SecurityFocus Linux Newsletter #138

SecurityFocus Linux Newsletter #138

This Issue is Sponsored by: Black Hat

Attend the Black Hat Briefings & Training, July 28-31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out.

Visit us at: http://www.securityfocus.com/BlackHat-linux-secnews

I. FRONT AND CENTER

1. IDS Correlation of VA Data and IDS Alerts
2. RFID Chips Are Here
3. The SecurityFocus 4th Anniversary Contest II. LINUX VULNERABILITY SUMMARY
4. Tutos File_Select.PHP Cross-Site Scripting Vulnerability
5. phpBB Viewtopic.PHP SQL Injection Vulnerability
6. pMachine Search Module Cross-Site Scripting Vulnerability
7. MyServer Remote Denial Of Service Vulnerability
8. Tutos File_New Arbitrary File Upload Vulnerability
9. Zope Invalid Query Information Disclosure Vulnerability
10. Sharp Zaurus Samba Server Unauthorized Remote Filesystem Access...
11. pMachine Remote Path Disclosure Vulnerability
12. Abuse-SDL Command-Line Argument Buffer Overflow Vulnerability
13. WebJeff Filemanager File Disclosure Vulnerability
14. WebJeff Filemanager Plain Text Password Storage Vulnerability
15. Zope Empty Upload Information DisclosureVulnerability
16. ProFTPD SQL Injection mod_sql Vulnerability
17. XBlockOut XBL Multiple Buffer Overflow Vulnerabilities
18. Zope addItems Script Information Disclosure Vulnerability
19. Linux /proc Filesystem Potential Information Disclosure...
20. WebFS Request-URI Buffer Overflow Vulnerability
21. Zope ExampledbBrowseReport Description Field HMTL Injection...
22. GNU GNATS PR-Edit Command Line Option Heap Corruption...
23. GNU GNATS PR-Edit Lock File Buffer Overflow Vulnerability
24. GNU GNATS Environment Variable Buffer Overflow Vulnerability
25. IndigoSTAR Software PerlEdit Denial Of Service Vulnerability
26. LBreakOut2 Login Remote Format String Vulnerability III. LINUX FOCUS LIST SUMMARY
27. How to block users from installing other apps (Thread)
28. SP4 instalation failure (Thread)
29. Xp Home (Thread)
30. security auditing under windows 2000 server (Thread)
31. Windows NLB (Thread)
32. AW: Question about windows service (Thread)
33. Question about windows service (Thread)
34. Please read. Post containing BugBear.B (Thread)
35. Search for files and folders fails (Thread)
36. additional Windows 2000 password policy questions (Thread)
37. Windows 2000 password policy (Thread)
38. Managing Windows Event Logs (Thread)
39. Filtering DHCP Assignments by MAC Address (Thread)
40. Microsoft Baseline Security Analyzer (Thread)
41. SecurityFocus Microsoft Newsletter #142 (Thread)
42. adding new service to system services list (Thread)
43. Netreg for Windows (Thread)
44. Windows Event Logs (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
45. Solsoft NP
46. NetOp Remote Control
47. T.REX Firewall
48. NEW TOOLS FOR LINUX PLATFORMS
49. SURVIVOR v0.9.2b
50. MIMEDefang v2.34
51. Coyote Linux 2.0.0-pre6 VI. SPONSOR INFORMATION
52. FRONT AND CENTER

    ---

53. IDS Correlation of VA Data and IDS Alerts By Neil Desai

This article discusses the correlation of VA data and IDS alerts to help prioritize events and reduce the time it takes to sift through events.

http://wwwdev.securityfocus.com/infocus/1708

2. RFID Chips Are Here
By Scott Granneman

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake.

http://www.securityfocus.com/columnists/169

3. The SecurityFocus 4th Anniversary Contest

Enter to win two passes to the Black Hat Briefings. Please visit the contest page here:

http://www.securityfocus.com/contest

II. BUGTRAQ SUMMARY

1. Tutos File_Select.PHP Cross-Site Scripting Vulnerability BugTraq ID: 8011 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8011 Summary:

Tutos is a freely available, open source team organization software package. It is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in the software may make the execution of arbitrary code possible.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site.

The problem is in the rendering of arbitrary HTML and script code by Tutos. An attacker may supply code as an argument to the file_select script that, when loaded in the browser of another user, is executed in the security context of the site hosting Tutos. This could permit the theft of cookie authentication credentials, Other attacks may also be possible.

2. phpBB Viewtopic.PHP SQL Injection Vulnerability BugTraq ID: 7979
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7979
Summary:

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

A SQL injection vulnerability has been reported for phpBB systems that may result in the disclosure of user password hashes; other attacks may also be possible.

phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the underlying database. As a result, it is possible to manipulate SQL queries. This may allow a remote attacker to modify query logic or potentially corrupt the database.

This vulnerability was reported to exist in the viewtopic.php script file. A remote attacker can exploit this vulnerability by manipulating the $topic_id URI parameter to modify SQL query logic.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. pMachine Search Module Cross-Site Scripting Vulnerability BugTraq ID: 7981
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7981
Summary:

PMachine is a web content management system. It is available for the Unix and Linux platforms.

Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.

This type of vulnerability may be used to steal cookies or perform other web-based attacks. It may be possible to take actions as an authenticated user of the web mail system.

4. MyServer Remote Denial Of Service Vulnerability BugTraq ID: 8010
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8010
Summary:

MyServer is an application and web server for Microsoft Windows and Linux operating systems.

MyServer HTTP server has been reported prone to a remote denial of service attack.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The issue presents itself, likely due to a lack of sufficient bounds checking, performed on arguments that are supplied via malicious HTTP GET requests. It has been reported that a remote attacker may invoke a HTTP GET request containing 100 '/' characters, this action will supposedly trigger a segmentation fault in the server executable and the software will fail. It has been reported that no details of this attack are logged.

Due to the nature of this vulnerability it has been conjectured that this issue may be exploited to execute arbitrary code. This however has not been confirmed.

It should be noted that although this issue has been reported to affect MyServer version 0.4.1 other versions might also be affected.

5. Tutos File_New Arbitrary File Upload Vulnerability BugTraq ID: 8012
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8012
Summary:

Tutos is a freely available, open source team organization software package. It is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in the software may make the uploading of arbitrary files possible.

It has been reported that Tutos does not properly handle input to the file_new script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site.

It is not clear where the specific vulnerable component of Tutos lies. However, because of the problem, it may be possible for an attacker to upload and overwrite files with the privileges of the web server process. This could result in data corruption, or other potentially malicious activities.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. Zope Invalid Query Information Disclosure Vulnerability BugTraq ID: 8000
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8000
Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Reportedly, Zope will disclose path information if a user invokes an invalid query operation using Shopping cart example scripts. An error will be triggered and traceback information containing possible sensitive path information will be returned to the browser of the attacker.

If an attacker can gain information about the details of the filesystem, this information may be useful in further attacks against the host.

7. Sharp Zaurus Samba Server Unauthorized Remote Filesystem Access Vulnerability
BugTraq ID: 8026
Remote: Yes
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8026
Summary:

Zaurus is a handheld device distributed by Sharp Electronics. Zaurus runs an embedded Linux-based operating system called Embedix.

When mounted on the docking station, the station's USB cable and respective connection is perceived as the network interface to the attached PC. As a result, a user from an attached PC may remotely connect to the Zaurus. It is may also possible to connect to a Zaurus via an 802.11b connection.

A vulnerability has been reported for Samba server when run on the Sharp Zaurus Embedix operating system. The problem occurs when mounting the device to the docking station. When docked, a Samba server will immediately be invoked, allowing access via any external interface.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been discovered that by default the Samba server is configured to allow unauthorized users unrestricted read/write access to the local file system.

This could potentially result in the disclosure of sensitive information or the corruption of system resources. It may also allow an attacker to potentially execute arbitrary code on the target device.

8. pMachine Remote Path Disclosure Vulnerability BugTraq ID: 7980
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7980
Summary:

pMachine is a web content management system. It is available for the Unix and Linux platforms.

It has been reported that pMachine is prone to a remote path disclosure vulnerability when accessing various scripts.

When a request is made for a target PHP script, possibly requiring a blank URI parameter, pMachine is said to throw an exception. When this occurs, the resulting error page discloses the installation directory of the respective PHP script.

This issue can be triggered by making a request for one of the following three scripts, including a blank 'swf' URI parameter:

index.php
inc.lib.php
inc.cp.php

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability can also be triggered by requesting the weblog.add.php or comment.add.php scripts directly.

Access to this information could potentially aid an attacker in launching further attacks against a target system.

9. Abuse-SDL Command-Line Argument Buffer Overflow Vulnerability BugTraq ID: 7982
Remote: No
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7982
Summary:

Abuse is a popular side-scrolling video game. It is available for Linux and Unix operating systems. Abuse-SDL is a port of Abuse that allows for greater colour depth.

A buffer overflow vulnerability has been reported for Abuse-SDL that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient bounds checking performed on certain commandline options. Specifically, the '-datadir' command-line option is not properly verfied prior to execution.

An attacker can exploit this vulnerability by executing
/usr/local/bin/abuse-sdl with an overly long value for the '-datadir'
command-line option. This will trigger the buffer overflow condition and will cause the corruption of sensitive memory with attacker-supplied values.

This vulnerability could pose a security risk if the
/usr/local/bin/abuse-sdl binary is installed with the setuid or setgid
bit. However, it is not currently known whether this bit is set by default.

1. WebJeff Filemanager File Disclosure Vulnerability BugTraq ID: 7995 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7995 Summary:

WebJeff Filemanager is a file management system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. Specifically, the 'ficher' URI parameter of the index.php3 script file is not properly sanitized.

A malicious attacker can specify arbitrary absolute paths as the value of the 'ficher' URI parameter. This will result in the requested file being disclosed to the attacker.

This vulnerability affects Filemanager 1.6.

1. WebJeff Filemanager Plain Text Password Storage Vulnerability BugTraq ID: 7996 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7996 Summary:

WebJeff Filemanager is a file management system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

A vulnerability has been reported for Filemanager that may result in an attacker obtaining authentication credentials. The vulnerability exists due to the way usernames and passwords are stored. Specifically, authentication credentials are stored in plain text format in the 'prive/users.txt' file.

An attacker can exploit this vulnerability by making a request for the desired resource.

Any information obtained in this manner may be used to launch further attacks against a vulnerable system.

This vulnerability was reported for Filemanager 1.6.

1. Zope Empty Upload Information DisclosureVulnerability BugTraq ID: 7998 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7998 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Reportedly, Zope will disclose path information if a user invokes an upload operation via the 'addFile' script when a target file does not exist as a URI parameter. An error will be triggered and traceback information containing possible sensitive path information will be returned to the browser of the attacker.

If an attacker can gain information about the details of the filesystem, this information may be useful in further attacks against the host.

1. ProFTPD SQL Injection mod_sql Vulnerability BugTraq ID: 7974 Remote: Yes Date Published: Jun 19 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7974 Summary:

ProFTPD is a popular FTP server that ships with numerous Unix and Linux variants.

ProFTPD has been reported prone to SQL injection attacks. Specifically, ProFTPD versions that use the mod_sql module to manipulate PostgreSQL databases are prone to SQL injection attacks. The vulnerability occurs due to insufficient sanitization of user-supplied data when logging onto the FTP server.

An attacker may exploit this vulnerability to insert SQL code into requests and have the SQL code executed by the underlying database server. These requests could include adding, deleting, and modifying data. Successful exploitation may result in an attacker obtaining privileged access to the FTP server. Other attacks are also possible.

Additionally, this may allow a remote attacker to exploit vulnerabilities that exist in the underlying database.

1. XBlockOut XBL Multiple Buffer Overflow Vulnerabilities BugTraq ID: 7989 Remote: No Date Published: Jun 19 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7989 Summary:

XBlockOut (XBL) is a game developed for Linux and Unix variant operating systems.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Several buffer overflow vulnerabilities have been reported for XBL that may result in an attacker obtaining elevated privileges. The vulnerabilities have been reported to exist due to insufficient bounds checking performed on user-supplied data to commandline arguments.

The precise technical details of these vulnerabilities are currently unknown. This BID will be updated as further information becomes available.

As XBL is typically installed setuid/setgid 'games', successful exploitation may result in an attacker obtaining elevated privileges.

1. Zope addItems Script Information Disclosure Vulnerability BugTraq ID: 7999 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7999 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

A vulnerability has been discovered in Zope which may result in the disclosure of sensitive information to a remote attacker. The problem occurs when a value greater then 11 is passed as the records URI parameter to the addItems script. When this occurs, an exception will be triggered causing the server to return an error page containing sensitive system information.

Information disclosed may include session identification, the script installation paths, the application installation path, etc.

Access to this information could potentially aid an attacker in launching further attacks against the system.

1. Linux /proc Filesystem Potential Information Disclosure Vulnerability BugTraq ID: 8002 Remote: No Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8002 Summary:

A potential information disclosure vulnerability has been reported for the Linux /proc filesystem. The problem occurs specifically when invoking a setuid application.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem lies in the permissions of the /proc/PID/environ file when the file has been accessed prior to privilege elevation. It has been reported that, if the environ file has been opened by a user application, forking and invoking a setuid application will not in fact modify the ownership of the open file. As a result, an attacker may be capable of reading the environment data of a privileged process.

This may pose a security risk as the application may place sensitive or privileged information within it's environment. Access to this information could theoretically aid an attacker in launching further attacks against a target system.

It has been conjectured that this issue affects the 2.2 and 2.4 Linux kernel trees. This, however has not been confirmed by Symantec. This information will be updated as further information becomes available.

1. WebFS Request-URI Buffer Overflow Vulnerability BugTraq ID: 7990 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7990 Summary:

WebFS is a simple web server that serves static content. It is available for Linux and Unix variant operating environments.

A buffer overflow vulnerability has been reported for WebFS that may result in the execution of attacker-supplied code. The vulnerability exists in the parse_request() function of the request.c source file and is due to insufficient bounds checking on an overly long Request-URI HTTP request.

Successful exploitation of this vulnerability will result in the corruption of sensitive memory with attacker-supplied values and the execution of code.

This vulnerability affects WebFS 1.1.8 and earlier.

1. Zope ExampledbBrowseReport Description Field HMTL Injection Vulnerability BugTraq ID: 8001 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8001 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that Zope ExampledbBrowseReport example script suffers from an HTML injection vulnerability. The problem is said to occur due to insufficient input validation of user-supplied form data.

Specifically, it is possible to embed HTML code within the 'Description' field of the Zope ExampledbBrowseReport example script.

All script code will be interpreted by the browsers of other Zope users, who view the affected page, within the context of the site hosting the affected script.

The successful exploitation of this issue could ultimately result in the attacker obtaining cookie-based authentication credentials or other sensitive information, which, could be used to impersonate the other user.

1. GNU GNATS PR-Edit Command Line Option Heap Corruption Vulnerablity BugTraq ID: 8003 Remote: No Date Published: Jun 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8003 Summary:

GNU GNATS is a freely available bug tracking system. It is available for a variety of Linux and Unix variant operating environments.

The pr-edit utility is shipped as part of GNATS and is intended as an editor for problem reports. The pr-edit utility is a setuid utility typically with UID 'gnats' privileges.

A heap overflow vulnerability has been reported for the pr-edit utility. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option.

The vulnerability exists due to the improper use of the sprintf() function. Due to this a determined attacker can invoke pr-edit with a malicious '-d' commandline argument to trigger the heap corruption vulnerability.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.

It should be noted that on some systems, the pr-edit utility may be installed with setuid 'root' privileges.

This vulnerability was reported to affect GNATS 3.002.

20. GNU GNATS PR-Edit Lock File Buffer Overflow Vulnerability BugTraq ID: 8004
Remote: No
Date Published: Jun 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8004
Summary:

GNU GNATS is a freely available bug tracking system. It is available for a variety of Linux and Unix variant operating environments.

The pr-edit utility is shipped as part of GNATS and is intended as an editor for problem reports. The pr-edit utility is a setuid utility typically with UID 'gnats' privileges.

A stack overflow vulnerability has been reported for the pr-edit utility. The vulnerability occurs when pr-edit locks a file for reading. If a file is locked, pr-edit will read the file to output a message stating the user that locked the file. Due to the improper use of fscanf(), there are no bounds checks performed on the length of the user that locked the file.

An attacker can exploit this vulnerability by creating a lock file containing over 2000 bytes. This will trigger the buffer overflow condition when pr-edit attempts to read the file.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.

It should be noted that on some systems, the pr-edit utility may be installed with setuid 'root' privileges.

This vulnerability was reported to affect GNATS 3.002.

21. GNU GNATS Environment Variable Buffer Overflow Vulnerability BugTraq ID: 8005
Remote: No
Date Published: Jun 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8005
Summary:

GNU GNATS is a freely available bug tracking system. It is available for a variety of Linux and Unix variant operating environments.

It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. Specifically, the configure() function of the config.c source file does not perform proper bounds checks on the GNATS_ROOT function.

An attacker can exploit this vulnerability by setting an overly long GNATS_ROOT environment variable, consisting of at least 5000 characters, and invoking one of several GNATS utilities. This will trigger the overflow condition and will result in the corruption of sensitive memory.

The following utilities have been reported to be affected: pr-edit, queue-pr, gen-index

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The affected utilities are typically installed with setuid 'gnats' privileges however, on some systems, they may be installed with setuid 'root' privileges.

Successful exploitation may result in the execution of attacker-supplied code with elevated privileges.

This vulnerability was reported to affect GNU GNATS 3.113.1 and 3.113.

22. IndigoSTAR Software PerlEdit Denial Of Service Vulnerability BugTraq ID: 8006
Remote: Yes
Date Published: Jun 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8006
Summary:

PerlEdit is a IDE (Integrated Development Environment) for developing Perl scripts. It is maintained and distributed by IndigoSTAR Software. It is available for Linux variant and Microsoft Windows operating systems.

A denial of service vulnerability has been reported for PerlEdit. The vulnerability exists when an connection is made to TCP port 1956.

When PerlEdit is executed, it will bind to TCP port 1956. If an attempt is made to connect to that port while PerlEdit is running, it will cause PerlEdit to crash.

An attacker can exploit this vulnerability to connect to a vulnerable host on port 1956. This will cause the vulnerable PerlEdit application to crash.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported to affect PerlEdit 1.07.

23. LBreakOut2 Login Remote Format String Vulnerability BugTraq ID: 8021
Remote: Yes
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8021
Summary:

lbreakout2 is a freely available, open source clone of the game Arkanoid. It is available for the Unix and Linux platforms.

A problem in the software may allow unauthorized access.

It has been reported that lbreakout2 is vulnerable to a format string issue in the login component. This may result in an attacker executing arbitrary code on a vulnerable host.

The problem is in the handling of input by the login component of lbreakout2. By passing format specifiers through the initial login request, an attacker could potentially corrupt process memory and potentially execute arbitrary code.

IV. LINUX FOCUS LIST SUMMARY

1. How to block users from installing other apps (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326971

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. SP4 instalation failure (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/326977

3. Xp Home (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/326976

4. security auditing under windows 2000 server (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326899

5. Windows NLB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/326900

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. AW: Question about windows service (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326898

7. Question about windows service (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326890

8. Please read. Post containing BugBear.B (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326715

9. Search for files and folders fails (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326671

1. additional Windows 2000 password policy questions (Thread) Relevant URL:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/88/326673

1. Windows 2000 password policy (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326524

1. Managing Windows Event Logs (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326522

1. Filtering DHCP Assignments by MAC Address (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326479

1. Microsoft Baseline Security Analyzer (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326418

1. SecurityFocus Microsoft Newsletter #142 (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326385

1. adding new service to system services list (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326386

1. Netreg for Windows (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326294

1. Windows Event Logs (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/88/326289

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. Solsoft NP by SolSoft Platforms: AIX, HP-UX, Linux, Solaris, Windows 95/98, Windows NT Relevant URL: http://www.solsoft.com/solsoft.cfm?pageid=44 Summary:

Solsoft NP is a suite of policy management solutions for network security, offering visual definition of the corporate network security policy and automated implementation on network devices. Solsoft NP solves a complex and costly network security problem by offering a highly visual platform that automates the configuration and deployment of security rules on multi-vendor routers, switches, firewalls and VPNs. By automating the work and making different brands and devices interoperable, Solsoft NP offers ease of management, improved security, and return on investment. Thanks to new, powerful role-based management and workflow capabilities, Solsoft NP also frees geographically dispersed groups of engineers-and engineers with different responsibilities of the network-to collaboratively define, deploy, audit, and maintain common policies

2. NetOp Remote Control
by CrossTec Corporation
Platforms: DOS, Linux, OS/2, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Relevant URL:
http://www.crossteccorp.com/netopremote/index.html Summary:

With New NetOp Remote Control v7.5 you can easily reach any Windows, Linux, Sun Solaris or legacy OS/2 and DOS PC from your desktop or even via any Internet connected PC via our new IE browser Guest. View the remote PC's screen, control its keyboard and mouse, synchronize files, inventory its hardware and software, launch applications or chat with someone at the remote PC -- just as if you were seated at that computer.

3. T.REX Firewall
by Freemont Avenue Software, Inc.
Platforms: AIX, HP-UX, Linux, Solaris
Relevant URL:
http://www.opensourcefirewall.com/trex.html Summary:

The T.REX Firewall provides a mission critical, fault tolerant Firewall for Linux, AIX and Solaris. Features include High Availibility, Load Balancing, Web Caching, Content Filtering, NAT, VPN support, an advanced Application Proxy, and the ability to produce up to 52 unique reports.

V. NEW TOOLS FOR LINUX PLATFORMS

1. SURVIVOR v0.9.2b by Benn Oshrin Relevant URL: http://www.columbia.edu/acis/sy/unixdev/survivor/ Platforms: N/A Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SURVIVOR is yet another systems monitor. It consists of a POSIX-thread based scheduler written in C++ running arbitrary checks in a flexible, heterogeneous, bureaucratic, and convoluted environment. It maintains proper state, history, sanity, and attitude, and allows interaction via Web, command, and two-way messaging interfaces.

2. MIMEDefang v2.34
by David F. Skoll
Relevant URL:
http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX Summary:

MIMEDefang is a flexible MIME e-mail scanner designed to protect Windows clients from viruses. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unnaceptable attachments. MIMEDefang works with Sendmail 8.11's new "Milter" API, which gives it much more flexibility than procmail-based approaches.

3. Coyote Linux 2.0.0-pre6
by Joshua Jackson
Relevant URL:
http://www.coyotelinux.com/
Platforms: Linux
Summary:

Coyote Linux is a single floppy distribution for people who have an Internet connection that they wish to share with other computers on a LAN. In addition to connection sharing, it also provides firewall services to help protect the internal network. The goal of the Coyote project is to make it as quick and easy as possible to share an Internet connection.

VI. SPONSOR INFORMATION

Attend the Black Hat Briefings & Training, July 28-31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out.

Visit us at: http://www.securityfocus.com/BlackHat-linux-secnews

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek