SecurityFocus Linux Newsletter #115

SecurityFocus Linux Newsletter #115

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. The Curmudgeon's Crystal Ball: Security Predictions for 2003
2. Open Source Honeypots: Learning with Honeyd
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March10-12,2003,Orlando,FL) II. LINUX VULNERABILITY SUMMARY
5. Half-Life HLTV Remote Denial Of Service Vulnerability
6. BitMover BitKeeper Daemon Mode Remote Command Execution...
7. Geeklog Users.PHP Cross-Site Scripting Vulnerability
8. Geeklog Comment.PHP Cross-Site Scripting Vulnerability
9. Geeklog Homepage User Field HTML Injection Vulnerability
10. vSignup Remote SQL Injection Vulnerability
11. PHP TopSites help.php Cross Site Scripting Vulnerability
12. Mambo Site Server Multiple Cross Site Scripting Vulnerabilities
13. Mambo Site Server Arbitrary File Upload Vulnerability
14. Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox...
15. FormMail Cross-Site Scripting Vulnerability
16. vAuthenticate Remote SQL Injection Vulnerability
17. PHP TopSites edit.php SQL Injection Vulnerability
18. Middleman net_dns() Frame Pointer Overwrite Vulnerability
19. Bea Systems WebLogic ResourceAllocationException System...
20. BitMover BitKeeper Local Temporary File Race Condition...
21. W-Agora Remote File Disclosure Vulnerability
22. YABB SE Reminder.PHP SQL Injection Vulnerability
23. Geeklog Profiles.PHP Multiple Cross-Site Scripting...
24. Psunami Bulletin Board Psunami.CGI Remote Command Execution...
25. PHP TopSites HTML Injection Vulnerability
26. BitMover BitKeeper Local Insecure Temporary File Permissions...
27. mpg123 Invalid MP3 Header Memory Corruption Vulnerability III. LINUX FOCUS LIST SUMMARY
28. How to build CD with chkrootkit on it? (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORM
29. neuSECURE
30. ArcSight Enterprise Security Management Software
31. NEW TOOLS FOR LINUX PLATFORMS
32. Quick Spam Filter v0.2.1
33. tcp_wrappers (socket_wrappers) v7.6j
34. Tiny SHell v0.2 VI. SPONSOR INFORMATION
35. FRONT AND CENTER

    ---

36. The Curmudgeon's Crystal Ball: Security Predictions for 2003 By Richard Forno

As we ring in the new year, it's in with the new and out with the old. Or is it? Our fearless forecaster thinks not.

http://online.securityfocus.com/columnists/135

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Open Source Honeypots: Learning with Honeyd by Lance Spitzner

Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd.

http://online.securityfocus.com/infocus/1659

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Half-Life HLTV Remote Denial Of Service Vulnerability BugTraq ID: 6579 Remote: Yes Date Published: Jan 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6579 Summary:

Half-Life is commercially available game which may be played over a network. HLTV is the Half-Life TV component of the Half-Life Dedicated Server (hlds). It is available for the Linux operating system.

A problem with HLTV could make it possible for a remote user to deny service to legitimate users.

It has been reported that under some circumstances, a remote user may cause the service to crash. By sending a specially crafted packet to the host, the service becomes unstable. The service must be manually restarted to resume normal operation.

The problem is in the handling of specific types of requests from clients. When an HLTV server receives a request of the string '\xff\xff\xff\xff\0' the server crashes. It is not know what impact this has on the operation of the game server.

Versions other than hlds 3.1.1.0 may also be affected.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. BitMover BitKeeper Daemon Mode Remote Command Execution Vulnerability BugTraq ID: 6588
Remote: Yes
Date Published: Jan 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6588
Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make remote command execution possible.

It has been reported that BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute abitrary commands.

The program does not properly filter single quotes. As a result, commands contained between quotes will be executed on the host running the vulnerable software. Any commands executed between quotes will be executed with the privileges of the BitKeeper daemon process.

3. Geeklog Users.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6602
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6602
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to a cross-site scripting vulnerability in the
'users.php' script.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

4. Geeklog Comment.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6603
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6603
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to a cross-site scripting vulnerability in the
'comment.php' script.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

5. Geeklog Homepage User Field HTML Injection Vulnerability BugTraq ID: 6604
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6604
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to HTML injection attacks.

The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field when editing their user information. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

6. vSignup Remote SQL Injection Vulnerability BugTraq ID: 6606
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6606
Summary:

vAuthenticate is an authentication script that uses PHP and MySQL. It is available for the Microsoft Windows, Linux, and Unix operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in vSignup. It has been reported that the 'auth.php' fails to sufficiently sanitize user-supplied variables, making various PHP files prone to SQL injection attacks. This may make it possible for an unauthorized to access protected documents. The
'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for vSignup 2.1.

7. PHP TopSites help.php Cross Site Scripting Vulnerability BugTraq ID: 6622
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6622
Summary:

PHP TopSites is a PHP/MySQL-based customizable TopList script. TopSites is used by sites to provide various user and administrator functionality. It is available for a variety of platforms included the Microsoft Windows, Unix, and Linux operating systems.

A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data.

This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information may be obtained by the attacker, such as cookie-based authentication credentials.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Mambo Site Server Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 6571
Remote: Yes
Date Published: Jan 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6571
Summary:

Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems.

Mambo Site Server does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user. All code will be executed within the context of the website running Mambo Site Server.

The following files were reported to be prone to cross site scripting attacks: administrator/popups/sectionswindow.php

administrator/gallery/gallery.php administrator/gallery/navigation.php
administrator/gallery/uploadimage.php administrator/gallery/view.php
administrator/upload.php themes/mambosimple.php upload.php

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials.

This vulnerability was reported for Mambo Site Server 4.0.12 BETA and earlier.

9. Mambo Site Server Arbitrary File Upload Vulnerability BugTraq ID: 6572
Remote: Yes
Date Published: Jan 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6572
Summary:

Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with Mambo Site Server may make it possible for remote attackers to upload files to a vulnerable system.

Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. The following scripts have been reported to be vulnerable to this issue: administrator/gallery/uploadimage.php administrator/upload.php upload.php userpage.php

Specifically, the scripts only check to see whether certain image extensions, such as '.jpg' and '.gif', exist in the filename. As such any file that includes the allowed extensions may be uploaded. Any uploaded files will be stored in the 'images/stories' directory on the system.

Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

This vulnerability was reported for Mambo Site Server 4.0.12 BETA and earlier.

1. PHP TopSites Plaintext User Password Weakness BugTraq ID: 6623 Remote: Yes Date Published: Jan 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6623 Summary:

PHP TopSites is a PHP/MySQL-based customizable TopList script. TopSites is used by sites to provide various user and administrator functionality. It is available for a variety of platforms included the Microsoft Windows, Unix, and Linux operating systems.

A weakness has been discovered in PHP TopSites. It has been reported that user's passwords are stored in plaintext and are viewable by TopSites administrators through the 'seditor.php' script. This issue poses a security threat as some TopSites users may use similar passwords across multiple systems.

A malicious administrator may be able to exploit this issue to access other accounts or systems accessible by the unknowing user.

1. Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox Escaping Vulnerability BugTraq ID: 6566 Remote: Yes Date Published: Jan 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6566 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ColdFusion MX Enterprise Edition is the application server developing and hosting infrastructure distributed by Macromedia. It is available as a standalone product for Unix, Linux, and Microsoft Operating Systems.

A problem with ColdFusion MX Enterprise Edition may allow users to access restricted files.

A vulnerability in the use of the cfinclude and cfmodule Tags exists in ColdFusion MX. In environments that are sandboxed, it may be possible for a script to access files outside of the sandboxed directory. This could lead to unauthorized access to files on the host.

The problem is in the handling of relative paths. Due to insufficient checking of input in custom tags, it is possible to upload a file using custom tags and containing relative paths that will access files outside of a sandboxed directory. This could allow an attacker to access unauthorized and potentially sensitive information.

It should be noted that this vulnerability will only reveal the contents of files to which the ColdFusion server has read access to.

1. FormMail Cross-Site Scripting Vulnerability BugTraq ID: 6570 Remote: Yes Date Published: Jan 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6570 Summary:

FormMail is a web-based e-mail gateway, which allows form-based input to be emailed to a specified user. It is written in Perl and will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

FormMail is allegedly prone to cross-site scripting attacks.

The FormMail script does not sufficiently sanitize HTML tags and script code from query strings, which in turn are output into pages generated by the software. As a result, a remote attacker may construct a malicious link to the script which contains arbitrary script code. If this link is visited by a web user, the attacker-supplied script code may be interpreted by their browser in the context of the site hosting the software.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may allow an attacker to steal cookie-based authentication credentials or manipulate web content. Other attacks are also possible.

This issue was reported in FormMail 1.92. Other versions may also be affected.

1. vAuthenticate Remote SQL Injection Vulnerability BugTraq ID: 6605 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6605 Summary:

vAuthenticate is an authentication script that uses PHP and MySQL. It is available for the Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered in vAuthenticate. It has been reported that the 'auth.php' fails to sufficiently sanitize user-supplied variables, making various PHP files prone to SQL injection attacks. This may make it possible for an unauthorized to access protected documents. The 'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for vAuthenticate 2.8.

1. PHP TopSites edit.php SQL Injection Vulnerability BugTraq ID: 6625 Remote: Yes Date Published: Jan 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6625 Summary:

PHP TopSites is a PHP/MySQL-based customizable TopList script. TopSites is used by sites to provide various user and administrator functionality. It is available for a variety of platforms included the Microsoft Windows, Unix, and Linux operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied values for URI parameters, it is possible for an attacker to embed SQL commands into certain page requests. Specifically, the 'edit.php' page, which is used to display a users information, fails to properly read password data.

This issue may be exploited to view another user's private information being disclosed to an attacker.

It should be noted that has stated in BID 6623 a users password is stored in plaintext. An attacker that gains access to another user's information may be able to view that user's password.

1. Middleman net_dns() Frame Pointer Overwrite Vulnerability BugTraq ID: 6584 Remote: Yes Date Published: Jan 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6584 Summary:

Middleman is an HTTP/1.1 proxy server. It is available for the Linux and Unix operating systems.

A vulnerability has been discovered in Middleman. The problem occurs when the net_dns() function calls s_strncpy() during a DNS lookup of the request server hostname. The s_strncpy() function is a wrapper for strncpy(), designed to NULL terminate all copied strings. When the s_strncpy() function is called on the requested host name of 128 bytes, a NULL byte may be written to the least significant byte (LSB) of the functions frame pointer (EBP). This issue occurs due to an incorrect length parameter passed to s_strncpy().

Overwriting the least significant bit of EBP with a NULL byte may allow an attacker to point the variable into user-supplied data. As EBP is copied to the frames stack pointer (ESP), an attacker may trick the program into referencing a malicious address as an instruction pointer. This will allow an attacker to execute arbitrary commands with the privileges of the vulnerable server, possibly root.

It should be noted that this issue may not occur on all systems. The existance of this vulnerability may be highly dependant on compiler optimization.

1. Bea Systems WebLogic ResourceAllocationException System Password Disclosure Vulnerability BugTraq ID: 6586 Remote: Yes Date Published: Jan 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6586 Summary:

BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability in BEA Systems WebLogic Server may, under some circumstances, result in the disclosure of system passwords if exceptions are output.

BEA Systems has reported that WebLogic Server will throw an exception when an application attempts to route a JMS message across a bridge and an error occurs. This exception will include the supplied system password, in plaintext.

Applications that output exceptions may inadvertently disclose password values. This may ultimately result in a remote party gaining access to affected systems.

1. BitMover BitKeeper Local Temporary File Race Condition Vulnerability BugTraq ID: 6589 Remote: No Date Published: Jan 12 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6589 Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make local symbolic link attacks possible.

It has been reported that BitKeeper is vulnerable to a race condition error. Under some circumstances, BitKeeper creates files in the temporary directory. However, it may be possible to create a symbolic link in a crucial point of program execution that would result in the overwriting of files at the end of the link.

The program does not properly open the temporary file. Rather than performing the check and opening the file all in one function, the program first checks, then in a seperate function opens the file. This creates a window of attack that could result in the overwriting of files that are write-accessible to the BitKeeper process.

1. W-Agora Remote File Disclosure Vulnerability BugTraq ID: 6595 Remote: Yes Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6595 Summary:

W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A file disclosure vulnerability has been reported for W-Agora. Reportedly, some scripts included with W-Agora do not adequately sanitize some user-supplied input. The vulnerability was reported to exist in the index.php and modules.php script files.

An attacker can construct a URL consisting of dot-dot-slash (../) character sequences to obtain access to files outside of the document root. It should be noted that only files accessible by the web server will be disclosed to the attacker.

Exploitation of this vulnerability may lead to disclosure of sensitive information that may be useful in mounting further attacks on the host system.

This vulnerability affects W-Agora 4.1.5.

1. YABB SE Reminder.PHP SQL Injection Vulnerability BugTraq ID: 6591 Remote: Yes Date Published: Jan 12 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6591 Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks.

It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user.

This problem may allow a remote user to change the password of the administrative user of an instance of YaBB SE. It may also allow a remote user to gain other information from SQL databases used to backend YaBB SE.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

20. Geeklog Profiles.PHP Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 6601
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6601
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

21. Psunami Bulletin Board Psunami.CGI Remote Command Execution Vulnerability BugTraq ID: 6607
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6607
Summary:

Psunami is bulletin board software. It is implemented in Perl and is available for Unix and Linux variants.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Psunami Bulletin Board is prone to a remote command execution vulnerability. This issue is present in the 'psunami.cgi' script.

Psunami does not sufficiently sanitize shell metacharacters from query strings. Input supplied via the 'topic' URI parameter will be passed to a Perl open() call. As a result, it may be possible for a remote attacker to execute arbitrary commands in the context of the webserver process.

A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

22. PHP TopSites HTML Injection Vulnerability BugTraq ID: 6621
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6621
Summary:

PHP TopSites is a PHP/MySQL-based customizable TopList script. TopSites is used by sites to provide various user and administrator functionality. It is available for a variety of platforms included the Microsoft Windows, Unix, and Linux operating systems.

A HTML injection vulnerability has been discovered in PHP Topsites. The issue occurs due to insufficient sanitization of the '$description' variable in the 'add.php' script. An attacker is able to exploit this vulnerability when submitting a website to an administrator.

This issue can be exploited by injecting HTML commands in the <body> tag of the description field for a submitted website. When an administrator loads the page, the attacker-supplied HTML code will be executed. Through this method it is possible for an attacker to edit or delete arbitrary database entries that are accessible by the administrator.

23. BitMover BitKeeper Local Insecure Temporary File Permissions Vulnerability BugTraq ID: 6590
Remote: No
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6590
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make the destruction or injection of information possible.

It has been reported that BitKeeper insecurely creates temporary files. Under some circumstances, BitKeeper creates files in the temporary directory. However, these files are created with world-writable permissions, which may allow the removal of these files, or injection of data into them.

24. mpg123 Invalid MP3 Header Memory Corruption Vulnerability BugTraq ID: 6593
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6593
Summary:

mpg123 is a MPEG audio player for Linux variant operating systems.

A memory corruption vulnerability has been reported for mpg123 that may result in code execution.

The vulnerability exists when mpg123 is used to play certain MP3 files. Specifically, when playing MP3 files with malformed or overly large headers, it may be possible to cause mpg123 to execute malicious attacker-supplied code.

The file common.c defines MAX_INPUT_FRAMESIZE to a value of 1920 bytes. An attacker can exploit this vulnerability by creating a malicious MP3 file that contains headers consisting of greater than 1920 bytes. When mpg123 is used to play this corrupted MP3 file, it will trigger the buffer overflow condition. Any attacker supplied code will be executed with the privileges of the mpg123 process.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability has been reported to affect mpg123pre0.59s.

IV. LINUX FOCUS LIST SUMMARY

1. How to build CD with chkrootkit on it? (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/306728

IV. NEW PRODUCTS FOR LINUX PLATFORM

1. neuSECURE by GuardedNet Platforms: Linux, UNIX, Windows 2000, Windows NT, Windows XP http://www.guarded.net/prod/prod.html Summary:

neuSECURE is a web-based security information management software solution designed to provide a comprehensive, coherent view of enterprise security. It correlates log data files from disparate machines such as firewalls, intrusion detection systems, computer systems and routers and automatically analyzes this data to uncover legitimate threats to the enterprise. neuSECURE allows security analysts to prioritize their investigations and focus on the mission-critical task of responding to threats as they are occurring, rather than after the damage is done. And with neuSECURE a security team can manage security threats from early detection to final resolution without ever leaving the intuitive, web-based console.

2. ArcSight Enterprise Security Management Software by ArcSight
Platforms: AIX, Linux, Solaris, Windows 2000, Windows NT http://www.arcsight.com/product.htm
Summary:

ArcSight is designed to distribute agents throughout the network, which will report events to central management stations. Administrators can then view events, control security policies and even replay a sequence of events to watch the attack unfold.

3. Firebox II
by WatchGuard Technologies
Platforms: Linux
http://www.watchguard.com/products/fireboxII.asp Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Designed for more powerful throughput and larger networks, the Firebox II extends WatchGuard's appliance-based network security solutions to any size organization. The high performance Firebox II builds on the success of the Firebox 100 with the addition of remote configuration and updating, flash memory for automated policy and network configuration updates and the integration of IPSec Branch Office VPN as a standard part of the system software.

V. NEW TOOLS FOR LINUX PLATFORMS

1. Quick Spam Filter v0.2.1 by Andrew Wood Relevant URL: http://www.ivarch.com/programs/qsf.shtml Platforms: Linux, POSIX Summary:

Quick Spam Filter is a small, fast spam filter that works by learning to recognise the words that are more likely to appear in spam than non-spam. It is intended to be used in a procmail recipe to mark email as being possible spam.

2. tcp_wrappers (socket_wrappers) v7.6j
by Tushar
Relevant URL:
http://www.web-insights.net/socket_wrappers/index.html Platforms: N/A
Summary:

The tcp_wrappers package allows you to monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services. It provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service. The wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.

3. Tiny SHell v0.2
by Christophe Devine
Relevant URL:
http://www.cr0.net:8040/code/network/
Platforms: FreeBSD, IRIX, Linux, OpenBSD, Solaris, SunOS, UNIX Summary:

Tiny SHell is a lightweight client/server clone of the standard remote shell tools (rlogin, telnet, ssh, etc.). It provides remote shell execution and file transfers. It is 8-bit clean, has full support for pseudo-terminal pairs (pty/tty), and uses simple xor encryption. Most Unix platforms are currently supported (Linux, BSD, OSF, SunOS, and IRIX).

VI. SPONSOR INFORMATION

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php