SecurityFocus Microsoft Newsletter #128

SecurityFocus Microsoft Newsletter #128

I. FRONT AND CENTER

1. Cryptographic Filesystems: Design and Implementation
2. Windows Forensics - A Case Study: Part Two
3. An Analysis of Simile
4. Spam Wars Make Strange Bedfellows
5. SecurityFocus DPP Program
6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. MICROSOFT VULNERABILITY SUMMARY
7. CoffeeCup Software Password Wizard Remote Password Retrieval...
8. GTCatalog Remote File Include Vulnerability
9. PY-Livredor index.php HTML Injection Vulnerability
10. Pastel Accounting ACCUSER.DAT Obfuscation Weakness
11. TCPDump Malformed ISAKMP Packet Denial Of Service...
12. Logan Pro HTTP Header Code Injection Vulnerability
13. iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability
14. SurfStats Log Analyzer Logfile HTML Injection Vulnerability
15. WebLog Expert Logfile HTML Injection Vulnerability
16. InstantServer ISMail Remote User Fields Buffer Overflow...
17. Typo3 Showpic.PHP File Enumeration Vulnerability
18. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
19. Sendmail Header Processing Buffer Overflow Vulnerability
20. WebLog Expert HTTP Header Code Injection Vulnerability
21. iPlanet Log Analyzer Logfile HTML Injection Vulnerability
22. Typo3 Log HTML Injection Vulnerability
23. Typo3 Translations.PHP Remote File Include Vulnerability
24. Typo3 Translations.PHP File Disclosure Vulnerability
25. Typo3 Webroot Folders Information Disclosure Weakness
26. Typo3 HTML Hidden Form Field Information Disclosure Weakness
27. Netscape Communicator Password Disclosure Weakness
28. Typo3 Runtime Error Page Information Disclosure Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
29. User rights on Terminal Services (Thread)
30. Article Announcement: Windows Forensics - A Case Study: Part...
31. Logging mechanism in IIS (was RE: code red---- on system that...
32. Logging mechanism in IIS (was code red---- on system that is...
33. code red---- on system that is already (and has been) patched...
34. experiment supports concept of using host header names as...
35. 5 security questions (Thread)
36. SecurityFocus Microsoft Newsletter #127 (Thread)
37. host header names as security devices (Thread)
38. One Time Passwords (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
39. Steganos Security Suite 4
40. SSH Secure Shell for Windows Servers
41. N2H2 Sentian
42. NEW TOOLS FOR MICROSOFT PLATFORMS
43. DiskZapper v1.0
44. pkeytool v1.0.0
45. NodeBrain v0.5.0
46. FRONT AND CENTER

    ---

47. Cryptographic Filesystems: Design and Implementation By Ido Dubrawsky

Cryptographic filesystems have recently come to the forefront of security. This article will discuss some of the background and technology of cryptographic filesystems and will then cover some example implementations of these filesystems including Microsoft's Encrypting File System for Windows 2000, the Linux CryptoAPI, and the Secure File System.

http://www.securityfocus.com/infocus/1673

2. Windows Forensics - A Case Study: Part Two By Stephen Barish

This article is the second in a two-part series that will offer a case study of forensics in a Windows environment. This article deals with determining the scope of the compromise, and understanding what the attacker is trying to accomplish at the network level. Along the way, we'll be discussing some tools and techniques that are useful in this type of detective work.

http://www.securityfocus.com/infocus/1672

3. An Analysis of Simile
by Adrian Marinescu

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Virus writers have always tried to develop new methods to make malware detection more difficult. For instance, encryption was a natural step in virus evolution when scanners started to use databases with scan strings for detection. When scanners started to handle encryption patterns generically, first oligomorphism (a limited form of polymorphism - the polymorphic decryptor can have a strictly limited, relatively small number of shapes) and then polymorphism were introduced.

http://www.securityfocus.com/infocus/1671

4. Spam Wars Make Strange Bedfellows
By Jon Lasser

The open-source community is closer than ever to curing the spam problem, but they'll have to hold their noses and help out Windows users to get there.

http://www.securityfocus.com/columnists/146

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. CoffeeCup Software Password Wizard Remote Password Retrieval Vulnerability BugTraq ID: 6995 Remote: Yes Date Published: Mar 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6995 Summary:

Password Wizard is a software package designed to offer password protection to web sites. It is available for the Microsoft Windows operating system.

A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources.

It has been reported that Password Wizard does not sufficiently protect usernames and passwords. In a default configuration, an attacker may be able to gain access to this information, and thus access to restricted resources.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the permissions of the file the credentials are stored in, in addition to the ability of an attacker to access this file remotely. An attacker could ascertain the name of the credentials file by viewing the HTML source of the login page, and download the file.

The credentials file is typically the same name as the shockwave flash login page, with the extension of .apw vice .swf.

2. GTCatalog Remote File Include Vulnerability BugTraq ID: 6998
Remote: Yes
Date Published: Mar 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6998
Summary:

GTCatalog is software designed to maintain a catalog of products. It is implemented in PHP and is available for a variety of platforms including Microsoft Windows and Linux variant operating systems.

GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data. Specifically the PHP script file 'index.php' is vulnerable to this issue.

Under some circumstances, it is possible for remote attackers to influence the include path for files ending with '.custom.inc' to point to an external file on a remote server by manipulating the '$function' and '$custom' URI parameters.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for GTCatalog 0.9.1 and earlier.

3. PY-Livredor index.php HTML Injection Vulnerability BugTraq ID: 6997
Remote: Yes
Date Published: Mar 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6997
Summary:

PY-Livredor is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

PY-Livredor does not adequately filter HTML tags from various fields on the 'index.php' page. Specifically, an attacker may be able to insert malicious HTML code into the "titre", "Votre pseudo", "Votre e-mail",
"Votre message" fields.

The attacker's code may be executed in the web client of users who view the pages generated by the guestbook, in the security context of the website hosting the software.

Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials.

This vulnerability has been reported for PY-Livredor version 1.0.

4. Pastel Accounting ACCUSER.DAT Obfuscation Weakness BugTraq ID: 7003
Remote: No
Date Published: Mar 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7003
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Pastel Accounting is financial software for Microsoft Windows operating systems.

Pastel Accounting is reported to store sensitive user and security information on the local system using a trivially reversible obfuscation method. This information is stored in the 'ACCUSER.DAT' file in each particular client folder. 'ACCUSER.DAT' stores username/password information for individual client accounts.

The information in this file is obfuscated by rotating the characters in the original string. For example, the string "ABCDEFGH" will be stored as
"stuvwxyz" in 'ACCUSER.DAT'.

Malicious users with read access to this file may easily gain access to sensitive information. This will also permit malicious users with write access to the file to modify data, since the software does not verify the contents of this file any further.

This issue was reported in Pastel Account version 6.0-6.12. Other versions may also be affected.

5. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability BugTraq ID: 6974
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6974
Summary:

tcpdump is a freely available, open source network monitoring tool. It is available for the Unix, Linux, and Microsoft Windows operating systems.

A vulnerability in the processing of some packet types may result in an inability to further use the tcpdump application.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted.

The problem is in the handling of ISAKMP packets. When tcpdump receives a maliciously crafted ISAKMP packet, the application enters an infinite loop and ceases to further monitor network traffic. This could allow the passing of undetected network traffic that would typically be seen by tcpdump.

6. Logan Pro HTTP Header Code Injection Vulnerability BugTraq ID: 7010
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7010
Summary:

Logan Pro is a Web Log Analysis Tool for Microsoft Windows platforms that reads the log file created by a web server and generates a comprehensive report.

A vulnerability has been discovered in Logan Pro. Under certain circumstances an attacker may embed HTML code into the HTTP header section of a web log entry. Due to insufficient sanitization of HTTP header information, Logan Pro reports that are derived from malicious web logs may incorporate the arbitrary attacker supplied HTML code.

Specifically, embedding HTML code into a HTTP header, such as 'UserAgent', may result in attacker-supplied code being executed in Logan Pro log reports.

Successful exploitation of this issue would result in the execution of HTML commands when viewing reports generated by Logan Pro. All commands executed in this manner would be run within context of the browser used to view the report.

This vulnerability was reported for Logan Pro version 1.2 previous versions may also be affected.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability BugTraq ID: 7012
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7012
Summary:

iPlanet is an HTTP server product. It is available for a number of platforms, including Unix and Linux variants and Microsoft Windows operating systems.

A vulnerability has been reported for iPlanet that may conceal malicious log entries from the 'View Access Log' and 'View Error Log' utilities. The problem occurs due to the utilities' parsing of the 'Format=' string, which is typically used to specify log entry formatting.

An attacker can exploit this vulnerability by generating a log entry using a hostname which is prepended with the 'Format=' string. Because the data supplied as the 'Format' will not be recognized by the said utilities, the log entry will be not be shown.

It should be noted that viewing the log data with other utilities, such as a text-based editor, will disclose the malicious entries.

8. SurfStats Log Analyzer Logfile HTML Injection Vulnerability BugTraq ID: 7014
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7014
Summary:

SurfStats Log Analyzer is software for viewing webserver logs. It is available for Microsoft Windows operating systems.

SurfStats Log Analyzer does not sufficiently sanitize HTML when logging requests. If malicious data containing HTML and script code is logged and then viewed using the software, exploitation will occur. Through exploitation of this issue, it will be possible to falsify log information and execute arbitrary script code in the web client of the user viewing the logs.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue has been demonstrated when the log analysis software renders a malicious hostname which contains hostile HTML or script code, which was logged when the server did an inverse lookup of hostname data. This is only one possible scenario, and it is likely that data other than the hostname is not sufficiently filtered.

9. WebLog Expert Logfile HTML Injection Vulnerability BugTraq ID: 7016
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7016
Summary:

WebLog Expert is software for viewing webserver logs. It is available for Microsoft Windows operating systems.

WebLog Expert does not sufficiently sanitize HTML when logging requests. If malicious data containing HTML and script code is logged and then viewed using the software, exploitation will occur. Through exploitation of this issue, it will be possible to falsify log information and execute arbitrary script code in the web client of the user viewing the logs.

This issue has been demonstrated when the log analysis software renders a malicious hostname which contains hostile HTML or script code, which was logged when the server did an inverse lookup of hostname data. This is only one possible scenario, and it is likely that data other than the hostname is not sufficiently filtered.

1. InstantServer ISMail Remote User Fields Buffer Overflow Vulnerability BugTraq ID: 6972 Remote: Yes Date Published: Feb 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6972 Summary:

ISMail is a commercially available mail server implementation by InstantServers. It is available for the Microsoft Windows operating system.

A problem with ISMail could make it possible for a remote attacker to execute arbitrary code on systems using vulnerable software.

It has been reported that ISMail does not properly handle long strings under some circumstances. When an email containing specifically crafted strings in various fields of the email header is passed through the server, a buffer overflow occurs. This could be exploited to execute code on vulnerable server.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the RCPT TO and FROM fields. When domain names of excessive length are supplied in these fields, a stack overflow occurs. This problem could be exploited to execute code with the privileges of the ISMail process, which is typically run as SYSTEM.

1. Typo3 Showpic.PHP File Enumeration Vulnerability BugTraq ID: 6982 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6982 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be exploited by submitting a malicious request for a file (including the relative path). These scripts will return information about whether or not a file exists.

This type of information may be useful in mounting further attacks against the host system, since the scripts will reveal information about the layout of the host's filesystem.

1. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability BugTraq ID: 6990 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6990 Summary:

QuickTime/Darwin Streaming Administration Server is server technology which allows you to send streaming QuickTime data to clients across the Internet.

A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server (SS). The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Specifically, directory traversal sequences are not sanitized from the value supplied to the 'filename' URI parameter. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.

An attacker may exploit this vulnerability by making a request to the parse_xml.cgi script containing dot-dot-slash ('../') sequences followed by a filename. When the malicious request is processed, the Streaming Server will disclose the contents of the file to an attacker.

This vulnerability was tested on SS for Microsoft Windows systems. Linux versions of Darwin SS are reportedly not vulnerable to this issue.

1. Sendmail Header Processing Buffer Overflow Vulnerability BugTraq ID: 6991 Remote: Yes Date Published: Mar 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6991 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Sendmail is a widely used MTA for Unix and Microsoft Windows systems.

A remotely exploitable vulnerability has been discovered in Sendmail. The vulnerability is due to a buffer overflow condition in the SMTP header parsing component. Remote attackers may exploit this vulnerability by connecting to target SMTP servers and transmitting to them malformed SMTP data.

The overflow condition occurs when Sendmail processes addresses or lists of addresses in fields such as "From:" or "CC:". One of the checks to ensure that the addresses are valid is flawed, resulting in a buffer overflow condition. Successful attackers may exploit this vulnerability to gain root privileges on affected servers remotely.

It has been reported that this vulnerability may possibly be locally exploitable if the sendmail binary is setuid/setgid.

Versions 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or apply available patches to prior versions of the 8.x tree.

1. WebLog Expert HTTP Header Code Injection Vulnerability BugTraq ID: 7015 Remote: Yes Date Published: Mar 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7015 Summary:

WebLog Expert is a Web Log Analysis Tool for Microsoft Windows platforms that reads the log file created by a web server and generates a comprehensive report.

A vulnerability has been discovered in WebLog Expert. Under certain circumstances an attacker may embed HTML code into the HTTP header section of a web log entry. Due to insufficient sanitization of HTTP header information, WebLog Expert reports that are derived from malicious web logs may incorporate the arbitrary attacker supplied HTML code.

Specifically, embedding HTML code into a HTTP header, such as 'UserAgent', may result in attacker-supplied code being executed in WebLog Expert log reports.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation of this issue would result in the execution of HTML commands when viewing reports generated by WebLog Expert. All commands executed in this manner would be run within context of the browser used to view the report.

This vulnerability was reported for WebLog Expert version 1.6.1 other versions may also be affected.

1. iPlanet Log Analyzer Logfile HTML Injection Vulnerability BugTraq ID: 7017 Remote: Yes Date Published: Mar 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7017 Summary:

iPlanet is an enterprise web server software package with a built-in tool for viewing webserver logs. It is available for Microsoft Windows, Unix, and Linux operating systems.

iPlanet does not sufficiently sanitize HTML when logging requests. If malicious data containing HTML and script code is logged and then viewed using the log viewing software, exploitation will occur. Through exploitation of this issue, it will be possible to falsify log information and execute arbitrary script code in the web client of the user viewing the logs.

This issue has been demonstrated when the log analysis software renders a malicious hostname which contains hostile HTML or script code, which was logged when the server did an inverse lookup of hostname data. This is only one possible scenario, and it is likely that data other than the hostname is not sufficiently filtered.

This issue occurs when viewing logs in both HTML and text mode.

1. Typo3 Log HTML Injection Vulnerability BugTraq ID: 6983 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6983 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYP03 logs all system and access related errors in the TYPO3 database and provides a facility for administrators to view this information from the web. However, data is not sanitized of HTML before being logged. As a result, remote attackers may inject malicious HTML and script code into log files. When these logs are viewed, the hostile code will be interpreted in the web client of the user viewing the logs.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may allow for theft of administrative cookie-based authentication credentials and other attacks.

1. Typo3 Translations.PHP Remote File Include Vulnerability BugTraq ID: 6984 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6984 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used by a URI parameter of the 'translations.php' PHP page.

Under some circumstances, it is possible for remote attackers to influence the path for an include file to point to an external file by manipulating the '$ONLY' URI parameter.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

1. Typo3 Translations.PHP File Disclosure Vulnerability BugTraq ID: 6985 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6985 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 does not sufficiently sanitize input submitted via URI parameters of potentially malicious data. This issue exists in the 'translations.php' script. Specifically, variations of directory traversal sequences and null characters (%00) may be specified as a value for the 'ONLY' URI parameter. By submitting a malicious web request to this script that contains a relative path to a resource and a null character (%00), it is possible to retrieve arbitrary files that are readable by the web server process.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation will permit the attacker to gain access to sensitive information that may aid in mounting further attacks against the system hosting the software.

1. Typo3 Webroot Folders Information Disclosure Weakness BugTraq ID: 6988 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6988 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

It has been reported that TYPO3 installs, by default, several directories into the TYPO3 webroot. These directories are reportedly readable or lacking sufficient authentication mechanisms and contain log, configuration and script files. This weakness may result in the disclosure of sensitive system based information to malicious web users.

The following directories and files have been reported to be prone to this issue: /install /fileadmin/ /typo3conf/

The information gathered as a result of this weakness may be used in further attacks against the system.

20. Typo3 HTML Hidden Form Field Information Disclosure Weakness BugTraq ID: 6993
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6993
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. Such fields may contain potentially sensitive information which may provide determined attackers with valuable information which may be useful in exploiting other known issues in the software.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for TYPO3 3.5b5.

21. Netscape Communicator Password Disclosure Weakness BugTraq ID: 6981
Remote: No
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6981
Summary:

Netscape Communicator is a combined web browser and e-Mail Client developed for a variety of platforms including Microsoft Windows, Linux and Unix variant operating environments.

It has been reported that the Netscape Communicator roaming profile function may store sensitive user credentials in the 'prefs.js' configuration file using plaintext or easily disclosed format.

This weakness may result in an attacker accessing sensitive user credentials that may be used in further attacks launched against the system.

Conflicting details have been reported suggesting that perhaps this issue may be due to a user initiated configuration change and that password data may be encrypted using a trivial XOR based encryption algorithm by default.

This report is closely related to the issue described in BID 6215.

22. Typo3 Runtime Error Page Information Disclosure Vulnerability BugTraq ID: 6986
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6986
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

An information disclosure vulnerability has been reported for TYPO3. The vulnerability exists in several 'test', 'class' and 'library' scripts that are included with TYPO3.

These scripts may be forced to execute and generate runtime errors. When these errors occur, the scripts will output path information.

Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.

III. MICROSOFT FOCUS LIST SUMMARY

1. User rights on Terminal Services (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314283

2. Article Announcement: Windows Forensics - A Case Study: Part Two (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314229

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Logging mechanism in IIS (was RE: code red---- on system that is already (and has been) patched) (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314217

4. Logging mechanism in IIS (was code red---- on system that is already (and has been) patched) (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314106

5. code red---- on system that is already (and has been) patched (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313851

6. experiment supports concept of using host header names as security layer (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313859

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. 5 security questions (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313780

8. SecurityFocus Microsoft Newsletter #127 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313685

9. host header names as security devices (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313617

1. One Time Passwords (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313616

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. Steganos Security Suite 4 by Steganos Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.steganos.com/en/sss/index.htm Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A complete, easy-to-use security package that encrypts and conceals your data. The Steganos Safe is a secure hard drive, which disappears at the click of a button. Thanks to on-the-fly-encryption, 1 GB of data can be encrypted in less than a second. Create encrypted e-mail attachments. Includes Internet Trace Destructor, file shredder, e-mail encryption, password manager and computer locking.

2. SSH Secure Shell for Windows Servers
by SSH Communications Security
Platforms: N/A
Relevant URL:
http://www.ssh.com/products/security/secureshellwinserver/ Summary:

SSH Secure Shell for Windows Servers is an award-winning SSH server implementation for servers running a Microsoft Windows operating systems. The Microsoft Windows NT, 2000 and XP operating systems are increasingly being used as server platforms in organizations around the world, and SSH Secure Shell for Windows Servers solves the problem of providing secure management access to the business-critical services on these servers.

3. N2H2 Sentian
by N2H2
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL:
http://www.n2h2.com/products/sentian_home.php Summary:

Sentian filtering software works with a wide variety of implementations to meet the needs of organizations both large and small. Whichever device you prefer, every Sentian product uses the categorized filtering database recognized as the most effective available.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. DiskZapper v1.0 by Phil Howard Relevant URL: http://diskzapper.com/ Platforms: N/A Summary:

DiskZapper is a Linux-based bootable (floppy or CD-ROM) tool intended to wipe all hard drives on the machine it runs on to binary zero. This is intended for uses such as making sure old computers or hard drives being sold or trashed are clear of any confidential data, and to be sure certain computers are clear of any unlicensed software in the event the software piracy police visit. It comes in the form of a floppy image (ready to dd or rawrite) or a CD ISO image (ready to burn to CDR). No other software or OS required. This is a dangerous tool. Please store out of reach of children.

2. pkeytool v1.0.0
by David Green
Relevant URL:
http://pkeytool.couchpotato.net
Platforms: Os Independent
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

pkeytool takes over where the JDK's keytool leaves off by allowing users to work with private keys.

3. NodeBrain v0.5.0
by Ed Trettevik
Relevant URL:
http://www.nodebrain.org
Platforms: Os Independent
Summary:

NodeBrain is a rule-based state and event monitoring agent. It is an interpreter of the NodeBrain command language that includes commands for rule definition, state assertion and event alerting. It can be used for system health monitoring or other applications requiring automated response to state changes and patterns of events from application logs and other sources. It supports a peer-to-peer application protocol called NBP to enable event streams between agents within a network. Peers are authenticated and communication is encrypted. Store-and-forward queues are used to tolerate network, system, and peer outages. Integration with other applications is accomplished through a command line interface (CLI). This tool is intended for developers, as construction of a monitoring application using NodeBrain is a programming activity. A programmer must develop NodeBrain event correlation rules, input commands for state and event collection, and output commands for responses as required by a specific application. Received on Mon Mar 10 15:17:38 2003