SecurityFocus Newsletter #173

SecurityFocus Newsletter #173

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. SQL Injection and Oracle, Part Two
2. Secure Programming with .NET
3. When Washington Mimics Sci Fi
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. BUGTRAQ SUMMARY
6. VBulletin Memberlist.PHP Cross Site Scripting Vulnerability
7. RealOne Player SMIL File Heap Corruption Vulnerability
8. Rational ClearCase Portscan Denial Of Service Vulnerability
9. RealPlayer Long File Name Now Playing Buffer Overflow...
10. RealPlayer RealFlash Source Loading Buffer Overflow Vulnerability
11. Open WebMail User Name Information Disclosure Vulnerability
12. Allied Telesyn Switch UDP Data Flood Management Denial Of...
13. acFTP Invalid Password Weak Authentication Vulnerability
14. acFreeProxy Cross Site Scripting Vulnerability
15. Calisto Internet Talker Denial Of Service Vulnerability
16. WSMP3 Multiple Buffer Overflow Vulnerabilities
17. Multiple Vendor fs.auto Remote Buffer Overrun Vulnerability
18. WSMP3 Remote Heap Corruption Vulnerability
19. Working Resources BadBlue Information Disclosure Vulnerability
20. Pserv HTTP POST Request Buffer Overflow Vulnerability
21. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities
22. VBulletin members2.php Cross Site Scripting Vulnerability
23. NetScreen Malicious URL Filter Bypassing Vulnerability
24. NetScreen H.323 Control Session Denial Of Service Vulnerability
25. phpBB Script Injection Vulnerability
26. SSH Communications SSH Server Privilege Escalation Vulnerability
27. Web Server Creator Web Portal Remote File Include Vulnerability
28. NetScreen ScreenOS Predictable Initial TCP Sequence Number...
29. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability
30. Working Resources BadBlue Search Page Cross Site Scripting...
31. Netscape Java canConvert() Buffer Overflow Vulnerability
32. Null HTTPD Remote Heap Corruption Vulnerability
33. Bugzilla quips Feature Cross Site Scripting Vulnerability
34. FreeNews Include Undefined Variable Command Execution...
35. AOL Instant Messenger Forced File Download Vulnerability III. SECURITYFOCUS NEWS ARTICLES
36. 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
37. Nasty virus Winevar insults infected users
38. Oracle in buffer overflow brown alert
39. First hackers sighted in high speed mobile phone arena IV. SECURITYFOCUS TOP 6 TOOLS
40. MasarLabs NoArp v1.0.0
41. BW-IPFM v1.1
42. GPG-Ezmlm encrypted mailing list v0.3
43. SQUID User Management System v1.01
44. Sysload server monitor v4.5
45. pidentd v3.0.16
46. SECURITYJOBS LIST SUMMARY
47. Sr. InfoSec Consultant Available in DC Metro and willing to...
48. Positions available (Thread)
49. Looking for an internship(SSCP/CCNA) (Thread)
50. Computer Security Architect/Researcher (Thread)
51. R&D Engineer/Pen Tester opening in Atlanta (Thread)
52. Looking for SEs for Dallas and Atlanta regions (Thread)
53. Security Jobs In Sweden,Swizerland and Spain (Thread)
54. Seeking INFOSEC internship/co-op (Thread)
55. NYC - Need to fill several positions (Thread)
56. List traffic (Thread)
57. Pre/Post Sale Security Engineer looking for employment (Thread) VI. INCIDENTS LIST SUMMARY
58. wu-ftpd attack??? (Thread)
59. wu-ftpd attack ??? (Thread)
60. Proxy server hit... Any ideas? (Thread)
61. Help - a possible bot (Thread)
62. SMTP harrasment by nie2.infomail.es? (Thread)
63. increased attacks on port 2599 (Thread)
64. Compromised FBSD/Apache (Thread)
65. [CERT] Re: Compromised FBSD/Apache (Thread)
66. New scanner? (Thread)
67. FTP and Win2K changed security policy (Thread)
68. Strange apache logs: CONNECT maila.microsoft.com:25 (Thread)
69. Port 1080 (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
70. MacOS X Oddity (Thread)
71. SMC Barricade 7008ABR port forwarding (Thread)
72. CounterStrike (HalfLife?) Server possible DoS attack. (Thread)
73. Motorola T900 Programming (Thread)
74. "download" caps (Thread)
75. TOTAL WIRELESS SECURITY (Thread)
76. "download" caps (Thread)
77. looking for recursion stack overflow exploit (Thread)
78. G-Con Announcement (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
79. Question: Buffer Overrun in Microsoft Data Access Components...
80. Question: Buffer Overrun in Microsoft Data Access Components...
81. Odd entries in Win XP Pro Certificate MMC snap-in (Thread)
82. Embedded NT/XP security (Thread)
83. Secure / Encrypt Terminal Services (Thread)
84. IIS Log exactly 65.536 bytes ??? (Thread)
85. Exchange in the DMZ (Thread)
86. Question: Buffer Overrun in Microsoft Data Access Components...
87. SecurityFocus Microsoft Newsletter #114 (Thread)
88. ASP, BizTalk server SQL DB and Firewall architecture. (Thread)
89. How to secure Internet Explorer (Thread)
90. Updated version of HFNetChk now available (Thread)
91. outlook 2000 vs latest outlook express deployment (Thread)
92. Microsoft ms02-66 fix Q328970 for IE cmd execvulnerabilty... IX. SUN FOCUS LIST SUMMARY
93. Solaris 7 installation is sending 127.0.0.0/8 addresses on the...
94. Sun Solaris & Trend Micro (Thread)
95. Solaris 7 installation is sending 127.0.0.0/8 addresses on the...
96. Solaris Hardening Document (Thread)
97. Anti Virus on Sun Solaris (Pre-summary) (Thread)
98. LINUX FOCUS LIST SUMMARY
99. iptables REJECT types for UDP (if any) (Thread)
100. kazaa, dante, and iptables (Thread) XI. SPONSOR INFORMATION
101. FRONT AND CENTER

     ---

102. SQL Injection and Oracle, Part Two By Pete Finnigan

This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment looked at SQL injection and how Oracle database applications are vulnerable to this attack, and looked at some examples. This segment will look at detecting SQL injection attacks and protecting against SQL injection.

http://online.securityfocus.com/infocus/1646

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Secure Programming with .NET
byRohyt Belani and David Wong

At the core of Microsoft's .NET initiative is the goal of interconnecting businesses, users, applications, and data. However, with all the concerns regarding security and privacy of data, many individuals and companies are reluctant to connect their business systems and place their data in reach of hackers thousands of miles away. Microsoft understands the challenges and concerns facing early adopters of their technology, and has made security one of their top priorities. The fundamental pillar for building applications is the security surrounding the .NET framework and the security services it provides. In this article, we will provide an overview of .NET framework security features and provide practical tips on how to write secure code in the .NET framework. More importantly, we will discuss which pitfalls to avoid.

http://online.securityfocus.com/infocus/1645

3. When Washington Mimics Sci Fi
By George Smith

John Poindexter's evil design for an all-seeing God Machine seems torn from the pages of visionary science fiction, where such schemes rarely end well.

http://online.securityfocus.com/columnists/126

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. VBulletin Memberlist.PHP Cross Site Scripting Vulnerability BugTraq ID: 6226 Remote: Yes Date Published: Nov 22 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6226 Summary:

vBulletin is commercial web forum software written in PHP and back-ended by a MySQL database. It will run on most Linux and Unix variants, as well as Microsoft operating systems.

vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. The vulnerability exists due to inadequate filtering in the 'memberlist.php' script of the value for the
'what' parameter.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running vBulletin.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. Cookie-based authentication credentials may be used by the attacker to hijack the session of the legitimate user.

2. RealOne Player SMIL File Heap Corruption Vulnerability BugTraq ID: 6227
Remote: Yes
Date Published: Nov 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6227
Summary:

RealPlayer/RealOne Player is a video and music player distributed by Real Networks. RealOne Player is available for the Microsoft Windows operating system.

When a link containing a Synchronized Multimedia Integration Language (SMIL) file is accessed, RealOne Player will attempt to play it's contents.

By constructing a malicious SMIL file, containing excessive characters in a metadata parameter, it is possible to cause heap corruption in a vulnerable player. Successful exploitation may result in sensitive locations in memory being overwritten with attacker-supplied values. This could lead to the execution of arbitrary system commands with the session privileges of the victim user.

• Reports indicate that the patch for this issue supplied by Real Networks is ineffective. 3. Rational ClearCase Portscan Denial Of Service Vulnerability BugTraq ID: 6228 Remote: Yes Date Published: Nov 22 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6228 Summary:

Rational ClearCase is a software configuration management solution. It serves to provide version control as well as repositories for software development.

Rational ClearCase has been reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a system running the vulnerable version of ClearCase. This issue was demonstrated using the nmap portscanning utility.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by making two consecutive portscans of a vulnerable system. This will cause ClearCase to crash. Restarting the ClearCase service is required to restore functionality.

This vulnerability has been reported on ClearCase 4.1 and 2002.05 systems.

4. RealPlayer Long File Name Now Playing Buffer Overflow Vulnerability BugTraq ID: 6229
Remote: Yes
Date Published: Nov 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6229
Summary:

RealPlayer is the freely available Real Media format player. It is distributed and maintained by RealNetworks.

A problem with the RealPlayer and RealOne player could result in code execution.

A buffer overflow has been reported in the Real products. When one of the affected products is used to play a file with a name of excessively large length and one of two specific operations are performed in the in the "Now Playing" menu, the overflow occurs. This could result in the execution of arbitrary code embedded in the file name.

This problem requires a vulnerable user to perform one of two operations. While the malicious file is playing, if the user right-clicks in the "Now Playing" menu and either selects "Edit Clip Info" or selects "Copy To My Library," the buffer overflow occurs.

• Reports indicate that the patch for this issue supplied by Real Networks is ineffective. 5. RealPlayer RealFlash Source Loading Buffer Overflow Vulnerability BugTraq ID: 6230 Remote: Yes Date Published: Nov 22 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6230 Summary:

RealOne Player is the freely available Real Media format player. It is distributed and maintained by RealNetworks.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem discovered in RealOne Player could result in arbitrary code execution.

A buffer overflow has been reported in RealOne Player when viewing a malicious RealFlash presentation. When a vulnerable player attempts to play the presentation, a buffer will be overrun, resulting in memory corruption.

Successful exploitation of this issue may allow an attacker to replace sensitive locations in memory with malicious values. This could allow an attacker to redirect program flow to point to malicious instructions, which would be executed with the privileges of the user running RealOne player.

Precise technical details regarding this vulnerability are not yet known. This BID will be updated as further information becomes available.

• Reports indicate that the patch for this issue supplied by Real Networks is ineffective. 6. Open WebMail User Name Information Disclosure Vulnerability BugTraq ID: 6232 Remote: Yes Date Published: Nov 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6232 Summary:

Open Webmail is a freely available, open source web email application. It is available for Unix and Linux operating systems.

A problem with Open Webmail may allow remote users to gain access to user names.

It has been reported that Open Webmail reveals too much information during the authentication process. When a user enters a user name, Open Webmail returns information indicating the validity of the entered user name. This could allow remote users to gather a list of valid user names through an enumeration attack.

This vulnerability could be used to launch further, more directed attacks. For example, a brute force password attack to gain access to the passwords of valid user names.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability BugTraq ID: 6233
Remote: Yes
Date Published: Nov 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6233
Summary:

The AT-8024 and Rapier 24 switches are ethernet switches distributed by Allied Telesyn.

A problem with the AT-8024 and Rapier 24 could allow a remote user to launch a denial of service attack.

Under some circumstances the affected switches may cease to function properly. When a large stream of UDP data is sent to a vulnerable switch, the device becomes unstable. It has been reported that this type of attack results in a denial of service to the management interface of the device, and may also cause the device to stop routing.

As this vulnerability can be exploited by sending UDP traffic, it is possible for a remote attacker to launch this type of attack and obscure the origins through header spoofing. It has been reported that this attack will work only on an open port on the Rapier 24, while an AT-8024 is vulnerable upon receiving this type of attack on any port.

• The vendor has replied stating that they were unable to replicate this vulnerability on the Rapier release 2.4.1 Patch 02. 8. acFTP Invalid Password Weak Authentication Vulnerability BugTraq ID: 6235 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6235 Summary:

acFTP is a freely available FTP server designed for use with Microsoft Windows operating systems.

A vulnerability has been reported for acFTP. Reportedly, acFTP allows users to authenticate with an invalid password.

An attacker can exploit this vulnerability and log on to the vulnerable FTP server using any string as a password. When an invalid password is entered, acFTP will reportedly reject the password but will treat the attacker as a valid user.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability has been reported for acFTP 1.4. It is not known whether other versions are affected.

9. acFreeProxy Cross Site Scripting Vulnerability BugTraq ID: 6236
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6236
Summary:

acFreeProxy is a freely available proxy server designed for use with Microsoft Windows operating systems.

It has been reported that acFreeProxy is prone to cross site scripting attacks. Specifically, acFreeProxy does not properly sanitize any user-supplied input when it generates error pages.

As this vulnerability exists in acFreeProxy, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of any domain.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the vulnerable software. Cookie-based authentication credentials may be used by the attacker to hijack the session of the legitimate user.

1. Calisto Internet Talker Denial Of Service Vulnerability BugTraq ID: 6238 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6238 Summary:

Calisto is an Internet Talker that allows remote users to connect to a server using telnet and chat.

A vulnerability has been discovered in Calisto that may result in a denial of service. It is possible to trigger this issue by passing 512 bytes or more, of data to a vulnerable daemon. Exploitation of this issue will cause the target process to freeze.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that Calisto typically recovers from program crashes through the use of an autorun shell script. Due to the Calisto process freezing and not crashing, the autorun script will not be run and a manual restart of the daemon is required to restore functionality.

This issue was discovered in Calisto Internet Talker 0.4. It is not yet known whether earlier versions are also affected.

1. WSMP3 Multiple Buffer Overflow Vulnerabilities BugTraq ID: 6239 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6239 Summary:

WSMP3 is a freely available server that allows users to stream MP3 files.

Several buffer overflow conditions have been reported for WSMP3. The vulnerability is due to improper bounds checking when copying data to local buffers. The vulnerabilties exist in the web_server.c file.

An attacker can exploit this vulnerability by sending an overly long request, consisting of at least 1024 characters, to the vulnerable server. This will trigger the buffer overflow condition, resulting in memory corruption. Ovewriting sensitive memory with malicious values may allow an attacker to execute arbitrary code on the target system.

This vulnerability has been reported for WSMP3 0.0.2 and earlier.

1. Multiple Vendor fs.auto Remote Buffer Overrun Vulnerability BugTraq ID: 6241 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6241 Summary:

By default multiple vendors include an implementation of the XFS font server, fs.auto. This service allows for X Windows systems to share font information across a network.

A remotely exploitable buffer overrun condition has been reported in fs.auto. The overrun is reportedly due to inadequate bounds checking on client-supplied data prior to a sensitive memory copy operation. This occurs during the 'Dispatch()' routine.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Malicious remote clients may exploit this condition to execute instructions on the target host by issuing a malicious XFS request. The instructions will execute with user 'nobody' privileges and may result in the attacker gaining local access to the host.

This vulnerability has been reported fixed in XFree86 3.3.6 and later.

1. WSMP3 Remote Heap Corruption Vulnerability BugTraq ID: 6240 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6240 Summary:

WSMP3 is a freely available server that allows users to stream MP3 files.

A remotely exploitable heap corruption vulnerability has been reported for WSMP3. The vulnerability occurs in the 'get_op()' function in the
'web_server.c' file, when copying user-supplied data into the 'op' buffer.

By overruning the 'op' buffer, it is possible for a remote attacker to corrupt malloc() headers located in heap memory. The execution of arbitrary attacker-supplied code may be possible, when corrupted memory is referenced by the free() function.

Successful exploitation of this issue may result in the remote execution of arbitrary code wiht root privileges.

This vulnerability was reported for WSMP3 0.0.2 and earlier.

1. Working Resources BadBlue Information Disclosure Vulnerability BugTraq ID: 6243 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6243 Summary:

BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with BadBlue could make it possible for a remote user to disclose sensitive server information.

An information disclosure bug has been discovered in a default php script included with BadBlue. The 'soinfo.php' script executes the 'phpinfo()' function. By running the 'soinfo.php' script, it is possible for a remote attacker to access information returned by the 'phpinfo()' script, which may include sensitive data such as ODBC passwords.

Information disclosed in this manner may aid an attacker in launching further attacks against the target system.

It should be noted that PHP must be enabled on a target BadBlue server, for this issue to be exploitable

1. Pserv HTTP POST Request Buffer Overflow Vulnerability BugTraq ID: 6242 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6242 Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. Reportedly, it is possible to overflow a local buffer by making a malicious HTTP request.

Due to insufficient checks performed on user-supplied, by omitting the
'\n' character from a malicious POST request, it is possible to overrun
the 'token' buffer.

Exploitation of this issue will result in a denial of service. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for Pserv 2.0 beta 3. It is likely that earlier versions are affected.

1. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 6244 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6244 Summary:

PHP-Nuke is a web based Portal system. Implemented in PHP, it is available for a range of systems, including Microsoft Windows and Linux.

Several cross site scripting vulnerabilities have been reported for PHP-Nuke. Affected modules include the Discussion module, News module, and PM module among others. This vulnerability is due to insufficient sanitization of all HTML tags.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web-based forum.

Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

These vulnerabilities have been reported for PHP-Nuke 6.5b1 and earlier.

1. VBulletin members2.php Cross Site Scripting Vulnerability BugTraq ID: 6246 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6246 Summary:

vBulletin is commercial web forum software written in PHP and back-ended by a MySQL database. It will run on most Linux and Unix variants, as well as Microsoft operating systems.

The $perpage variable is used to control the way of reciting subscribed threads. This variable is later added to a query that is used to fetch database records. If an invalid value is passed to the $perpage variable, an error page is generated. Due to insufficient sanitization of data passed to the $perpage variable, it is possible to inject script code into the variable, which will be included in the error page.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running vBulletin.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may use cookie-based authentication credentials to hijack the session of the legitimate user.

1. NetScreen Malicious URL Filter Bypassing Vulnerability BugTraq ID: 6245 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6245 Summary:

NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients. A vulnerability has been reported for NetScreen.

An administrator is able to restrict access to certain URLs by defining a malicious URL pattern. Reportedly, it is possible to circumvent rules for malicious URLs by fragmenting the request.

An attacker can exploit this vulnerability to access URLs that are normally unaccessible to hosts behind the NetScreen appliance.

This vulnerability was reported for NetScreen appliances using ScreenOS v3.0.1r2.0. Older versions of ScreenOS are likely to be affected as well.

1. NetScreen H.323 Control Session Denial Of Service Vulnerability BugTraq ID: 6250 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6250 Summary:

NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients.

H.323 is a network specification to guarantee a certain QoS (Quality of Service) for video and audio conferencing applications.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A denial of service vulnerability has been reported for all NetScreen appliances related to the processing of H.323 control sessions. The vulnerability is due to inadequate clean up of existing, half-open H.323 control sessions that can eventually result in the consumption of all firewall session table entries.

This vulnerability has been reported to only affect NetScreen appliance configurations that explicitly permit the forwarding of H.323 or Netmeeting traffic.

This vulnerability only affects ScreenOS versions 2.8 and later.

20. phpBB Script Injection Vulnerability BugTraq ID: 6248
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6248
Summary:

phpBB2 is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

phpBB does not properly sanitize script code from HTML tags embedded in a forum posting. This vulnerability could allow a user to inject malicious script code into forum postings that would in turn be executed when the page is viewed by a legitimate user of the forum. The attacker-supplied code would be executed in the security context of the phpBB site.

The attacker supplied code would be able to access cookie data, including authentication credentials, and to take actions on the vulnerable site as the currently authenticated user.

21. SSH Communications SSH Server Privilege Escalation Vulnerability BugTraq ID: 6247
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6247
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Secure Shell is the commercial SSH implementation distributed and maintained by SSH Communications. It is available for the Unix, Linux, and Microsoft Windows platforms.

SSH Communications has reported a vulnerability in SSH server, which could result in local privilege escalation.

The setsid() function is used to create a new process group for forked processes. It has been reported that SSH server fails to run setsid() on non-interactive sessions, resulting in user processes in the parent process group and retaining the 'root' login name.

By executing programs that verify privileges against the login name (for example, those that rely on the BSD getlogin() function), it may be possible to execute various actions with escalated privileges.

Exploiting this issue has varied results depending on the operating system.

For this issue to be exploitable an attacker must have a local account on the target system.

22. Web Server Creator Web Portal Remote File Include Vulnerability BugTraq ID: 6251
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6251
Summary:

Web Server Creator is a PHP based portal that includes a forum, chat, guestbook, and news functions. It operates on Windows, Linux, and Unix systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Web Server Creator Web Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in the customize.php and index.php scripts.

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the 'l' or
'pg' parameter.

If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.

23. NetScreen ScreenOS Predictable Initial TCP Sequence Number Vulnerability BugTraq ID: 6249
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6249
Summary:

NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients.

NetScreen has discovered a vulnerability in the algorithms used by ScreenOS to generate initial TCP sequence numbers. The ability to predict TCP sequence numbers may allow a remote attacker to inject packets into a vulnerable data stream.

It may also be possible for an attacker to launch man-in-the-middle attacks or hijack network sessions which would allow her to bypass any necessary authentication procedures.

For this issue to be exploitable the attacker must be able to access to network session traffic, possibily requiring access to a local network.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

24. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability BugTraq ID: 6254
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6254
Summary:

The Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Both products are available for a range of platforms, including Microsoft Windows and Linux.

An integer overflow vulnerability has been reported for the Netscape/Mozilla POP3 mail handler routines. These routines are found in
'mozilla/mailnews/local/src/nsPop3Protocol.cpp'. Reportedly, insufficient
checks are performed on some server-supplied values. Specifically, the value for m_pop3ConData->number_of_messages is not sufficiently checked for large values.

An attacker may exploit this vulnerability through an attacker-controlled POP3 server. By issuing a very large integer value that is used by the Netscape/Mozilla POP3 mail handler, it may be possible to cause the integer overflow condition and allocate a buffer that is too small. A buffer overflow condition may result if the malicious attacker-controlled server attempts to write into the buffer at a location beyond the boundary of what was actually allocated.

Successful exploitation of this vulnerability may allow an attacker to obtain control over the execution of the vulnerable Netscape/Mozilla process.

25. Working Resources BadBlue Search Page Cross Site Scripting Vulnerability BugTraq ID: 6253
Remote: Yes
Date Published: Nov 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6253
Summary:

BadBlue is a P2P file sharing application distributed by Working Resources. It is designed for use on Microsoft Windows operating systems.

A problem with the application could make it possible to launch a cross-site scripting attack.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

When started, BadBlue launches a web server on a client system. When a user executes a search using the search interface provided with BadBlue, the ext.dll ISAPI is used by BadBlue to handle the request. Users of the local system, as well as remote users may reach this interface.

The ext.dll ISAPI does not sufficiently sanitize user-supplied input in the 'style' parameter, when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a legitimate user, will result in the execution of arbitrary script code.

This problem makes it possible to execute script code within the context of an arbitrary BadBlue server.

26. Netscape Java canConvert() Buffer Overflow Vulnerability BugTraq ID: 6256
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6256
Summary:

Netscape Communications Corp.'s Communicator is a popular package that includes a web browser (Navigator), e-mail client, news client, and address book.

The Java implementation in Netscape 4 contains an unchecked buffer in the canConvert() method of the sun.awt.windows.WDefaultFontCharset class.

A malicious Java applet could trigger the overflow by passing a long string to the class constructor and invoking the canConvert() method on the newly created instance:

new WDefaultFontCharset(long_string).canConvert('x');

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Arbitrary code execution is possible in the security context of the web browser.

This vulnerability is only reported to affect Netscape 4 browsers running on Microsoft Windows platforms.

27. Null HTTPD Remote Heap Corruption Vulnerability BugTraq ID: 6255
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6255
Summary:

Null httpd is a small multithreaded web server for Linux and Windows, maintained by NullLogic. A heap corruption vulnerability has been discovered in Null httpd.

The ReadPOSTData() function allocates in_ContentLength+1024 into the pPostData buffer, which is used to receive POST data. The server reads POST data into the pPostData buffer from a network socket until the data received is less then 1024 bytes.

Sending over 1024 bytes of POST data will cause the server to read up to another 1024 bytes from the socket. If a small ContentLength is supplied by the attacker, it is possible overflow the allocated buffer while reading in the second packet of data. This is due to an insufficient loop parameter while receiving data from the network.

An attacker may exploit this condition to overwrite arbitrary words in memory through the free() function. This may allow for the execution of arbitrary code.

It should be noted that this vulnerability is similar to the issue described in BID 5574, but requires a slightly different method to trigger.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

28. Bugzilla quips Feature Cross Site Scripting Vulnerability BugTraq ID: 6257
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6257
Summary:

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Operating Systems.

A cross site scripting vulnerability has been reported for Bugzilla. This vulnerability only affects users who have the 'quips' feature enabled.

The quips feature is designed to put short, user-supplied comments at the top of bug lists. Reportedly, Bugzilla does not properly sanitize any input submitted by users.

As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.

29. FreeNews Include Undefined Variable Command Execution Vulnerability BugTraq ID: 6258
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6258
Summary:

FreeNews is a freely available, open source News software package. It is written in PHP, and designed for use on Unix and Linux operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with FreeNews could make command execution possible.

Programming errors in FreeNews could lead to the inclusion of arbitrary files on remote servers in the web application. It is possible for a remote user to place commands in these include files that could result in execution on the local host. This would make remote arbitrary command execution as the web user possible.

The problem occurs in the aff_news.php file. By loading this file, and defining the chemin variable to an arbitrary location, commands can be executed on the local host. This vulnerability may also be used to reveal sensitive information on the local host.

30. AOL Instant Messenger Forced File Download Vulnerability BugTraq ID: 6259
Remote: Yes
Date Published: Nov 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6259
Summary:

AOL Instant Messenger (AIM) is an instant messenging client. It is available for various platforms including MacOS and Microsoft Windows operating systems.

AIM contains an option which will allow remote users to download shared files without prompting the owner. It has been reported that enabling this option may contain a vulnerability which would allow a remote attacker to force a target user to download a malicious file without prompting for authorization.

If an attacker were to download a target users's 'USER.lst' file, it may be possible to rename an arbitrary file to 'USER.lst' and force the target to download it. If this were to occur, the download would begin without first prompting for prior authorization.

Exploiting this issue may allow an attacker to fill a victims hard drive with a file of excessive length.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. SECURITYFOCUS NEWS AND COMMENTARY

1. 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off By Kevin Poulsen Nov 26 2002

Eighteen months after Argus Systems challenged the hacker world to crack its PitBull security product in a much-ballyhooed global contest, the winners say they're still waiting for their prize money. Did Argus bet more than it could afford to lose?

http://online.securityfocus.com/news/1717

2. Nasty virus Winevar insults infected users By John Leyden, The Register

Winevar-A, the latest mass mailing virus, adds insult to injury for infected victims. As well as attempting to delete files and sending repeating HTTP requests to Symantec's Web site (an unsophisticated DDoS ploy), Winevar also displays a rude message.

http://online.securityfocus.com/news/1726

3. Oracle in buffer overflow brown alert By John Leyden, The Register Nov 27 2002

Security researchers are warning of a potentially nasty buffer over-run flaw in Oracle Database 9i databases. In common with such flaws, a buffer overflow in the iSQL*Plus module of Oracle 9i might allow an attacker to run arbitrary code in the security context of the Web server.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/news/1725

4. SMS security risks highlighted by Friends Reunited hacking case By John Leyden, The Register Nov 27 2002

Breach of trust by two dismissed mm02 workers, rather than deeper problems, led to the release of private text messages to a jealous boyfriend that sparked a campaign on revenge against his cheating girlfriend.

http://online.securityfocus.com/news/1724

IV. SECURITYFOCUS TOP 6 TOOLS

1. MasarLabs NoArp v1.0.0 by Masar Relevant URL: http://www.masarlabs.com/noarp/ Platforms: Linux, POSIX Summary:

MasarLabs NoArp is a Linux kernel module that filters and drops unwanted ARP requests. It is useful when you need to add an alias to the loopback interface to use a load balancer.

2. BW-IPFM v1.1
by BW-IPFM
Relevant URL:
http://bw.intellos.net/
Platforms: Linux, POSIX
Summary:

BW-IPFM uses ipfm log files to generate easy-to-read reports. It can provide daily and monthly reports and reports for a specific period.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. GPG-Ezmlm encrypted mailing list v0.3 by Todd MacDermid
Relevant URL:
http://www.synacklabs.net/projects/crypt-ml/ Platforms: Perl (any system supporting perl) Summary:

GPG-Ezmlm contains a set of scripts which adds the ability to handle OpenPGP-encrypted email to Ezmlm. Email encrypted to the list key is re-encrypted to the keys of the subscribers. Key exchange during list subscription is supported.

4. SQUID User Management System v1.01
by Den Frozer
Relevant URL:
http://www.tumgasa.ru/cyberos/statman/index.html Platforms: POSIX
Summary:

The SQUID User Management System provides limiting of the traffic usage of each user and blocking if usage is too great.

5. Sysload server monitor v4.5
by Good NRG
Relevant URL:
http://www.nrgglobal.com/products/sysload.php Platforms: AS/400, Linux, Netware, UNIX, Windows 2000, Windows NT, Windows XP
Summary:

Sysload does system performance monitoring on operating systems (Unix, Linux, Windows 2000/XP and NT, Netware, AS/400, GC0S7), databases (Oracle, SQL Server, DB2, Informix, Sybase), and applications (including Oracle Applications, SAP, Exchange, and IIS). It offers robust alerting and monitoring, and performance management solutions.

6. pidentd v3.0.16
by Peter Eriksson
Relevant URL:
http://www.lysator.liu.se/~pen/pidentd/
Platforms: POSIX
Summary:

Pidentd v3 is a much improved version of the original Ident daemon both in terms of speed, code quality and features. Features include multithreading, a "configure" script, startup autodetection, much clearer/rewritten C code, doesn't run as root after startup, has a configuration file and can be started from /etc/inittab (on systems using a SysV init).

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news