SecurityFocus Newsletter #174

SecurityFocus Newsletter #174

This issue is sponsored by St. Bernard Software

Network Treat Reduction - Scan & Fix Vulnerabilities

Identifying and eliminating network vulnerabilities just got easier. eEye Digital Security and St. Bernard Software have bundled their best-in-class applications (Retina and UpdateEXPERT). Scan for vulnerabilities with Retina and fix them with UpdateEXPERT.

For a free trial visit: http://www.eeye.com/ctrack.asp?ref=STBJOINT2

I. FRONT AND CENTER

1. Barbarians at the Gate: An Introduction to Distributed Denial...
2. Does Research Support Dumping Linux?
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. BUGTRAQ SUMMARY
5. Moby NetSuite POST Handler Buffer Overflow Vulnerability
6. Bogofilter Bogopass Insecure Temporary File Creation Vulnerability
7. Sun Solaris MailTool Attachment Denial Of Service Vulnerability
8. Boozt index.cgi Buffer Overrun Vulnerability
9. SuidPerl Information Disclosure Vulnerability
10. Pserv Stream Reading Buffer Overflow Vulnerability
11. Pserv Request Method Buffer Overflow Vulnerability
12. Pserv HTTP Version Specifier Buffer Overflow Vulnerability
13. Pserv User-Agent HTTP Header Buffer Overflow Vulnerability
14. McAfee VirusScan WebScanX Code Execution Vulnerability
15. Webster HTTP Server Long Request Buffer Overrun Vulnerability
16. Webster HTTP Server File Disclosure Vulnerability
17. Webster HTTP Server Cross Site Scripting Vulnerability
18. Lawson Financials Account Credentials World Accessible...
19. Computer Associates InoculateIT Yaha.E Exchange Filter...
20. libSieve Header Name Buffer Overrun Vulnerability
21. libSieve IMAP Flag Buffer Overrun Vulnerability
22. 3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation...
23. Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
24. libSieve Error Message Buffer Overrun Vulnerability
25. 3Com SuperStack 3 NBX FTPD Denial of Service Vulnerability
26. Pedestal Software Integrity Protection Driver Bypass...
27. SquirrelMail read_body.php Cross Site Scripting Vulnerability
28. Multiple Linksys Devices GET Request Buffer Overflow...
29. Multiple Linksys Devices strcat() Buffer Overflow Vulnerability
30. Linux Netfilter/IPTables IP Queuing Arbitrary Network Traffic...
31. Microsoft Internet Explorer Dialog Style Same Origin Policy...
32. Debian Internet Message Insecure Temporary File Creation...
33. Aldap Contact Manager Authentication Bypass Vulnerability
34. phpBB search.php Cross Site Scripting Vulnerability
35. Microsoft Windows XP Wireless LAN AP Information Disclosure... III. SECURITYFOCUS NEWS ARTICLES
36. Government rests case against Russian software company
37. Identity Theft More Often an Inside Job IV.SECURITYFOCUS TOP 6 TOOLS
38. MAC Changer v1.2.0
39. Sniffdet v0.7
40. Ids 2 Pix v1.2.0.0
41. linksysulator v1.0
42. gateProtect Firewall v3.2
43. klogger v1.0
44. SECURITYJOBS LIST SUMMARY
45. Chief Information Security Officer #734 - Atlanta, GA - High...
46. Stop me before I consult again (Thread)
47. 3 week contract for Checkpoint NG in Ottawa, Canada. (Thread)
48. IT Security Manager #738, TX, $85k - $95k (Thread)
49. Security Engineer (Thread)
50. Seeking a position in network security (Thread)
51. Position Available - IT Security Business Development Manager...
52. Resume Submission (Thread)
53. Security Engineer available (Thread)
54. PKI Positions in Washington DC (Thread)
55. Resume update submission (Thread)
56. eEye Digital Security - Geneva, Switzerland SE Position (Thread) VI. INCIDENTS LIST SUMMARY
57. Black Ice small segment size FTP attack caused by FX-scanner...
58. A small quandary (Thread)
59. Incident tracking database (Thread)
60. recent rds vuln (Thread)
61. TCP:80, TCP:1433 squelda 1.0 probe (Thread)
62. [Fwd: XSS on ICQ leading to password compromise] (Thread)
63. Bad protocol version identification '^V^C^A' (Thread)
64. New scanner? (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
65. XSS question. (Thread)
66. RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3] (Thread)
67. TOTAL WIRELESS SECURITY (Thread)
68. Local DOS in MacOS X (Thread)
69. IIS Vulnerability Content-Type overflow (Thread)
70. Windows Heap Overflows In General (Thread)
71. Lotus NOTES (Thread)
72. "download" caps (Thread)
73. VNC game (Thread)
74. CounterStrike (HalfLife?) Server...
75. MacOS X Oddity (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
76. Container Names in RSACryptoServiceProvider class (Thread)
77. issues with syskey in NT 4.0 (Thread)
78. SecurityFocus Microsoft Newsletter #115 (Thread)
79. Question: Buffer Overrun in Microsoft Data Access Components...
80. Secure / Encrypt Terminal Services (Thread) IX. SUN FOCUS LIST SUMMARY
81. Solaris 7 installation is sending 127.0.0.0/8 addresses on the
82. LINUX FOCUS LIST SUMMARY
83. NO NEW POSTS FOR THE WEEK ENDING 12.06.02 XI. SPONSOR INFORMATION
84. FRONT AND CENTER

    ---

85. Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks By Matthew Tanase

DDoS attacks first made headlines in February 2000. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/infocus/1647

2. Does Research Support Dumping Linux?
By Tim Mullen

Microsoft's security policies are getting better every day, even as a new report slams open-source competitors as security nightmares. But the easy answers aren't always the right ones.

http://online.securityfocus.com/columnists/127

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Moby NetSuite POST Handler Buffer Overflow Vulnerability BugTraq ID: 6277 Remote: Yes Date Published: Nov 29 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6277 Summary:

Moby NetSuite is a small SMTP and HTTP/CGI server designed for use with the Microsoft Windows operating system.

A buffer overflow vulnerability has been reported for Moby NetSuite that may result in a denial of service condition. Reportedly, it is possible to cause NetSuite to crash when a malformed POST request is received. Specifically, the denial of service condition is triggered when a POST request is received that has an overly large integer value as the value for the 'Content-Length' header field.

An attacker can exploit this vulnerability by issuing a POST request with a 'Content-Length' value that is a very large integer. When NetSuite attempts to service the malformed POST request, it will crash resulting in a denial of service. Restarting the service is neccessary to restore functionality.

Although unconfirmed, this may be a remotely exploitable buffer overflow condition and code execution may be possible.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Bogofilter Bogopass Insecure Temporary File Creation Vulnerability BugTraq ID: 6278
Remote: No
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6278
Summary:

Bogofilter is a package used to filter spam from incoming email. It is available for Linux and Unix variant operating environments. Bogopass is a Perl script included with Bogofilter.

Reportedly, bogopass creates temporary files in a predictable manner. Specifically, temporary files will be created in '/tmp' as
'bogopass.<PID>'. As a result, it is possible for local attackers to read
or corrupt files readable by the bogopass process. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file which is created. Any actions performed by bogopass when it is executed will be performed on the file pointed to by the symbolic link.

An attacker may exploit this vulnerability to read, or corrupt, potentially critical system files.

3. Microsoft Windows XP Fast User Switching Process Viewing Weakness BugTraq ID: 6280
Remote: No
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6280
Summary:

Microsoft Windows XP contains a feature called Fast User Switching (FUS). This allows multiple users to be concurrently logged onto the system; only one user can interact with the system at a time. FUS is enabled by default on Windows XP Home edition, but not on Professional edition. It cannot be enabled on systems that are members of a domain.

FUS contains a weakness that could allow unprivileged users to view other users' process lists.

Members of the Administrators group can enable an option to view other users' process lists. If a member of the Administrators group enables this option and is subsequently removed from the group, they are still able to view other users' process lists.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

While this is not directly exploitable, it may violate other users' privacy or the information obtained may potentially be used to mount attacks on other local users.

4. Sun Solaris MailTool Attachment Denial Of Service Vulnerability BugTraq ID: 6279
Remote: Yes
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6279
Summary:

mailtool is the graphical mail user agent packaged with the Common Desktop Environment (CDE). This vulnerability affects the Unix operating system, specifically Sun Solaris.

Under some circumstances, it may be possible to deny service to legitimate users of the tool.

It has been discovered that mailtool does not properly handle some types of attachments. When a maliciously formatted attachment is sent to mailtool, it is possible to crash the program. This could result in a denial of service to legitimate users of the program.

It is speculated that this issue is due to a memory corruption problem within the program. Because of this possibility, this issue may make possible the execution of attacker-supplied code. Any code executed through this vulnerability would be executed in the context of the mailtool user.

5. Boozt index.cgi Buffer Overrun Vulnerability BugTraq ID: 6281
Remote: Yes
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6281
Summary:

Boozt is a banner management program available for the Linux operating system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overrun has been discovered in the index.cgi script used by Boozt. By passing a string of excessive length, as the value for the $name parameter, to the vulnerable script, it is possible to overwrite a static buffer. This may result in the corruption of sensitive system memory.

By overwriting sensitive memory with attacker-supplied values, it may be possible to direct program flow to execute malicious instructions. Successful exploitation will result in the execution of arbitrary code with the privileges of the Boozt process.

This issue is known to affect Boozt 0.9.8 and it is not known whether other versions are affected.

6. SuidPerl Information Disclosure Vulnerability BugTraq ID: 6282
Remote: No
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6282
Summary:

SuidPerl is the Perl interpreter for setuid Perl scripts. It is included with distributions of the Perl package and is available for Linux and Unix variant operating environments.

An information disclosure vulnerability has been reported for SuidPerl. Reportedly, it is possible for an attacker to determine whether files exist in non-accessible directories.

An attacker can exploit this vulnerability by invoking suidperl with an absolute filename to determine whether the file exists. When run in this manner, suidperl will return with a message that confirms the existence of a file.

Information obtained in this manner may allow an attacker to launch further, potentially damaging, attacks against a vulnerable system.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Pserv Stream Reading Buffer Overflow Vulnerability BugTraq ID: 6283
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6283
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. Pserv reads 1024 bytes from a connected socket. Due to some flaws when processing the data, it may be possible to corrupt sensitive memory on the system stack.

Reportedly, it is possible to overflow a local buffer and corrupt memory by issuing a request that is exactly 1024 bytes. This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

8. Pserv Request Method Buffer Overflow Vulnerability BugTraq ID: 6284
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6284
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. Reportedly, Pserv reads 1024 bytes at a time from a connected socket but fails to allocate sufficient space in local buffers for the data. Specifically, in the request method, defined in the
'analyzeRequest()' function in 'main.c', Pserv only allocates 16 bytes of
space. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. Pserv HTTP Version Specifier Buffer Overflow Vulnerability BugTraq ID: 6285
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6285
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. Reportedly, Pserv reads 1024 bytes at a time from a connected socket but fails to allocate sufficient space in local buffers for the data.

An attacker can exploit this vulnerability by issuing an overly long HTTP request with an invalid HTTP version specifier. Specifically, in the request method, defined in the 'analyzeRequest()' function in 'main.c', Pserv only allocates 16 bytes of space for the data. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

1. Pserv User-Agent HTTP Header Buffer Overflow Vulnerability BugTraq ID: 6286 Remote: Yes Date Published: Nov 30 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6286 Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections.

An attacker can exploit this vulnerability by issuing an overly long HTTP request with an invalid User-Agent header. Specifically, in the request method, defined in the 'analyzeRequest()' function in 'main.c', Pserv only allocates 256 bytes of space for the data that can be as large as 1011 bytes. Due to this, it may be possible to corrupt sensitive memory on the system stack.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

1. Pserv HTTP Request Parsing Buffer Overflow BugTraq ID: 6287 Remote: Yes Date Published: Nov 30 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6287 Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections.

An attacker can exploit this vulnerability by issuing an overly long HTTP request. Specifically, in the 'handleMethod()' function in 'main.c', Pserv attempts to concatenate supplied data with the absolute path for the web document root folder. The supplied input may be as large as 1024 bytes, however, Pserv does not take this into account when allocating space on the system stack. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

1. McAfee VirusScan WebScanX Code Execution Vulnerability BugTraq ID: 6288 Remote: No Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6288 Summary:

McAfee VirusScan contains a component for scanning Internet downloads and active content called WebScanX. Since explorer.exe can also be used as a web browser, WebScanX will hook the application.

A vulnerability exists in WebScanX that could allow arbitrary code execution in the security context of the local system account. This behaviour only appears to occur if a user's home directory (ie. Documents and Settings\<username>) is located on a network share.

When Explorer is used to browse the local disk, WebScanX appears to open several DLL (Dynamic Link Libraries) from the user's home directory. If one of these DLLs were replaced with a malicious file, WebScanX could execute the attacker-supplied code in the local system context.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported on VirusScan 4.5.1sp1. Other versions may be vulnerable.

1. Webster HTTP Server Long Request Buffer Overrun Vulnerability BugTraq ID: 6289 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6289 Summary:

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft Foundation Classes (MFC). It is available for the Microsoft Windows operating system.

A buffer overrun vulnerability has been discovered in Webster HTTP server. It is possible to trigger this condition by passing Webster HTTP server a malicious URL containing 275 or more bytes of data.

This issue can be exploited to overwrite the programs instruction pointer, potentially resulting in the execution of malicious code. Exploitation of this issue would allow an attacker to run arbitrary system commands with the privileges of Webster.

1. Webster HTTP Server File Disclosure Vulnerability BugTraq ID: 6291 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6291 Summary:

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft Foundation Classes (MFC). It is available for the Microsoft Windows operating system.

A file disclosure vulnerability has been discovered in Webster HTTP Server. By constructing a malicious URL containing directory traversal sequences (../), it is possible for a remote attacker to disclose a known system resource.

This vulnerability could be exploited to obtain the systems SAM file or other sensitive resources, which may be used by the attacker to launch further attacks against the target system.

1. Webster HTTP Server Cross Site Scripting Vulnerability BugTraq ID: 6292 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6292 Summary:

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft Foundation Classes (MFC). It runs on Windows 95, 98, NT, 2000, Me, and XP platforms.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been discovered that Webster HTTP Server fails to sanitize user-supplied input, making it vulnerable to cross site scripting attacks. By including HTML or script code in a malconstructed link, it may be possible to execute arbitrary code within the context of the visited website.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials.

1. Lawson Financials Account Credentials World Accessible Vulnerability BugTraq ID: 6293 Remote: No Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6293 Summary:

Lawson Financials is a commercially available financial planning and tracking software package. It is available for the Unix and Microsoft Windows platforms.

A problem with Lawson Financials may make it possible for local users to gain access to other user's accounts.

Lawson Financials requires specific configuration guidelines for the Lawson certification process. These guidelines give users the ability to install Lawson Financials with a limited set of configuration options.

Some default configurations of Lawson Financials may allow unauthorized users access to sensitive information. By default, user credentials such as the Lawson Financials user name and password are stored in a world-readable, world-writable file. This could allow a user with local access to a Lawson Financials system to gain access to the Financials database. This is known to affect Financials installed on the UNIX operating system.

Exploiting this vulnerability could result in an attacker connecting directly to the database via some means such as ODBC or JDBC. The attacker would then have access to the Financials database with the privileges of any user listed in the database user file. It should be noted that passwords stored in the file are in plain text.

1. Computer Associates InoculateIT Yaha.E Exchange Filter Bypassing Vulnerability BugTraq ID: 6290 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6290 Summary:

Computer Associates InoculateIT's Exchange option allows incoming email to be scanned as well as background scanning of the Exchange database.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that some email messsages containing the W32.Yaha.E@mm worm are able to bypass the incoming mail scanner. Most messages containing this worm are detected by the scanner, but some messages are allowed through.

Some messages generated by the Yaha worm use the Microsoft IE MIME Header Attachment Execution Vulnerability (BID 2524). This may be related to this issue, however, precise details are not currently known.

This entry will be updated if and when more details become available.

1. libSieve Header Name Buffer Overrun Vulnerability BugTraq ID: 6294 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6294 Summary:

Sieve is a language that can be used to create filters for electronic mail. It is operating system independant. A vulnerability has been discovered in the Sieve library, used by various software programs.

A buffer overflow condition exists in libSieve when processing header names. This is due to insufficient bounds checking of user-supplied input. By passing a malicious header file, containing 100 or more bytes of data, to a program linked with libSieve it is possible overrun a buffer.

Exploiting this issue may allow an attacker to corrupt sensitive memory. By overwriting memory with malicious values, it may be possible for an attacker to execute arbitrary system commands with privileges of the vulnerable program.

1. libSieve IMAP Flag Buffer Overrun Vulnerability BugTraq ID: 6299 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6299 Summary:

Sieve is a language that can be used to create filters for electronic mail. It is operating system independant. A vulnerability has been discovered in the Sieve library, used by various software programs.

A buffer overflow condition exists in libSieve when processing IMAP flags. This is due to insufficient bounds checking of user-supplied input. By passing a malicious IMAP flag, containing 100 or more bytes of data, to an IMAP server linked with libSieve it is possible overrun a buffer.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exploiting this issue may allow an attacker to corrupt sensitive memory. By overwriting memory with malicious values, it may be possible for an attacker to execute arbitrary system commands with privileges of the vulnerable program.

20. 3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation Vulnerability BugTraq ID: 6296
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6296
Summary:

ShopFactory is an e-commerce application for Microsoft Windows operating systems. It is distributed by 3D3.Com.

A problem with ShopFactory may make it possible for users to change prices on items.

When a user visits a site and creates a shopping cart, information on items added to the cart are stored in web cookies. The information stored in these cookies is later retrieved by ShopFactory and used to give the user the price on the item. Changing the information contained in the cookie could change variables quoted to the user by the ShopFactory site.

This vulnerability has been reported to allow the changing of prices. A malicious user could attempt to exploit this vulnerability to steal from e-commerce sites.

21. Cyrus IMAPD Pre-Login Heap Corruption Vulnerability BugTraq ID: 6298
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6298
Summary:

Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon. It is available for Unix and Linux operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem discovered in the Cyrus IMAPD server may result in heap corruption.

It has been reported that Cyrus IMAPD does not sufficiently handle overly long strings. In some cases, when a user connects to the daemon, and upon negotiating the connection sends a login string of excessive length, a buffer overflow occurs. This could result in heap corruption and arbitrary words in memory being overwritten.

It should be noted that this vulnerability does not require remote authentication. Exploitation of this vulnerability would result in a user gaining remote access with the privileges of the IMAP daemon. This would minimally give a remote user the ability to read sensitive information such as email, and could lead to further attack and elevated privileges.

22. libSieve Error Message Buffer Overrun Vulnerability BugTraq ID: 6300
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6300
Summary:

Sieve is a language that can be used to create filters for electronic mail. It is operating system independant. A vulnerability has been discovered in the Sieve library, used by various software programs.

A buffer overflow condition exists in libSieve when processing excessive error messages. This is due to insufficient bounds checking of generated error messages. By generating 500 or more bytes of error messages in a program linked with libSieve, it is possible overrun a buffer.

Exploiting this issue may allow an attacker to corrupt sensitive memory. By overwriting memory with malicious values, it may be possible for an attacker to execute arbitrary system commands with privileges of the vulnerable program.

23. 3Com SuperStack 3 NBX FTPD Denial of Service Vulnerability BugTraq ID: 6297
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6297
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in 3Com SuperStack 3 NBX IP telephones. Reportedly the ftpd server included in the Embedded Real Time Operating System (ERTOS) contains a vulnerability that may cause a denial of service. This issue occurs when a malicious CEL request is made to the ftpd server, with a parameter containing 2048 or more bytes of data.

Exploiting this issue may cause the vulnerable ftpd server to crash as well as various VoIP features to no longer respond. These features include the web based administrative console and call manager. It may also prevent calls in progress from being ended, which may result in excessive long distance charges.

A hard reset of the device is required to restore functionality, which under abrupt circumstances may cause data loss or corruption.

It should be noted that this issue may be similar to the vulnerability described in BID 679.

Although unconfirmed, it should also be noted that due to the nature of this vulnerability under some circumstances it may be exploited to execute arbitrary code.

24. Pedestal Software Integrity Protection Driver Bypass Vulnerability BugTraq ID: 6295
Remote: No
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6295
Summary:

Pedestal Software Integrity Protection Driver (IPD) is open source software designed to prohibit new services and drivers from being installed and to prevent the modification of existing drivers. This provides protection from rootkit installation on Microsoft Windows NT/2000 systems.

When systems with IPD installed are rebooted, the IPD does not start until the system has been up for twenty minutes. This allows new services and drivers to be installed, or the uninstallation of IPD.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

IPD appears to rely on the system clock to determine the end of the twenty minute startup window. This could allow an attacker who gains privileged access to the system to set the system clock back in order to increase the time window before IPD starts.

During this period, the attacker could install a rootkit or make further modifications to the system before resetting the system clock allowing IPD to start.

25. SquirrelMail read_body.php Cross Site Scripting Vulnerability BugTraq ID: 6302
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6302
Summary:

SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0. It is available for Linux and Unix based operating systems.

A cross-site scripting vulnerability has been discovered in SquirrelMail. The read_body.php script fails to adequately sanitize content passed to the 'mailbox' and 'passed_id' variables. This makes it possible for an attacker to embed malicious script code in variable parameters.

Processing a malicious email may result in the execution of embedded script code in the users mail client. It may be possible to exploit this issue to obtain sensitive user information such as address books and authentication credentials.

It should be noted that this issue is known to affect SquirrelMail 1.2.9. It has not yet been determined if other versions are affected.

26. Multiple Linksys Devices GET Request Buffer Overflow Vulnerability BugTraq ID: 6301
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6301
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Several Linksys Broadband Router devices are prone to a buffer overflow conditions.

The vulnerability occurs due to insufficient allocation of memory for buffers. Specifically, the Linksys devices allocate only 1004 bytes of space for a request but attempts to read a maximum of 1596 bytes.

An attacker can exploit this vulnerability by issuing an overly long GET request to the vulnerable Linksys device. When the device attempts to process the malformed input, it will be possible to corrupt sensitive memory. This may allow an attacker to change configuration information on the vulnerable device. Remote exploitation is possible if the device is configured for remote management. However, remote management is disabled by default.

27. Multiple Linksys Devices strcat() Buffer Overflow Vulnerability BugTraq ID: 6303
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6303
Summary:

Several Linksys Broadband Router devices are prone to a buffer overflow conditions.

This vulnerability is due to insufficient allocation of space for local buffers. The Linksys devices use the strcat() function to concatenate a request to the device. Due to insufficient checks, supplied input is concatenated into a buffer that is too small.

An attacker can exploit this vulnerability by issuing an overly long request to the vulnerable device. When the device attempts to process the malformed input, it will be possible to corrupt sensitive memory. This may allow an attacker to change configuration information on the vulnerable device. Remote exploitation is possible if the device is configured for remote management. However, remote management is disabled by default.

This vulnerability is only exploitable if UPnP (Universal Plug and Play) is enabled on the device.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

28. Multiple Linksys Devices Heap Corruption Denial Of Service BugTraq ID: 6304
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6304
Summary:

Several Linksys devices are prone to heap corruption.

Various configuration information used by Linksys devices is stored in global variables located in heap memory. Variables stored in the heap include "sysPasswd", "wirelessESSID", and "Passphrase".

Insufficient bounds checking are used when storing user-supplied information from HTTP requests. Because the user-supplied information is stored in heap memory, it may be possible to overrun the storage buffer to corrupt configuration information.

This vulnerability may be exploited by an attacker to reboot the vulnerable device. Although unconfirmed, it may also be possible to modify various configuration settings or execute malicious code.

29. Linux Netfilter/IPTables IP Queuing Arbitrary Network Traffic Reading Vulnerability BugTraq ID: 6305
Remote: No
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6305
Summary:

IPTables and Netfilter are the firewall infrastructure developed for the Linux kernel.

A problem with the IP Queuing module distributed with the packages may make possible the reading of arbitrary network traffic.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The IP Queuing module requires a privileged process to communicate with user space to handle the queuing of network traffic on the local host. Insufficient checking of the integrity of the privileged process is performed. This could lead to a local user gaining access to information meant for the privileged process.

It has been reported that if the privileged process exits, the exit of the process is not tracked. A local user starting a new, unprivileged process with the previous process id of the privileged process would gain access to a limited amount of the network traffic meant for the privileged process. This could allow the user access to sensitive network traffic, and potentially lead to information disclosure.

It should be noted that the limited access to network traffic is dependant on the set queue length, which is typically 1024 bytes.

30. Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability BugTraq ID: 6306
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6306
Summary:

It is possible to bypass the origin policy used by Internet Explorer for the showModalDialog and showModelessDialog functions. Under some circumstances, it may be possible to execute script code in sensitive contexts.

Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and an option argument parameter to allow data to be passed to the dialog from the calling page. Additionally, various styles can be applied to the dialog from the calling page such as font-size, width, and height.

A check is done to ensure that data is only passed to dialogs located in the same domain, port and protocol as the calling page. This prevents a malicious party from injecting content into arbitrary dialogs. However, script code can be injected into the style parameters and bypass this check.

As a result, a malicious party may open a dialog with a URL which will pass this check, and have the script code within the style parameters execute in the zone of the target URL.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The consequences of exploitation are highly dependant on the functionality of the targetted dialog. It is likely that this vulnerability could lead to subversion of information or social engineering attacks.

It has been demonstrated to possibly inject script code into dialogs included by default with versions of Internet Explorer 6.0 and 6.0SP1, however, earlier versions may also be vulnerable. This can be used to execute arbitrary script code in the Local Computer Zone.

31. Debian Internet Message Insecure Temporary File Creation Vulnerability BugTraq ID: 6307
Remote: No
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6307
Summary:

IM (Internet Message) provides a series of user interface commands (im* commands) and backend Perl5 libraries to integrate E-mail and NetNews user interface. It is available for the Debian Linux distribution.

A vulnerability has been discovered in the way Debian Internet Message (IM) creates temporary files. It has been reported that both the impwagent and immknmz utilities are affected.

By anticipating the names used to create files and directories stored in the /tmp, it may be possible for a local attacker to corrupt or modify data as another user. Depending on the actions executed on the temporary file, it may also be possible to disclose sensitive information with permissions of the IM process.

32. Aldap Contact Manager Authentication Bypass Vulnerability BugTraq ID: 6310
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6310
Summary:

Aldap is a Web-based contact manager. It is designed for use with Linux variant operating systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An authentication bypassing vulnerability has been reported for Aldap. Reportedly, it may be possible for attackers to login to the Aldap contact manager with 'Manager' privileges regardless of the supplied password.

The vulnerability exists in the 'bind()' function in 'config.inc' and is due to the misuse of the '$pass' variable. Specifically, the '$pass' variable is declared twice and as a result is not used in a proper manner. Exploitation of this vulnerability will allow a remote attacker to obtain
'Manager' level privileges on vulnerable installations of Aldap.

This vulnerability was reported for Aldap 0.09.

33. phpBB search.php Cross Site Scripting Vulnerability BugTraq ID: 6311
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6311
Summary:

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

phpBB is prone to cross site scripting attacks. The problem lies in the search.php script which fails to properly sanitize user-supplied input in the 'search_username' parameter.

By exploiting this issue it may be possible to steal a users cookie-based authentication credentials. This could be accomplished by constructing a malicious link containing script code embedded in the 'search_username' parameter.

34. Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability BugTraq ID: 6312
Remote: Yes
Date Published: Dec 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6312
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An information disclosure vulnerability has been reported for Microsoft Windows XP systems using a wireless LAN setup.

The vulnerability exists due to the configuration of Windows XP. If a system is configured for use with a wireless network, Windowx XP systems will automatically search for available access points (APs). If APs are not found, requests are still submitted until a connection is achieved.

An attacker can exploit this vulnerability to set up an AP with the same SSID (Service Set ID) of an AP configured for use with an XP system. When the vulnerable system recognizes this malicious AP, it will then begin transmission of data.

This can be exploited by an attacker to intercept and decrypt any transmissions received from a vulnerable system. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Government rests case against Russian software company By Bob Porterfield, The Associated Press

Federal prosecutors rested their case against a Russian company accused of selling a computer program that allowed users to circumvent the security of Adobe Systems' electronic book software.

http://online.securityfocus.com/news/1743

2. Identity Theft More Often an Inside Job By Brooke A. Masters and Caroline E. Mayer, Washington Post

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

You can take all the steps you want to protect yourself against identity theft: Guard your wallet, shred your personal financial papers before throwing them in the trash, monitor your credit reports.

http://online.securityfocus.com/news/1727

IV. SECURITYFOCUS TOP 6 TOOLS

1. MAC Changer v1.2.0 by Alvaro Lopez Ortega alvaro@alobbs.com Relevant URL: http://www.alobbs.com/macc/ Platforms: MacOS Summary:

MAC Changer is a utility for viewing/manipulating the MAC addresses of network interfaces. It can set specific, random, vendor-based (with a 6000+ vendor list), and device-type-based MACs.

2. Sniffdet v0.7
by Ademar de Souza Reis Jr.
Relevant URL:
http://sniffdet.sourceforge.net
Platforms: Linux, POSIX
Summary:

Sniffdet is an implementation of a set of tests for remote sniffers detection in TCP/IP network environments. It is composed of a flexible and easy to use library and a console application to run the tests. Major features include several tests for sniffers detection, config file support, output plugins, dropping of root privileges, and general documentation.

3. Ids 2 Pix v1.2.0.0
by Chris Tsobanoglou
Relevant URL:
http://www.sysadmin.gr/Ids2Pix
Platforms: Windows 2000, Windows NT, Windows XP Summary:

ds2Pix works in conjunction with Snort, an open-source lightweight Intrusion Detection System (IDS) which allows automated blocking of the offending Ip(s) to the Cisco(tm) Pix firewall.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. linksysulator v1.0
by TomK Tech
Relevant URL:
http://tomktech.n3.net
Platforms: Linux
Summary:

Linsysulator is a simple script that utilizes sed, wget, and nmap to automatically find "ope" linksys routers on a given subnet.

5. gateProtect Firewall v3.2
by Till von Rennenkampff
Relevant URL:
http://www.gateprotect.com/trial_down.php Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:

The "gateProtect Firewall & VPN Server&#8221; with its worldwide unique user interface, has passed several independent tests with best scores. All rules and VPN connections can be defined by drag & drop which only takes a few minutes. It&#8217;s VPN functionality is compatible to all other VPN solutions including Checkpoint VPN-1. All settings can be made intuitively and in several languages.

6. klogger v1.0
by Arne Vidstrom
Relevant URL:
http://www.ntsecurity.nu/toolbox/klogger/ Platforms: Windows 2000, Windows NT, Windows XP Summary:

"klogger" is a keystroke logger for Windows NT / 2000.

V. SECURITY JOBS SUMMARY

1. Chief Information Security Officer #734 - Atlanta, GA - High Six-Figure Salary + stock options, benefits package + (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/302066

Can we help you?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/