can cause files to be overwritten with custom data, then it may be possible to elevate privileges.

III. LINUX FOCUS LIST SUMMARY

1. User?s and Shells (Thread) Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/91/304490

2. re: quotas on Redhat 7.3 problem (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/304486

3. User´s and Shells (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/304484

IV. NEW PRODUCTS FOR LINUX PLATFORM

1. Covalent Fast Start Server by Covalent Technologies Platforms: AIX, BSDI, DG-UX, FreeBSD, HP-UX, Linux, NetBSD, OpenBSD, Solaris, UNIX, Unixware Relevant URL: http://www.covalent.net/products/faststart/

Covalent Fast Start Server automatically produces an Apache configuration suitable for many enterprise applications. Because of Apache's standards-based interoperability, Fast Start Server is able to serve as the presentation layer for all major application servers, databases and Web-based applications, reducing the complexity of Web infrastructures. It includes a streamlined installer for rapid deployment.

2. DirectorySmart
by OpenNetwork Technologies
Platforms: AIX, HP-UX, Linux, Solaris, Windows NT Relevant URL:
http://www.opennetwork.com/products/

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By defining and enforcing eBusiness rules through user security and secure access, DirectorySmart enables eBusinesses to provide self-service applications and create tight customer feedback loops. DirectorySmart scales to millions of users and is designed for the largest and most complex of computing environments. DirectorySmart makes it possible for enterprises to manage information access for thousands, or even millions, of users, all of whom require different levels of application access, without adding dramatically to the burden on corporate IT departments or risking the security of sensitive corporate data.

EncrLib ECC Cryptographic Library
by Encryption Software
Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT Relevant URL:
http://www.encrsoft.com/products/encrlib.html

EncrLib ECC Cryptographic Library is a C++, secure, powerful, portable, easy-to-use, and extremely fast public-key encryption and digital signature solution, based on the most exciting public-key development in the cryptographic community of the last decade -- Elliptic Curve Cryptography (ECC).

V. NEW TOOLS FOR LINUX PLATFORMS

1. CmosPwd 2.1 (Linux) by Christophe Grenier, grenier@nef.esiea.fr Relevant URL: http://www.esiea.fr/public_html/Christophe.GRENIER/ Platforms: Linux Summary:

BIOS setup can be password protected. You can get back your password with CmosPwd.

2. dkbf 0.1.1b
by d4b0rg
Relevant URL:
http://dkbf.sourceforge.net
Platforms: Linux
Summary:

dkbf is a Distributed, Keyboard, Brute-Force program for Linux clusters that attacks Windows NT Lanman and NT hashes using the Message Passing Interface (MPI) to distribute the program L0phtCrack by the L0pht.

3. pycrack 0.1
by Knight, knight@phunc.com
Relevant URL:
http://www.phunc.com/tools
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Solaris, SunOS, UNIX, Windows 2000, Windows 95/98, Windows NT
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Simple passwd file cracker written in python. Also includes a script to merge shadow files.

VI. SPONSOR INFORMATION

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php