SecurityFocus Newsletter #170

SecurityFocus Newsletter #170

This issue sponsored by: John Wiley & Sons, Inc.

SAVE UP TO 40% ON WILEY SECURITY BOOKS Wiley, the #1 publisher of security books, has partnered with Amazon.com to offer an incredible selection of titles at up to 40% off list price. Included are Mike Schiffman's "Building Open Source Security Solutions", updated editions of their best selling CISSP exam guides, and favorites like Bruce Schneier's "Secrets and Lies". See the full selection at:

http://www.amazon.com/exec/obidos/tg/feature/-/217991/103-2788057-0235869

I. FRONT AND CENTER

1. Complete Snort-based IDS Architecture, Part One
2. Polymorphic Macro Viruses, Part Two
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL) II. BUGTRAQ SUMMARY
5. Monkey HTTP Server Invalid POST Request Denial Of Service Vuln
6. [No Subject]
7. Northern Solutions Xeneo Web Server Denial Of Service Vulnerability
8. Pablo Software Solutions FTP Server Format String Vulnerability
9. GlobalSunTech Access Point Information Disclosure Vulnerability
10. HP TruCluster Server Cluster Interconnect Denial of Service Vuln
11. Multiple Vendor Sun RPC LibC TCP Time-Out Denial Of Service Vuln
12. PERL-MailTools Remote Command Execution Vulnerability
13. The Magic Notebook Invalid Username Denial Of Service Vuln
14. Networking_Utils Remote Command Execution Vulnerability
15. Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of Service Vuln
16. SnortCenter Insecure Temporary Filename Vulnerability
17. SnortCenter Insecure Sensor Configuration File Permissions Vuln
18. RhinoSoft Serv-U FTP Server Denial Of Service Vulnerability
19. Safe.PM Unsafe Code Execution Vulnerability
20. QNX TimeCreate Local Denial of Service Vulnerability
21. Frank McIngvale LuxMan Memory File Descriptor Leakage Vulnerability
22. Apache mod_php File Descriptor Leakage Vulnerability
23. Linux Kernel 2.4 System Call TF Flag Denial Of Service Vulnerability
24. Linuxconf mailconf Module Mail Relay Vulnerability
25. WindowMaker Image Handling Buffer Overflow Vulnerability
26. Pine From: Field Heap Corruption Vulnerability III. SECURITYFOCUS NEWS ARTICLES
27. Heckencamp Free Again
28. Verisign moves DNS root servers in defensive ploy
29. Symantec undeletes mail deletion bug
30. Network Signals Just Scream to Be Exploited
31. How to Keep The Wireless Snoops Away
32. Experts make defensive change to key U.S. Internet computers
33. Microsoft Earns a Security Merit Badge
34. £40m software piracy ring smashed in Italy
35. Mozilla riddled with security holes IV.SECURITY FOCUS TOP 6 TOOLS
36. MAILMILL v0.1
37. Annoyance Filter v1.0-RC1
38. Tnefclean v1.0
39. IP Blocker v1.0.20021107
40. MailStripper v0.62
41. GNU Anubis v3.6.0
42. SECURITYJOBS LIST SUMMARY
43. Security Professional seeking position in Chicagoland Area - (Thread)
44. Major Account Executive - UK (Liverpool) - Competitive base - (Thread)
45. Senior Network Consultant Opportunity in Boston, Massachusetts (Thread)
46. Senior UNIX Administrator with Server Security Experience (Thread)
47. Graduate Security Jobs ? (Thread)
48. NYC Fulltime Security Engineer (Thread)
49. Director of Sales (Thread)
50. Please note that I'm not the recruiter for this position (Thread)
51. (job offered) Sales Rep for Security Consulting firm (Thread)
52. Senior/Seasoned Security Engineers wanted for ongoing... (Thread)
53. Code Review Consultant- New York City (Thread)
54. Systems Security Engineer Seattle, WA $30-65 per hour (Thread)
55. IS Security Expert at the European Central Bank,Frankfurt (Thread)
56. TCI, Houston, Texas, Security Specialist, (Thread)
57. Unix administrator within the data security group for (Thread)
58. CISSP GSEC InfoSec Engineer looking for opening in Los Angeles (Thread)
59. Enterprise Security Administrator / IDS / Firewall Professional(Thread)
60. HOT Security Project Manager NEEDED FOR IL!!!!! (Thread)
61. Enterprise Security Administrator / Anti Virus Lead (Thread)
62. looking for security work in London (Thread)
63. Looking for an opportunity -CISSP & CISA (Thread)
64. Microsoft Response Engineer (Thread) VI. INCIDENTS LIST SUMMARY
65. ano@ano.com ftpd dip.t-dialin.net (Thread)
66. 030.com (Thread)
67. What's up with 3014/tcp? (Thread)
68. Ip spoof from 0.0.0.0 (Thread)
69. Ip spoof from 0.0.0.0 (Thread)
70. IIS and leech (Thread)
71. Script I haven't seen? Or human directed? (Thread)
72. Nimda and CodeRed Increases (Thread)
73. Port 1975 rogue service (Thread)
74. DOS Attack Update block by referer (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
75. Symbol Access Points. (Thread)
76. Firewall bypassing tool (Thread)
77. TOTAL WIRELESS SECURITY (Thread)
78. Phenoelit Advisory 0815 ++ // Xedia (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
79. Win 2000 passsword Complexity Requirements (Thread)
80. IIS 5 and client certificates (Thread)
81. Any way to remove ADMIN$ only? (Thread)
82. Certification for Win2k Web Servers (Thread)
83. Win2k IPSec -Default behavior (Thread)
84. Win2K IPSec -Default behavior - XP has same problem (Thread)
85. was - RE: Access to well-known ports on Win2K -now (Thread)
86. Win2k IPSec -Default behavior (Thread)
87. Access to well-known ports on Win2K (Thread)
88. Active Directory network security (Thread)
89. EFS in WinXP - how good is it? (Thread)
90. SecurityFocus Microsoft Newsletter #111 (Thread)
91. [RE: Access to well-known ports on Win2K] (Thread) IX. SUN FOCUS LIST SUMMARY
92. Current Solaris security infodocs (Thread)
93. LINUX FOCUS LIST SUMMARY [No Messages on Focus-Linux Thie Week] XI. SPONSOR INFORMATION
94. FRONT AND CENTER

    ---

95. Complete Snort-based IDS Architecture, Part One

Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This two-part article will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software.

http://online.securityfocus.com/infocus/1640

2. Polymorphic Macro Viruses, Part Two

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This article is the second of a two-part series that will offer a brief overview of polymorphic strategies in macro viruses. The first installment of this series looked at some early examples of polymorphism, along with some of the early polymorphic techniques. This installment will look at the first serious polymorphic macro viruses, as well as the evolution of viruses into true polymorphic and, ultimately, metamorphic viruses.

http://online.securityfocus.com/infocus/1638

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all! Go to: http://www.misti.com/10/os03nl37inf.html

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

II. BUGTRAQ SUMMARY

1. Monkey HTTP Server Invalid POST Request Denial Of Service Vulnerability BugTraq ID: 6096 Remote: Yes Date Published: Nov 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6096 Summary:

Monkey is an open source Web server written in C, based on the HTTP/1.1 protocol. It is available for the Linux platform.

A denial of service vulnerability has been reported for Monkey HTTP server. The vulnerability is due to inadequate checks being performed when decoding POST requests.

An attacker can exploit this vulnerability by issuing a POST request with an invalid Content-Length header, or without a Content-Length value. When the server attempts to service the request, it will crash and lead to the denial of service condition.

This vulnerability was reported for Monkey HTTP server 0.50. Earlier versions are likely to be affected by this vulnerability.

2. Microsoft SQL Server Login Weak Authentication Mechanism BugTraq ID: 6097
Remote: Yes
Date Published: Nov 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6097
Summary:

Microsoft SQL Server Logins employ a weak method of password obfuscation.

One method of authentication against a SQL Server is to use Windows Authentication and the other is to use SQL Server Logins. Reportedly, passwords used for SQL Server Logins are sent across the network using a weak password obfuscation algorithm.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this weakness to sniff network traffic to obtain SQL Server user and related password authentication credentials.

The weakness is due to the weak obfuscation algorithm which simply converts information to UNICODE format. Then, the four MSBs (most significant bits) are swapped with the four LSBs (least significant bits) of every byte and XOR-ed with a fixed value of 0xA5. This will result in a predictable sequence of network traffic that can be easily deciphered by an attacker.

This weakness may give users a false sense of security and should not be used as the primary means of authentication in critical and sensitive systems.

3. Northern Solutions Xeneo Web Server Denial Of Service Vulnerability BugTraq ID: 6098
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6098
Summary:

Northern Solutions Xeneo is a web server designed for use with the Microsoft Windows operating system.

A denial of service vulnerability has been reported for Xeneo web server. The vulnerability occurs when Xeneo attempts to process malformed HTTP requests.

An attacker can exploit this vulnerability by issuing a HTTP request that begins with a '%' character. When the web server processes this request, it will crash and lead to the denial of service condition.

4. Pablo Software Solutions FTP Server Format String Vulnerability BugTraq ID: 6099
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6099
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Pablo Software Solutions FTP Server is freely available software for Microsoft Windows operating systems.

A format string vulnerability has been reported in Pablo Software Solutions FTP Server. The vulnerability occurs due to inadequate checking of user-supplied input for the login credentials.

An attacker can exploit this vulnerability by logging into the FTP server with a username that includes malicious format specifiers. This may result in memory being overwritten by remote attackers, possibly to execute arbitrary code. Any attacker-supplied code will executed with the privileges of the FTP server.

This vulnerability was reported for FTP server versions earlier than 1.51.

5. GlobalSunTech Access Point Information Disclosure Vulnerability BugTraq ID: 6100
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6100
Summary:

Global Sun Technology Inc. is a developer of Wireless Access Points distributed to OEM partners.

An information disclosure vulnerability has been discovered in certain GlobalSunTech access points.

It has been reported that a remote attacker is able to retrieve sensitive information from vulnerable access points, including WEP keys, the MAC filter, and the admin password.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It is possible to obtain this information by sending a specially constructed broadcast message, to UDP port 27155, containing the "gstsearch" string.

Information gained by exploiting this vulnerability may allow an attacker to launch further attacks against the target network.

It should be noted that this vulnerability was reported for a WISECOM GL2422AP-0T access point. Devices that use Global Sun Technology access points may be affected by this issue.

It has been determined that D-Link DI-614+ and SMC Barricade 7004AWBR access points are not affected by this issue.

It has been reported that Linksys WAP11-V2.2 is prone to this issue, but to a lesser extent. It is possible to obtain AP firmware versions, but other sensitive information is not accessible.

6. HP TruCluster Server Cluster Interconnect Denial of Service Vulnerability BugTraq ID: 6102
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6102
Summary:

A denial of service vulnerability has been discovered in the HP TruCluster Server Cluster Interconnect software.

It has been reported that the Cluster Interconnect software package may allow a local or remote attacker to cause a denial of service.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exploitation of this issue may prevent the service from responding to legitimate requests for service.

Precise technical details regarding this vulnerability are not yet available. This BID will be updated as more information regarding this issue becomes available.

7. Multiple Vendor Sun RPC LibC TCP Time-Out Denial Of Service Vulnerability BugTraq ID: 6103
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6103
Summary:

A vulnerability has been reported in multiple libc implementations which are based on Sun RPC. This may affect implementations on a number of different platforms and products.

A denial of service condition is reported to occur when data is read from a TCP connection. As a result, remote attackers may cause some services and daemons to hang. The cause of this issue is a failure of vulnerable libc implementations to provide a sufficient time-out mechanism when data is read from TCP connections.

Further details about what causes this condition are not known at this time. This record will be updated if further details about this vulnerability become available.

8. PERL-MailTools Remote Command Execution Vulnerability BugTraq ID: 6104
Remote: Yes
Date Published: Nov 05 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6104
Summary:

The perl-MailTools package is a collection of PERL modules related to mail applications.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for the Mail::Mailer module, included in the perl-MailTools package, which may allow remote attackers to execute arbitrary commands on the underlying shell with the privileges of the mailx process.

User-supplied input is passed to the mailx mailer, a simple MUA (Mail User Agent), but is not sufficiently sanitized of shell metacharacters before being passed through the shell.

Any applications that use Mail::Mailer directly or indirectly, like custom auto reply programs or spam filters, are vulnerable to attack.

9. The Magic Notebook Invalid Username Denial Of Service Vulnerability BugTraq ID: 6106
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6106
Summary:

The Magic Notebook is a web-based application for creating and organizing notes. It will run on Unix and Linux variants.

The Magic Notebook is prone to a denial of service vulnerability. The Magic Notebook reportedly crashes when attempting to handle an invalid username.

Remote attackers may be able to exploit this condition to deny service to legitimate users of the web application.

1. Networking_Utils Remote Command Execution Vulnerability BugTraq ID: 6107 Remote: Yes Date Published: Nov 05 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6107 Summary:

Networking_Utils is an application for supplying web access to networking tools such as ping, traceroute and nslookup. Networking_Utils is implemented in PHP and intended to run on Unix and Linux variants.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Networking_Utils is prone to a remote command execution vulnerability.

The issue exists in the implementation of the ping command. Shell metacharacters are not sufficiently sanitized from the domain name or IP address fields. This input will be passed directly through the shell. An attacker may exploit this issue by supplying malicious input which includes shell metacharacters and arbitrary commands, which will be interpreted by the underlying shell. The attacker may execute commands with the privileges of the webserver.

Exploitation of this issue will allow a remote attacker to gain local, interactive access to the underlying host.

Implementations of the other commands may also be affected by this vulnerability.

1. Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of Service Vulnerability BugTraq ID: 6110 Remote: Yes Date Published: Nov 05 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6110 Summary:

Cisco PIX Firewalls are reported to be prone to a denial of service condition.

The vulnerable condition occurs when telnet/SSH access has been enabled on the firewall for hosts on the internal network. If TCP SYN packets are sent repeatedly to the subnet address, this may cause a denial of service condition, as the PIX firewall may respond to connection requests sent to the subnet address. Large numbers of these types of requests are reported to cause memory fragmentation on the device. It may be necessary to restart the device to regain normal functionality.

This vulnerability is reportedly due to incorrect handling of requests to the subnet address by the PIX operating system TCP/IP stack.

This issue was reported for Cisco PIX Firewall 6.2.2. Other versions of the PIX operating system may also be affected.

1. SnortCenter Insecure Temporary Filename Vulnerability BugTraq ID: 6108 Remote: No Date Published: Nov 05 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6108 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SnortCenter is a web-based client-server management system written in PHP and Perl. It assists in the configuration of Snort configuration and signature files.

A vulnerability has been discovered in SnortCenter v0.9.5.

It has been reported that SnortCenter creates temporary files using predictable file names. When SnortCenter is used to aggregate Snort rules for a particular sensor, a file is created in the /tmp directory using the same name as the sensor.

By anticipating the name of a temporary file a local attacker may be able to corrupt sensitive data by creating a symbolic link to a system resource which is writeable by SnortCenter.

It is not yet known whether versions prior to v0.9.5 are affected by this issue.

1. SnortCenter Insecure Sensor Configuration File Permissions Vulnerability BugTraq ID: 6109 Remote: No Date Published: Nov 05 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6109 Summary:

SnortCenter is a web-based client-server management system written in PHP and Perl. It assists in the configuration of Snort configuration and signature files.

A vulnerability has been discovered in SnortCenter v0.9.5

When SnortCenter is used to aggregate Snort rules for a particular sensor, a file is created in the /tmp directory which are 'world' accessible. The temporary sensor configuration files created may contain sensitive alert database server access credentials.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Information disclosed by accessing this file may aid a malicious user in launching attacks against alert database servers. The ability to modify sensitive information contained within these files may result in the corruption of typical SnortCenter functionality.

1. RhinoSoft Serv-U FTP Server Denial Of Service Vulnerability BugTraq ID: 6112 Remote: Yes Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6112 Summary:

RhinoSoft Serv-U FTP Server is designed for use with Microsoft Windows operating systems.

A denial of service vulnerability has been reported for Serv-U FTP server. The vulnerability is a result of Serv-U FTP Server processing certain commands. When the Serv-U server receives a MKD command it attempts to verify whether the user that issued the command has sufficient rights. When performing this verification, it will not accept any more connections.

An attacker is able to exploit this vulnerability by connecting to the vulnerable server and issuing many MKD commands. As the server will not accept any connections when validating the user's permissions, potential clients will not be able to connect. This will result in a denial of service to legitimate clients.

This vulnerability was reported for Serv-U FTP Server 4.0.0.4 and earlier.

1. Safe.PM Unsafe Code Execution Vulnerability BugTraq ID: 6111 Remote: No Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6111 Summary:

Safe.pm is a Perl module that is included in the distribution of Perl. This module is used to compile and execute code in restricted compartments. These compartments are used verify the safety of potentially rogue Perl code.

A vulnerability has been reported in the Safe.pm module. Reportedly, the vulnerability may allow an attacker to bypass the security settings of the secured compartment and execute code in an unsafe manner.

The vulnerability affects the reval() and rdo() subroutines in Safe.pm. It is possible for a malicious program to modify a compartment variable used by the subroutines. When a subroutine is called a second time with the same compartment, it may be possible to bypass the security settings of the compartment.

1. QNX TimeCreate Local Denial of Service Vulnerability BugTraq ID: 6114 Remote: No Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6114 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

QNX RTOS is a real-time operating system designed for use on embedded systems. It is distributed and maintained by QNX.

A denial of service vulnerability has been discovered in QNX v6.1.

It has been reported that by creating two or more timers using the TimeCreate() function and configuring them with 1 millisecond ticks, it is possible for an unprivileged user to cause the target system to hang.

It should be noted that this issue was reported for QNX v6.1. It is not yet known whether this issue affects other releases.

Precise technical details regarding this issue are not yet known. This BID will be updated accordingly, as more information becomes available.

1. Frank McIngvale LuxMan Memory File Descriptor Leakage Vulnerability BugTraq ID: 6113 Remote: No Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6113 Summary:

Frank McIngvale LuxMan is a video game similar to Pac Man for Linux based systems.

A vulnerability exists in LuxMan that could allow a local user read and write access to the Memory.

It has been reported that the 'maped' setuid binary in LuxMan is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of memory. It is allegedly possible for attackers to inherit open file descriptors with read/write access to /dev/mem by executing a malicious program through maped. Since maped calls gzip without using the explicit path, an attacker could create a malicious binary named gzip and add its directory to the PATH environment variable. When gzip is called by maped, the malicious gzip will be called rather than the legitimate version.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Upon exploiting this vulnerability, an attacker would have read and write access to memory. The attacker could use this access to gain sensitive information such as passwords, or other information. Additionally, an attacker could remap system calls. It should be assumed that total compromise is imminent if an attacker has read or write access to memory.

1. Apache mod_php File Descriptor Leakage Vulnerability BugTraq ID: 6117 Remote: Yes Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6117 Summary:

Apache is a freely available, open source web server software package. It is distributed and maintained by the Apache Group. Mod_PHP is an Apache module which allows for PHP functionality in websites.

A vulnerability has been discovered in the mod_php module available for Apache web servers that may, under some circumstances, leak file descriptor information. By exploiting this vulnerability it may be possible for a remote attacker to reuse file descriptors used by the httpd daemon, effectively emulating the web server.

Exploitation of this issue may allow an attacker to bind a malicious server instead of Apache httpd server. This will allow the attacker to pose as a web server and distribute false information to legitimate users attempting to connect to the server. It may also be possible to obtain user credentials, or other sensitive information.

It should be noted that this issue is exploitable only if the 'safe_mode' PHP option is disabled.

1. Linux Kernel 2.4 System Call TF Flag Denial Of Service Vulnerability BugTraq ID: 6115 Remote: No Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6115 Summary:

A denial of service vulnerability has been reported for the Linux kernel. Reportedly, it is possible to cause the kernel from responding by triggering a system call with the TF flag enabled.

When a native Linux binary makes a system call, the 'int 0x80' instruction is called, effectively triggering a trap into kernel mode. Non-native Linux binaries use the 'lcall7' instruction to trigger a kernel trap. If the TF (TRAP FLAG) bit is set when a trap is triggered using the 'lcall7' instruction, the kernel will hang.

An attacker can exploit this vulnerability by executing a malicious application that uses the lcall7/lcall27 functions to execute system calls. By ensuring that the TF flag is set when the kernel attempts to execute the system call, it is possible to cause the kernel to hang and cause the denial of service condition. A reboot is necessary to restore functionality.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was fixed in the Linux Kernel 2.4.19.

20. Linuxconf mailconf Module Mail Relay Vulnerability BugTraq ID: 6118
Remote: Yes
Date Published: Nov 06 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6118
Summary:

Linuxconf is an administration system which is divided in several modules. The mailconf module is responsible for the configuration of Sendmail.

A vulnerability has been discovered in the mailconf module included with Linuxconf.

It has been reported that the sendmail.cf configuration file created by the mailconf module, contains a bug which could allow message relaying. By specifying a recipient in the format of "user%domain@", it is possible to relay messages outside of the mail daemon's served network.

Exploitation of this issue could allow an attacker to send unauthorized messages from the vulnerable server.

It should be noted that the default configuration file distributed with Sendmail is not vulnerable to this issue. It must have been created by Linuxconf for this vulnerability to be introduced.

21. WindowMaker Image Handling Buffer Overflow Vulnerability BugTraq ID: 6119
Remote: Yes
Date Published: Nov 07 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6119
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

WindowMaker is a popular window manager for X11 systems. A buffer overflow vulnerability has been reported in WindowMaker.

The condition occurs when processing malformed images. According to the report, a buffer for the image data is allocated based on the length and width fields in the file. Allegedly, there is no bounds checking against the buffer size when reading the actual image data from the file. As a result, it may be possible to overrun the allocated buffer and corrupt adjacent memory.

Exploitation of this vulnerability requires that the victim process a specially constructed image file. This may be accomplished by including the file in a malicious "theme" and then transmitting it to the victim or placing it on a distribution HTTP/FTP server (in hopes that a victim will download it and use/preview it).

22. Pine From: Field Heap Corruption Vulnerability BugTraq ID: 6120
Remote: Yes
Date Published: Nov 07 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6120
Summary:

Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft operating systems.

It is possible to cause a denial of service in Pine by sending an email message with a specially crafted "From:" address. According to the report, the crash can be reproduced by setting the "From:" address to a value such as:

"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\""@host.tld

A stack trace suggests that this behaviour may be due to corruption of data in the heap. If that is the case, execution of arbitrary code may be possible.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Note that the user does not have to view the message in order for the denial of service to take place; the message simply has to be present in the user's Inbox. While a message with this address is present in the Pine Inbox, it is not possible to start Pine again. The message containing this address must be manually removed from the spool or by using another MUA.

It is important to note that this specially crafted "From:" address is RFC legal.

This issue will reportedly be fixed in Pine 4.50.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Heckencamp Free Again

Federal judges cool down and release alleged eBay hacker, who irked them.

http://online.securityfocus.com/news/1582

2. Verisign moves DNS root servers in defensive ploy

Key Internet Domain Name System (DNS) servers have been relocated to improve Internet security and stability in the wake of a recent, serious distributed denial of service attack.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/news/1600

3. Symantec undeletes mail deletion bug

Symantec has issued a fix for a serious bug within Norton Internet Security 2003 which is responsible for the unexplained deletion of emails for some users.

http://online.securityfocus.com/news/1599

4. Network Signals Just Scream to Be Exploited

Organizations ignore the security risks of wireless networking at their peril.

http://online.securityfocus.com/news/1593

5. How to Keep The Wireless Snoops Away

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A wireless network is like hundreds of network cables floating in search of a rogue computer.

http://online.securityfocus.com/news/1592

6. Experts make defensive change to key U.S. Internet computers

Experts have made an important change to the 13 computer servers that manage global Internet traffic, separating two of them to help better defend against the type of attack that occurred last month.

http://online.securityfocus.com/news/1588

7. Microsoft Earns a Security Merit Badge

No way, you say? Well, it's true: Though its code is far from rock-solid, the Colossus of Redmond is making recognized strides.

http://online.securityfocus.com/news/1577

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. £40m software piracy ring smashed in Italy

Police have smashed a counterfeit software ring in Italy worth almost £40m in what is described as one of the largest and most organised cases of software piracy in Europe.

http://online.securityfocus.com/news/1576

9. Mozilla riddled with security holes

Details of six flaws in Mozilla, the open source browser were posted on BugTraq at the weekend.

http://online.securityfocus.com/news/1575

IV.SECURITYFOCUS TOP 6 TOOLS

1. MAILMILL v0.1 by less random - Thursday, November 7th 2002 Relevant URL: http://www.metamagix.net/mailmill.html Platforms: UNIX

MAILMILL is a lightweight mail-receiving component built in Java. It listens on the SMTP port for incoming messages, and once they arrive it looks in its XML-based ruleset for corresponding filters to apply. It is intended for Java developers who need mailserver functionality and want to build their own Java classes for processing incoming mail. Standard filters include forwarding, SMS, SMTP/HTTP conversion (e.g., send a google request by mail) and more.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Annoyance Filter v1.0-RC1
by John Walker (kelvin@fourmilab.ch)
Relevant URL: http://www.fourmilab.ch/annoyance-filter/ Platforms: OS Independent

Annoyance Filter sifts mail you wish to read from junk arriving in your mailbox by an adaptive process which gives priority to mail you're interested in reading, and evolves to block cleverly disguised junk mail.

3. Tnefclean v1.0
by The Midnite Marauder
Relevant URL: http://www.dread.net/~striker/tnefclean/ Platforms: UNIX

tnefclean is a Perl script to convert attachments from Microsoft Outlook to a readable format. Previously, people would have to find a way to decipher the winmail.dat attachments that came from Outlook users. This tool will either remove the attachment if there is nothing in it, or change it to represent the proper attachment if it actually exists.

4. IP Blocker v1.0.20021107
by Rob Patrick (freshmeat.net@NOSPAMrpatrick.com) Relevant URL: http://www.ipblocker.org/
Platforms: UNIX

IP Blocker is an incident response tool for network admins that automatically updates access control lists (ACL) on Cisco routers and other devices. Web and CLI are both supported. Logging, email notification, and automatic expiration of blocks using policy-based TTL values are all supported.

5. MailStripper v0.62
by Michael McConnell
Relevant URL: http://www.eridani.co.uk/MailStripper/ > Platforms: Linux, Os Independent, POSIX

MailStripper is a mail scanner that aims to remove spam and viruses from incoming mail. AV capability is provided by a hook to an external virus scanner. Written from the ground up in Tcl, it aims to be MTA-independent, by working on the SMTP transaction.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. GNU Anubis v3.6.0
by Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/ Platforms: Linux, POSIX

GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail User Agent) and the MTA (Mail Transport Agent), and can perform various sorts of processing and conversion on-the-fly in accordance with the sender's specified rules, based on a highly configurable regular expressions system. It operates as a proxy server, and can edit outgoing mail headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels using the TLS/SSL encryption even if your mail user agent doesn't support it, or tunnel a connection through a SOCKS proxy server.

V. SECURITY JOBS SUMMARY

1. Security Professional seeking position in Chicagoland Area (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298999

2. Major Account Executive - UK (Liverpool) - Competitive base - (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298870

3. Senior Network Consultant Opportunity in Boston, Massachusetts (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298868

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Senior UNIX Administrator with Server Security Experience (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298993

5. Graduate Security Jobs ? (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/298995

6. NYC Fulltime Security Engineer (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298723

7. Director of Sales (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/298721

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Please note that I'm not the recruiter for this position (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298725

9. (job offered) Sales Rep for Security Consulting firm (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298744

1. Senior/Seasoned Security Engineers wanted for ongoing Contracting (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298623

1. Code Review Consultant- New York City (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298718

1. Systems Security Engineer Seattle, WA $30-65 per hour (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298622

1. IS Security Expert at the European Central Bank, Frankfurt am (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298621

1. TCI, Houston, Texas, Security Specialist, Forensics and Fraud (Thread) Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/77/298619

1. Unix administrator within the data security group for the DC (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298620

1. CISSP GSEC InfoSec Engineer looking for opening in Los Angeles area (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298618

1. Enterprise Security Administrator / IDS / Firewall Professional (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298486

1. HOT Security Project Manager NEEDED FOR IL!!!!! (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298475

1. Enterprise Security Administrator / Anti Virus Lead (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298492

20. looking for security work in London (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298484

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

21. Looking for an opportunity -CISSP & CISA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298477

22. Microsoft Response Engineer (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/298513

VI. INCIDENTS LIST SUMMARY

1. ano@ano.com ftpd dip.t-dialin.net (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/298939

2. 030.com (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/298935

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. What's up with 3014/tcp? (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/299030

4. Ip spoof from 0.0.0.0 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/298923

5. Ip spoof from 0.0.0.0 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/298989

6. IIS and leech (Thread)
Relevant URL: