SecurityFocus Linux Newsletter #125

SecurityFocus Linux Newsletter #125

This Issue is Sponsored by: CipherTrust

Is your network really protected?  Not if your Mail Server isn't!

Email systems provide the easiest route for malicious attacks, to expose sensitive information, to suck up bandwidth and to provide access to other systems.  Learn ìHow to Secure Email Systems by requesting this white paper now.

http://www.ciphertrust.com/article/securityfocus_0331_02.htm

I. FRONT AND CENTER

1. Incident Response Tools For Unix, Part One: System Tools
2. Virus Hoaxes and the Real Dangers They Pose
3. Too Cool For Secure Code
4. Uncle Roger's Folly
5. SecurityFocus DPP Program II. LINUX VULNERABILITY SUMMARY
6. eDonkey Clients Multiple Chat Dialog Resource Consumption...
7. Advanced Poll Remote Information Disclosure Vulnerability
8. PHPNuke News Module Article.PHP SQL Injection Vulnerability
9. PHPNuke News Module Index.PHP SQL Injection Vulnerability
10. PHP socket_recvfrom() Signed Integer Memory Corruption...
11. PHPNuke Viewpage.PHP File Disclosure Vulnerability
12. Monkey HTTP Daemon Excessive POST Data Denial Of Service...
13. Joel Palmius Mod_Survey Data Injection Vulnerability
14. PHPNuke Forum Module Viewtopic.php SQL Injection Vulnerability
15. PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability
16. PHPNuke Banners.PHP Banner Manager Password Disclosure...
17. Monkey HTTP Daemon Missing Content-Type Field DOS
18. PHP socket_iovec_alloc() Integer Overflow Vulnerability
19. PHP socket_recv() Signed Integer Memory Corruption Vulnerability
20. PHP emalloc() Unspecified Integer Overflow Memory Corruption...
21. OSCommerce Error_Message Cross-Site Scripting Vulnerability
22. OSCommerce Info_Message Cross-Site Scripting Vulnerability
23. OSCommerce Checkout_Payment.PHP Error Output Cross-Site...
24. OSCommerce Account_History_Info.PHP HTML code injection...
25. OSCommerce Checkout_Confirmation.PHP Comment HTML Injection...
26. Check Point VPN-1/Firewall-1 Remote Syslog Data Resource... III. LINUX FOCUS LIST SUMMARY
27. SecurityFocus Article Announcement (Thread)
28. Live Upgrade for Linux (Thread)
29. Seeing who has su-ed (Thread)
30. latest ptrace hole patch? (Thread)
31. How to custom sulog? (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
32. Covalent Fast Start Server
33. NetVigil
34. PowerBroker
35. NEW TOOLS FOR LINUX PLATFORMS
36. Alarm Pinger (apinger) v0.6.1
37. Log Watcher v0.2
38. network traffic volume capture to postgresql v1.1 VI. SPONSORSHIP INFORMATION
39. FRONT AND CENTER

    ---

40. Incident Response Tools For Unix, Part One: System Tools By Holt Sorenson

This article is the first in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on system tools, the second part will discuss file-system tools, and the concluding article will look at network tools.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1679

2. Virus Hoaxes and the Real Dangers They Pose by Scott Granneman

Jerry Bryan immediately knew there was something wrong at his church. He knew it the second he opened up the email from the pastor. As a highly respected member of his church and a known technophile, Jerry was often consulted by the pastor concerning technical matters. In this case, however, the pastor was passing along a serious warning.

http://www.securityfocus.com/infocus/1678

3. Too Cool For Secure Code
By Jon Lasser

Until Unix and Linux programmers get over their macho love for low-level programming languages, the security holes will continue to flow freely.

http://www.securityfocus.com/columnists/150

4. Uncle Roger's Folly
By George Smith

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Ganda virus shows why the Internet isn't the best source for reliable war news, and malicious code isn't a good medium for anything.

http://www.securityfocus.com/columnists/151

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

1. eDonkey Clients Multiple Chat Dialog Resource Consumption Vulnerability BugTraq ID: 7164 Remote: Yes Date Published: Mar 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7164 Summary:

eDonkey 2000 is a peer to peer file sharing network. It is similar to KaZaa and Morpheus. Clients of eDonkey 2000 are built for Windows, Mac and Linux operating systems.

A vulnerability has been reported for eDonkey clients for Windows that will result in a denial of service condition.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability occurs when numerous chat dialog boxes are opened by the eDonkey or Overnet clients. Every open chat dialog box will consume a small amount of memory and CPU cycles.

An attacker can exploit this vulnerability by connecting to a vulnerable eDonkey user and issuing numerous chat requests. This will cause the victim user's system to consume all available memory and CPU cycles thus resulting in a denial of service condition.

This vulnerability was reported for eDonkey and Overnet clients prior to 0.46.

2. Advanced Poll Remote Information Disclosure Vulnerability BugTraq ID: 7171
Remote: Yes
Date Published: Mar 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7171
Summary:

Advanced Poll is a freely available, open source PHP script. It is available for the UNIX, Linux, and Microsoft Operating Systems.

A problem with the program could reveal sensitive information.

It has been reported that an information disclosure vulnerability exists in Advanced Poll. Because of this, a remote user to potentially access privileged information that could lead to further attack against the host and it's users.

The problem is in the default installation. By installing the program according to specifications, it is possible for a remote user to traverse the installation directory, and potentially gain access to sensitive information about the Advanced Poll implementation.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. PHPNuke News Module Article.PHP SQL Injection Vulnerability BugTraq ID: 7172
Remote: Yes
Date Published: Mar 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7172
Summary:

PHPNuke is a freely available, open source content management system written in PHP. It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with the software could allow a remote user to change user credentials.

It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and gain unauthorized access to user accounts.

This problem requires that the configuration variable magic_quotes_gpc be turned off. Once this has been done, an attacker can inject limited SQL statements into the database through the article.php file. Doing so permits the attacker to submit information into the nuke_users table which could be used to gain unauthorized access to the PHPNuke board.

An attacker could use this attack to modify a user's password or user level.

4. PHPNuke News Module Index.PHP SQL Injection Vulnerability BugTraq ID: 7173
Remote: Yes
Date Published: Mar 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7173
Summary:

PHPNuke is a freely available, open source content management system written in PHP. It is available for Unix, Linux, and Microsoft Operating Systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with the software could allow a remote user to change article information.

It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database and alter information on articles posted on the site.

This problem requires that the configuration variable magic_quotes_gpc be turned off, although it may also be present with limited impact when the variable is turned on. Once this has been done, an attacker can inject limited SQL statements into the database through the index.php file. Doing so permits the attacker to submit information into the nuke_stories table, which could be used to alter the title, intro, article, and author information.

5. PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability BugTraq ID: 7198
Remote: No
Date Published: Mar 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7198
Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the socket_recvfrom() and may allow an attacker to corrupt memory.

The affected function fails to carry out sanity checks on values passed as the 'len' argument. As a result, an attacker capable of passing a negative integer as an argument, causing an integer used in a later calculation to overflow.

If this integer overflows and is later used for memory allocation or data writing, the procedure could occur at an unanticipated location. This could be exploited to corrupt sensitive locations in process memory.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.

It should be noted that socket functionality is only included in PHP if compiled with the "--enable-sockets" option.

6. PHPNuke Viewpage.PHP File Disclosure Vulnerability BugTraq ID: 7191
Remote: Yes
Date Published: Mar 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7191
Summary:

PHPNuke is a freely available, open source content management system written in PHP. It is available for Unix, Linux, and Microsoft Operating Systems.

PHPNuke has been reported prone to a file disclosure vulnerability.

It has been reported that PHPNuke may disclose arbitrary web server readable files if the requested file is supplied as the 'file' URI parameter to the 'viewpage.php' script.

This may allow an attacker to obtain sensitive system information which may aid in launching future attacks.

It should be noted that this issue reportedly affects PHPNuke version 6.5 when running a specific configuration, however other versions may also be affected.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Monkey HTTP Daemon Excessive POST Data Denial Of Service Vulnerability BugTraq ID: 7202
Remote: Yes
Date Published: Mar 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7202
Summary:

Monkey is an open source web server written in C, based on the HTTP/1.1 protocol. It is available for Linux platforms.

Monkey HTTP Daemon is prone to denial of service attacks. This condition occurs when the server attempts to handle excessive HTTP POST data. This issue occurs because the server does not gracefully handle cases where POST data exceeds the length of MAX_REQUEST_BODY, resulting in a server crash.

The server will need to be restarted to regain normal functionality.

8. Joel Palmius Mod_Survey Data Injection Vulnerability BugTraq ID: 7192
Remote: Yes
Date Published: Mar 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7192
Summary:

Mod_Survey is a mod_perl module for Apache which allows web users to create online questionaires. It is maintained by Joel Palmius and will run on Linux and Unix variants as well as Microsoft Windows.

Mod_Survey does not sufficiently sanitize data supplied via ENV tags. ENV tags are a feature included with Mod_Survey to import values supplied from environment variables into the data repository.

It has been reported by the vendor that this may allow for injection of malicious data, including delimiter characters, into the data repository. Exploitation may allow for manipulation of environment variables or the possibility of executing database commands through injection of SQL syntax. Other attacks may also be possible.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This is only an issue with surveys that use ENV tags. This issues occurs with ENV tags which import data from environment variables that may be potentially specified or influenced by a remote user (such as
'HTTP_USER_AGENT').
The consequences of exploitation could depend on the underlying database implementation and configuration or other factors.

9. PHPNuke Forum Module Viewtopic.php SQL Injection Vulnerability BugTraq ID: 7193
Remote: Yes
Date Published: Mar 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7193
Summary:

PHPNuke is a freely available, open source content management system written in PHP. It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with PHPNuke could allow a remote user to change article information.

It has been reported that an input validation error exists in the
'viewtopic.php' file included with PHPNuke as part of the Forum module.
Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.

Successful exploitation may allow for modification of the structure of SQL queries, resulting in information disclosure, or database corruption. The consequences depend on the nature of specific queries. This issue may allow the attacker to exploit latent vulnerabilities in the underlying database.

1. PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability BugTraq ID: 7194 Remote: Yes Date Published: Mar 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7194 Summary:

PHPNuke is a freely available, open source content management system written in PHP. It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with PHPNuke could allow a remote user to change article information.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that an input validation error exists in the
'viewforum.php' file included with PHPNuke as part of the Forum module.
Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.

Successful exploitation may allow for modification of the structure of SQL queries, resulting in information disclosure, or database corruption. The consequences depend on the nature of specific queries. This issue may allow the attacker to exploit latent vulnerabilities in the underlying database.

1. PHPNuke Banners.PHP Banner Manager Password Disclosure Vulnerability BugTraq ID: 7170 Remote: Yes Date Published: Mar 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7170 Summary:

PHPNuke is a freely available, open source content management system written in PHP. It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with the software could allow a remote user to gain access to sensitive information.

It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and potentially access sensitive information, then download it via the web.

This problem requires that the configuration variable magic_quotes_gpc be turned off. Once this has been done, an attacker can inject limited SQL statements into the database through the banners.php file. Doing so permits the attacker to gain access to credentials for the banner manager.

1. Monkey HTTP Daemon Missing Content-Type Field Denial Of Service Vulnerability BugTraq ID: 7201 Remote: Yes Date Published: Mar 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7201 Summary:

Monkey is an open source Web server written in C, based on the HTTP/1.1 protocol. It is available for Linux platforms.

Monkey HTTP Daemon is prone to a denial of service attacks. HTTP POST requests which do not include a 'Content-Type' header field will trigger this condition. This issue is due an a programming mistake in an error handling statement which checks if the 'Content-Type' header field has been specified by the client.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The server will need to be restarted to regain normal functionality.

1. PHP socket_iovec_alloc() Integer Overflow Vulnerability BugTraq ID: 7187 Remote: No Date Published: Mar 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7187 Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the socket_iovec_alloc() and may allow an attacker to corrupt memory.

The affected function fails to carry out sanity checks on values passed as the 'sockets' argument. As a result, an attacker capable of passing a large integer as an argument, causing an integer used in a later calculation to overflow.

If this integer overflows and is later used for memory allocation or data writing, the procedure could occur at an unanticipated location. This could be exploited to corrupt sensitive locations in process memory.

This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.

It should be noted that socket functionality is only included in PHP if compiled with the "--enable-sockets" option.

1. PHP socket_recv() Signed Integer Memory Corruption Vulnerability BugTraq ID: 7197 Remote: No Date Published: Mar 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7197 Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the socket_recv() and may allow an attacker to corrupt memory.

The affected function fails to carry out sanity checks on values passed as the 'len' argument. As a result, an attacker capable of passing a negative integer as an argument, causing an integer used in a later calculation to overflow.

If this integer overflows and is later used for memory allocation or data writing, the procedure could occur at an unanticipated location. This could be exploited to corrupt sensitive locations in process memory.

This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.

It should be noted that socket functionality is only included in PHP if compiled with the "--enable-sockets" option.

1. PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability BugTraq ID: 7199 Remote: No Date Published: Mar 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7199 Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the emalloc() function and may allow an attacker to corrupt memory.

The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when emalloc() attempts to allocate memory.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may make it possible for an attacker to trigger a condition which could cause the PHP interpreter to crash.

Further details of this vulnerability are currently unknown. This BID will be updated as more information becomes available.

1. OSCommerce Error_Message Cross-Site Scripting Vulnerability BugTraq ID: 7151 Remote: Yes Date Published: Mar 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7151 Summary:

osCommerce is open-source e-commerce software written in PHP. osCommerce will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

It has been reported that osCommerce does not sufficiently filter HTML code from URI parameters supplied to multiple osCommerce scripts that include 'header.php'.

As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Specifically the attacker can pass malicious HTML code as the 'error_message' URI parameter for multiple osCommerce pages. All code will be executed within the context of the website running osCommerce.

This may allow for theft of cookie-based authentication credentials and other attacks.

This vulnerability was reported to affect osCommerce version 2.2ms1, prior versions are reportedly affected.

1. OSCommerce Info_Message Cross-Site Scripting Vulnerability BugTraq ID: 7153 Remote: Yes Date Published: Mar 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7153 Summary:

osCommerce is open-source e-commerce software written in PHP. osCommerce will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that osCommerce does not sufficiently filter HTML code from URI parameters supplied to multiple osCommerce scripts.

As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Specifically the attacker can pass malicious HTML code as the 'info_message' URI parameter for multiple osCommerce pages. All code will be executed within the context of the website running osCommerce.

This may allow for theft of cookie-based authentication credentials and other attacks.

This vulnerability was reported to affect osCommerce version 2.2ms1, prior versions are reportedly affected.

1. OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability BugTraq ID: 7155 Remote: Yes Date Published: Mar 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7155 Summary:

osCommerce is open-source e-commerce software written in PHP. osCommerce will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

Error output is not sufficiently sanitized of HTML and script code by osCommerce. This issue is present in the 'checkout_payment.php' script. This may allow for cross-site scripting attacks as remote users could create a malicious link to a site hosting osCommerce which contains hostile HTML and script code. When a such a link is visited, attacker-supplied code could be interpreted in the web client of the user. This will occur in the context of the site hosting the software.

To successfully exploit this issue, the attacker must include a valid payment module in the malicious link. This information may be ascertained through other means, such as submitting an order with a bad credit card number.

Exploitation may allow theft of cookie-based authentications or other attacks.

1. OSCommerce Account_History_Info.PHP HTML code injection Vulnerability BugTraq ID: 7156 Remote: Yes Date Published: Mar 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7156 Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

osCommerce is open-source e-commerce software written in PHP. osCommerce will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

It has been reported that osCommerce is prone to HTML injection attacks. This problem occurs due to osCommerce insufficiently sanitizing user-supplied input.

Specifically, embedded HTML and script code is not filtered from the
'comment' field of the 'account_history_info.php' osCommerce script.

As a result, attackers may embed malicious script code or HTML into orders. When another user views a malicious order, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

This vulnerability was reported to affect osCommerce version 2.2ms1, prior versions are reportedly affected.

20. OSCommerce Checkout_Confirmation.PHP Comment HTML Injection Vulnerability BugTraq ID: 7158
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7158
Summary:

osCommerce is open-source e-commerce software written in PHP. osCommerce will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Comment data is not sufficiently sanitized of HTML and script code. The issue occurs in the 'checkout_confirmation.php' script. This may allow remote attackers to inject hostile HTML and script code into the e-commerce system, which could potentially be rendered by other users of the software. This would occur in the context of the site hosting the vulnerable software.

Successful exploitation may allow for theft of cookie-based authentication credentials or other attacks.

21. Check Point VPN-1/Firewall-1 Remote Syslog Data Resource Consumption Vulnerability BugTraq ID: 7159
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7159
Summary:

Firewall-1 and VPN-1 are network security software packages distributed by Check Point Software Technologies. It is available for Unix, Linux, and Microsoft Operating Systems.

A problem in the software may make it possible for a remote user to launch a resource consumption attack.

It has been reported that some versions of Firewall-1 and VPN-1 may experience performance problems when allowing remote syslog traffic. An attacker could exploit this issue to deny service to legitimate users of the network serviced by the software.

Firewall-1 and VPN-1 do not permit remote syslog traffic by default. The software must be configured to allow a specific remote host to send syslog traffic to the server. Once this has been done, the host may abuse this access by sending excessive amounts of syslog data to the syslog host. This is done to consume the CPU resources of the system hosting the software, creating a resource exhaustion attack, and potential denial of service.

III. LINUX FOCUS LIST SUMMARY

1. SecurityFocus Article Announcement (Thread) Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/91/316564

2. Live Upgrade for Linux (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/316563

3. Seeing who has su-ed (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/316220

4. latest ptrace hole patch? (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/316217

5. How to custom sulog? (Thread)
Relevant URL:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/91/315843

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. Covalent Fast Start Server by Covalent Technologies Platforms: AIX, BSDI, DG-UX, FreeBSD, HP-UX, Linux, NetBSD, OpenBSD, Solaris, UNIX, Unixware Relevant URL: http://www.covalent.net/products/faststart/ Summary:

Covalent Fast Start Server automatically produces an Apache configuration suitable for many enterprise applications. Because of Apache's standards-based interoperability, Fast Start Server is able to serve as the presentation layer for all major application servers, databases and Web-based applications, reducing the complexity of Web infrastructures. It includes a streamlined installer for rapid deployment.

2. NetVigil
by Fidelia
Platforms: Linux, Solaris, Windows NT
Relevant URL:
http://www.fidelia.com/products/index.phtml Summary:

Fidelia NetVigil is a real-time integrated fault and performance management tool that provides end-to-end business visibility of your company's IT infrastructure. Fidelia NetVigil's unique architecture will scale with your organization and allow you to view and correlate data across your servers, applications and network devices. Fidelia NetVigil's instant configuration capabilities and multi-level views combine to expedite isolation and repair of IT problems, minimize downtime and reduce the cost of labor and implementation. This translates into savings for your bottom line.

3. PowerBroker
by Symark Software
Platforms: DG-UX, HP-UX, Linux, SunOS, UNIX Relevant URL:
http://www.symark.com/powerbroker.htm
Summary:

Symark PowerBroker® provides UNIX security and accountability by enabling system administrators to delegate administrative privileges and authorization without disclosing the root password and to grant selective access to UNIX-based corporate resources. Administrative tasks such as system programs mounting, performing backups, adding new users can be delegated to individuals or groups at a granular level, thus reducing the risk of accidental damage and the threat of malicious activities. Symark PowerBroker also grants user access to files, directories and third-party applications and accounts (such as HR, financial or database programs), including generic accounts. Symark PowerBroker protects the superuser or root account (the most targeted user account), from hackers who could remove critical system files, gain access to confidential data and delete audit trails.

V. NEW TOOLS FOR LINUX PLATFORMS

1. Added Mar 26, 2003 Alarm Pinger (apinger) v0.6.1 by Jacek Konieczny Relevant URL: http://www.bnet.pl/~jajcus/apinger/ Platforms: FreeBSD, Linux, POSIX Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Alarm Pinger (apinger) is a little tool which monitors various IP devices by simple ICMP echo requests. Unlike most Perl or shell script tools, it does not spawn processes or use much CPU time, and is ideal for when one wants continuous monitoring and fast response upon target failure. It is written in C and supports both IPv4 and IPv6.

2. Log Watcher v0.2
by Artur R. Czechowski
Relevant URL:
http://sourceforge.net/projects/lwatch/
Platforms: FreeBSD, Linux, POSIX
Summary:

lwatch is a log parser/analyzer written in C with the PCRE library. It is small and efficient. You are able to define your own colors using regexp patterns. The biggest advantage compared to other tools written in Perl is its speed.

3. network traffic volume capture to postgresql v1.1 by Rob Fowler
Relevant URL:
http://gborg.postgresql.org/project/tcap/projdisplay.php Platforms: Linux, POSIX
Summary:

This is a Unix daemon that captures traffic packet size, source, destination, and times and saves this data into a postgres database in near real time, from which traffic reports may be made. It does not save the actual data or headers. Works on ethX or cooked devices like ppp0. It uses Postgres embedded SQL to insert the data, pcap to capture traffic, and pthreads to capure and write at the same time. It is written in C++ using STL. Pcap filters can be specified on the command line. Logs go to syslog.

VI. SPONSORSHIP INFORMATION

Is your network really protected?  Not if your Mail Server isn't!

Email systems provide the easiest route for malicious attacks, to expose sensitive information, to suck up bandwidth and to provide access to other systems.  Learn ìHow to Secure Email Systems by requesting this white paper now.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.ciphertrust.com/article/securityfocus_0331_02.htm