SecurityFocus Microsoft Newsletter #121

SecurityFocus Microsoft Newsletter #121

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Exchange 2000 in the Enterprise: Tips and Tricks Part Two
2. The Curmudgeon's Crystal Ball: Security Predictions for 2003
3. Open Source Honeypots: Learning with Honeyd
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12,2003,Orlando,FL) II. MICROSOFT VULNERABILITY SUMMARY
6. BitMover BitKeeper Daemon Mode Remote Command Execution...
7. Geeklog Users.PHP Cross-Site Scripting Vulnerability
8. Xynph FTP Server Relative Path Directory Traversal Vulnerability
9. Geeklog Comment.PHP Cross-Site Scripting Vulnerability
10. Geeklog Homepage User Field HTML Injection Vulnerability
11. vSignup Remote SQL Injection Vulnerability
12. Mambo Site Server Multiple Cross Site Scripting Vulnerabilities
13. Mambo Site Server Arbitrary File Upload Vulnerability
14. Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox...
15. Trend Micro ScanMail For Exchange Authentication Bypass...
16. FormMail Cross-Site Scripting Vulnerability
17. vAuthenticate Remote SQL Injection Vulnerability
18. Half-Life Client Server Message Format String Vulnerability
19. Bea Systems WebLogic ResourceAllocationException System...
20. BitMover BitKeeper Local Temporary File Race Condition...
21. YABB SE Reminder.PHP SQL Injection Vulnerability
22. Geeklog Profiles.PHP Multiple Cross-Site Scripting...
23. BitMover BitKeeper Local Insecure Temporary File Permissions...
24. Business Objects WebIntelligence Application Session Hijacking... III. MICROSOFT FOCUS LIST SUMMARY
25. AD replication over WAN (Thread)
26. SecurityFocus Microsoft Newsletter #120 (Thread)
27. AD replication (Thread)
28. Understaing Event Details in Windows NT (Thread)
29. FW: AD replication over WAN (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
30. CryptoForge
31. AbsoluteShield Internet Eraser Pro
32. neuSECURE
33. NEW TOOLS FOR MICROSOFT PLATFORMS
34. ForceSQL v2.0
35. SMAC v1.0
36. Active@ File Recovery v2.0 VI. SPONSOR INFORMATION
37. FRONT AND CENTER

    ---

38. Exchange 2000 in the Enterprise: Tips and Tricks Part Two By Tim Mullen

This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. In the first part, we finished up building a messaging infrastructure that handled many of the issues mail administrators must contend with. This segment will address the security ramifications of publishing mail content to the Internet via Outlook Web Access.

http://online.securityfocus.com/infocus/1658

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. The Curmudgeon's Crystal Ball: Security Predictions for 2003 By Richard Forno

As we ring in the new year, it's in with the new and out with the old. Or is it? Our fearless forecaster thinks not.

http://online.securityfocus.com/columnists/135

3. Open Source Honeypots: Learning with Honeyd by Lance Spitzner

Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd.

http://online.securityfocus.com/infocus/1659

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. BitMover BitKeeper Daemon Mode Remote Command Execution Vulnerability BugTraq ID: 6588 Remote: Yes Date Published: Jan 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6588 Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make remote command execution possible.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute abitrary commands.

The program does not properly filter single quotes. As a result, commands contained between quotes will be executed on the host running the vulnerable software. Any commands executed between quotes will be executed with the privileges of the BitKeeper daemon process.

2. Geeklog Users.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6602
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6602
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to a cross-site scripting vulnerability in the
'users.php' script.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Xynph FTP Server Relative Path Directory Traversal Vulnerability BugTraq ID: 6587
Remote: Yes
Date Published: Jan 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6587
Summary:

Xynph FTP Server is a shareware FTP server available for Microsoft Windows operating systems.

A problem in Xynph FTP Server may allow a remote user to gain access to unauthorized resources.

A problem with the handling of input has been reported in Xynph FTP Server. Under some circumstances, it may be possible for a remote user to escape the FTP root directory using relative path notation. This could allow unauthorized access to systems using the vulnerable software.

It should be noted that this problem may allow an attacker to download arbitrary files on the vulnerable system. Additionally, the attacker would be able to access any files on the system to which the FTP server has access rights, which may be run with SYSTEM privileges in some configurations.

4. Geeklog Comment.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6603
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6603
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to a cross-site scripting vulnerability in the
'comment.php' script.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

5. Geeklog Homepage User Field HTML Injection Vulnerability BugTraq ID: 6604
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6604
Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to HTML injection attacks.

The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field when editing their user information. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. vSignup Remote SQL Injection Vulnerability BugTraq ID: 6606
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6606
Summary:

vAuthenticate is an authentication script that uses PHP and MySQL. It is available for the Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered in vSignup. It has been reported that the 'auth.php' fails to sufficiently sanitize user-supplied variables, making various PHP files prone to SQL injection attacks. This may make it possible for an unauthorized to access protected documents. The
'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for vSignup 2.1.

7. Mambo Site Server Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 6571
Remote: Yes
Date Published: Jan 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6571
Summary:

Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Mambo Site Server does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user. All code will be executed within the context of the website running Mambo Site Server.

The following files were reported to be prone to cross site scripting attacks:

administrator/popups/sectionswindow.php
administrator/gallery/gallery.php
administrator/gallery/navigation.php
administrator/gallery/uploadimage.php
administrator/gallery/view.php
administrator/upload.php

emailfriend/emailarticle.php
emailfriend/emailfaq.php
emailfriend/emailnews.php

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials.

This vulnerability was reported for Mambo Site Server 4.0.12 BETA and earlier.

8. Mambo Site Server Arbitrary File Upload Vulnerability BugTraq ID: 6572
Remote: Yes
Date Published: Jan 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6572
Summary:

Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems.

A problem with Mambo Site Server may make it possible for remote attackers to upload files to a vulnerable system.

Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. The following scripts have been reported to be vulnerable to this issue: administrator/gallery/uploadimage.php
administrator/upload.php
upload.php
userpage.php

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Specifically, the scripts only check to see whether certain image extensions, such as '.jpg' and '.gif', exist in the filename. As such any file that includes the allowed extensions may be uploaded. Any uploaded files will be stored in the 'images/stories' directory on the system.

Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

This vulnerability was reported for Mambo Site Server 4.0.12 BETA and earlier.

9. Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox Escaping Vulnerability BugTraq ID: 6566
Remote: Yes
Date Published: Jan 09 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6566
Summary:

ColdFusion MX Enterprise Edition is the application server developing and hosting infrastructure distributed by Macromedia. It is available as a standalone product for Unix, Linux, and Microsoft Operating Systems.

A problem with ColdFusion MX Enterprise Edition may allow users to access restricted files.

A vulnerability in the use of the cfinclude and cfmodule Tags exists in ColdFusion MX. In environments that are sandboxed, it may be possible for a script to access files outside of the sandboxed directory. This could lead to unauthorized access to files on the host.

The problem is in the handling of relative paths. Due to insufficient checking of input in custom tags, it is possible to upload a file using custom tags and containing relative paths that will access files outside of a sandboxed directory. This could allow an attacker to access unauthorized and potentially sensitive information.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that this vulnerability will only reveal the contents of files to which the ColdFusion server has read access to.

1. Trend Micro ScanMail For Exchange Authentication Bypass Vulnerability BugTraq ID: 6619 Remote: Yes Date Published: Jan 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6619 Summary:

Trend Micro ScanMail is a product designed to provide antivirus support for email servers.

A vulnerability has been reported for ScanMail for Microsoft Exchange. The vulnerability allows a remote attacker to bypass existing authentication mechanisms and obtain access to ScanMail's management system.

An attacker can exploit this vulnerability by making a request for the
'smg_Smxcfg30.exe' resource and modifying the 'vcc' URI parameter. This
will grant an attacker access to the web-based management page for ScanMail.

ScanMail Exchange 6.1 has been reported to be unaffected by this vulnerability.

1. FormMail Cross-Site Scripting Vulnerability BugTraq ID: 6570 Remote: Yes Date Published: Jan 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6570 Summary:

FormMail is a web-based e-mail gateway, which allows form-based input to be emailed to a specified user. It is written in Perl and will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

FormMail is allegedly prone to cross-site scripting attacks.

The FormMail script does not sufficiently sanitize HTML tags and script code from query strings, which in turn are output into pages generated by the software. As a result, a remote attacker may construct a malicious link to the script which contains arbitrary script code. If this link is visited by a web user, the attacker-supplied script code may be interpreted by their browser in the context of the site hosting the software.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may allow an attacker to steal cookie-based authentication credentials or manipulate web content. Other attacks are also possible.

This issue was reported in FormMail 1.92. Other versions may also be affected.

1. vAuthenticate Remote SQL Injection Vulnerability BugTraq ID: 6605 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6605 Summary:

vAuthenticate is an authentication script that uses PHP and MySQL. It is available for the Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered in vAuthenticate. It has been reported that the 'auth.php' fails to sufficiently sanitize user-supplied variables, making various PHP files prone to SQL injection attacks. This may make it possible for an unauthorized to access protected documents. The 'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for vAuthenticate 2.8.

1. Half-Life Client Server Message Format String Vulnerability BugTraq ID: 6582 Remote: Yes Date Published: Jan 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6582 Summary:

The Half-Life client is a component of the Half-Life game distributed by Valve Software. It is available for Microsoft Windows operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem in the Half-Life client could allow remote users to execute arbitrary code on a vulnerable host.

It has been reported that the Half-Life client contains a format string vulnerability. When receiving messages from an administrator through the rcon remote administration console, the client does not properly handle input. This could result in denial of service, or code execution.

The problem is in the handling of messages sent through the csay or psay commands on a standard server, or the admin_ssay and admin_psay commands when adminmod is used. The Half-Life client does not properly handle these commands, making it possible to launch an exploitable format string attack on the clients. This may permit an attacker to corrupt arbitrary locations in memory with attacker-supplied values. Any code executed on the vulnerable clients would be with the privileges of the user of the Half-Life client.

1. Bea Systems WebLogic ResourceAllocationException System Password Disclosure Vulnerability BugTraq ID: 6586 Remote: Yes Date Published: Jan 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6586 Summary:

BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions.

A vulnerability in BEA Systems WebLogic Server may, under some circumstances, result in the disclosure of system passwords if exceptions are output.

BEA Systems has reported that WebLogic Server will throw an exception when an application attempts to route a JMS message across a bridge and an error occurs. This exception will include the supplied system password, in plaintext.

Applications that output exceptions may inadvertently disclose password values. This may ultimately result in a remote party gaining access to affected systems.

1. BitMover BitKeeper Local Temporary File Race Condition Vulnerability BugTraq ID: 6589 Remote: No Date Published: Jan 12 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6589 Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with BitKeeper may make local symbolic link attacks possible.

It has been reported that BitKeeper is vulnerable to a race condition error. Under some circumstances, BitKeeper creates files in the temporary directory. However, it may be possible to create a symbolic link in a crucial point of program execution that would result in the overwriting of files at the end of the link.

The program does not properly open the temporary file. Rather than performing the check and opening the file all in one function, the program first checks, then in a seperate function opens the file. This creates a window of attack that could result in the overwriting of files that are write-accessible to the BitKeeper process.

1. YABB SE Reminder.PHP SQL Injection Vulnerability BugTraq ID: 6591 Remote: Yes Date Published: Jan 12 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6591 Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks.

It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user.

This problem may allow a remote user to change the password of the administrative user of an instance of YaBB SE. It may also allow a remote user to gain other information from SQL databases used to backend YaBB SE.

1. Geeklog Profiles.PHP Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 6601 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6601 Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

1. BitMover BitKeeper Local Insecure Temporary File Permissions Vulnerability BugTraq ID: 6590 Remote: No Date Published: Jan 12 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6590 Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make the destruction or injection of information possible.

It has been reported that BitKeeper insecurely creates temporary files. Under some circumstances, BitKeeper creates files in the temporary directory. However, these files are created with world-writable permissions, which may allow the removal of these files, or injection of data into them.

1. Business Objects WebIntelligence Application Session Hijacking Vulnerability BugTraq ID: 6569 Remote: Yes Date Published: Jan 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6569 Summary:

WebIntelligence is an analysis tool for business intelligence. It is distributed by Business Objects, and available for the Unix and Microsoft Windows platforms.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with the WebIntelligence application could make it possible for remote users to hijack sessions.

It has been reported that WebIntelligence uses an insecure model for ensuring session security. The application uses web-type security features that may be prone to hijacking. This could allow a remote user to gain unauthorized access to another user's session.

The problem is that the application uses cookies with guessable values to secure user sessions. It has also been suggested that a remote attacker may use other means to steal cookie-based authentication credentials from legitimate users. By gaining access to the application's session cookie, another user could gain complete access to the user's session, and perform all actions with the privileges of the victim. This vulnerability however does not permit the changing of user passwords.

III. MICROSOFT FOCUS LIST SUMMARY

1. AD replication over WAN (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/306896

2. SecurityFocus Microsoft Newsletter #120 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/306905

3. AD replication (Thread)
Relevant URL:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/306717

4. Understaing Event Details in Windows NT (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/306718

5. FW: AD replication over WAN (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/306762

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. CryptoForge by Ranquel Technologies Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.cryptoforge.com/ Summary:

CryptoForge is the suite of encryption tools for professional and personal security. It allows you to protect the privacy of your sensitive files and messages by encrypting them with up to four strong cryptographic algorithms. Once the information has been encrypted, it can be stored on insecure media or transmitted on an insecure network -like the Internetand  still remain secret. Later, the information can be decrypted into its original form. CryptoForge integrates the strongest cryptography available today into the Windows environment...

2. AbsoluteShield Internet Eraser Pro
by SysShield Consulting, Inc
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.internet-track-eraser.com/
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

AbsoluteShield Internet Eraser protects your privacy by cleaning up all the tracks of your Internet and computer activities. The tool is integrated with IE and it can erase the browser cache, history, cookies, typed URLs, autocomplete list and so on in one click. You can also set the tool to automatically erase those tracks when you quit IE or quit Windows. The tool is also featured to erase the disk free space and has the open plugin support. With the plugin support, AbsoluteShield Internet Eraser now supports to erase the tracks left by any applications. We currently offer more than 20 plugins which supports the most popular programs such as MS Office, WinZip, UltraEdit, RealPlayer, Media Player... Beside the ability to erase the tracks of your Internet and computer activities, the tool also has an integrated, small, configurable and intelligent Ad window and popup blocker.

3. neuSECURE
by GuardedNet
Platforms: Linux, UNIX, Windows 2000, Windows NT, Windows XP http://www.guarded.net/prod/prod.html
Summary:

neuSECURE is a web-based security information management software solution designed to provide a comprehensive, coherent view of enterprise security. It correlates log data files from disparate machines such as firewalls, intrusion detection systems, computer systems and routers and automatically analyzes this data to uncover legitimate threats to the enterprise. neuSECURE allows security analysts to prioritize their investigations and focus on the mission-critical task of responding to threats as they are occurring, rather than after the damage is done. And with neuSECURE a security team can manage security threats from early detection to final resolution without ever leaving the intuitive, web-based console.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. ForceSQL v2.0 by Network Intelligence India Pvt. Ltd. Relevant URL: http://www.nii.co.in/tools.html Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

forceSQL is a password auditing tool for MS SQL Servers. It audits accounts by guessing passwords on SQL Databases. It uses both brute-force and dictionary attacks. It works much faster than other such tools because it bypasses the SQL ODBC API and talks directly to the network layer by constructing its own login packets.

2. SMAC v1.0
by KLC Consulting Security Team
Relevant URL:
http://www.klcconsulting.net/smac/
Platforms: Windows 2000, Windows XP
Summary:

SMAC is a free GUI tool, which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems, whether the manufactures allow this option or not.

SMAC does not change the hardware burned-in MAC addresses. It is not necessary. SMAC changes the "software based" MAC addresses on the Windows 2000 & XP systems, and the new MAC addresses you change will sustain from the reboots.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Active@ File Recovery v2.0
by Active@ Data Recovery Services
Relevant URL:
http://www.file-recovery.net/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

Active@ File Recovery is a powerful software utility, designed to restore accidentally deleted files and directories. It allows you to recover files that have been deleted from the Recycle Bin, as well as those deleted after avoiding the Recycle Bin (e.g. Shift-Delete).

VI. SPONSOR INFORMATION

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php