SecurityFocus Newsletter #175

SecurityFocus Newsletter #175

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Securing Outlook, Part One: Initial Configuration
2. Rooting Out Corrupted Code
3. Drop that E-Book or I'll Shoot!
4. A Year-end Mailbag
5. SecurityFocus DPP Program
6. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. BUGTRAQ SUMMARY
7. Sapio WebReflex Directory Traversal Vulnerability
8. OpenLDAP Multiple Buffer Overflow Vulnerabilities
9. SuSE GNUPlot French Documentation Buffer Overflow Vulnerability
10. APBoard Unauthorized Thread Reading Vulnerability
11. Apple Mac OS X Directory Kernel Panic Denial Of Service...
12. Ultimate PHP Board Add.PHP Path Disclosure Vulnerability
13. Ultimate PHP Board ViewTopic.PHP Directory Contents Browsing...
14. Ultimate PHP Board ViewTopic.PHP Cross Site Scripting...
15. vBulletin HTML Injection Vulnerability
16. Mollensoft Software Enceladus Server Suite Directory Traversal...
17. apt-www-proxy NULL HTTP Request Denial Of Service Vulnerability
18. apt-www-proxy Format String Vulnerability
19. ProFTPD STAT Command Denial Of Service Vulnerability
20. Ikonboard User Profile Photo URI HTML Injection Vulnerability
21. Ikonboard X-Forwarded-For: Proxy Header Field HTML Injection...
22. Xoops Private Message System Font Attributes HTML Injection...
23. Mollensoft Software Enceladus Server Suite CD Buffer Overflow...
24. Cyrus SASL Library Username Heap Corruption Vulnerability
25. Cyrus SASL Library LDAP Heap Corruption Vulnerability
26. Cyrus SASL Library Logging Memory Corruption Vulnerability
27. Trend Micro PC-cillin Mail Scanner Buffer Overflow Vulnerability
28. Canna Server Local Buffer Overflow Vulnerability
29. Canna Server Denial Of Service Vulnerability
30. WGet NLST Client Side File Overwriting Vulnerability
31. Kunani FTP File Disclosure Vulnerability III. SECURITYFOCUS NEWS ARTICLES
32. Senate Closes Accidental Anonymizer
33. Fences go up as Net outgrows its innocence
34. All bugs are created equal
35. Trend Micro squashes buffer overflow bug IV.SECURITYFOCUS TOP 6 TOOLS
36. ssh-keyinstall v1.0.0
37. Smart Card ToolKit v0.3.2
38. xferlogDB v0.3.3
39. Pixilate v0.1
40. Iptables Script Generator v0.1
41. Java Log analyzer 1.0 v1.0
42. SECURITYJOBS LIST SUMMARY
43. Senor Sales Engineer (Thread)
44. Seeking security opportunities (Thread)
45. Chief Technology Officer (Thread)
46. Network Security Analyst - Mechanicsburg, PA (Thread)
47. Information Security Manager, HIPAA - Reno/NV (Thread)
48. Penetration Testers / Team Leader- UK, South East - CHECK...
49. Security Engineer - NY Metro (Thread)
50. Software Engineers - Calgary AB, Canada (Thread)
51. Security Compliance and Reporting Lead-Cleveland, Ohio (Thread)
52. Senior Security Project Manager (Thread)
53. Need Security Consultants in Boston Area (Thread)
54. Australian Security Businesses (Thread)
55. Stop me before I consult again (Thread)
56. Seeking Indianapolis-based Ethical Hacker (NOT an oxymoron)... VI. INCIDENTS LIST SUMMARY
57. DNS help (Thread)
58. Odd entries in my Security Router logs (Thread)
59. EBay Fraud Attempt (Thread)
60. strange attractors or weaknesses in Nimda's prng (Thread)
61. what else you can do with worm networks...fun, profit, etc...
62. Spam via proxy (Thread)
63. netbios vuln (Thread)
64. A small quandary (Thread)
65. Fwd: EBay Fraud Attempt (Thread)
66. Does W2k issue an NBNS query automatically following each...
67. high activity on port 3061 udp/tcp (Thread)
68. Incident tracking database (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
69. Web single sign-on (Thread)
70. Homeland Def. Trng Conference - Jan 14-16, 2003 - New Speakers...
71. RES: RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3]... VIII. MICROSOFT FOCUS LIST SUMMARY
72. IIS 4 Security (Thread)
73. ISM Permissions? (Thread)
74. FW: /Rpc virtual directory in IIS - How did it get there? (Thread)
75. SecurityFocus Microsoft Newsletter #116 (Thread)
76. /Rpc virtual directory in IIS - How did it get there? (Thread)
77. issues with syskey in NT 4.0 (Thread) IX. SUN FOCUS LIST SUMMARY
78. NO NEW POSTS FOR THE WEEK ENDING 12.13.02
79. LINUX FOCUS LIST SUMMARY
80. NO NEW POSTS FOR THE WEEK ENDING 12.13.02 XI. SPONSOR INFORMATION
81. FRONT AND CENTER

    ---

82. Securing Outlook, Part One: Initial Configuration By Scott Granneman

Millions of Outlook users around the world, in homes, organizations, and businesses, have had to face the insecurities inherent in their email program, sometimes painfully. This article is the first of a two-part article that will examine ways that Outlook users can secure their email client.

http://online.securityfocus.com/infocus/1648

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Rooting Out Corrupted Code
By Jon Lasser

Is there a backdoor on your system? A flawed but timely project from the Shmoo Group could help network administrators spot altered programs.

http://online.securityfocus.com/columnists/129

3. Drop that E-Book or I'll Shoot!
By Mark Rasch

Last Thursday federal prosecutors wrapped up their direct case against Russian software company ElcomSoft for creating and distributing software that would "crack" Adobe's proprietary software designed to prevent copying of electronic books - the defense will argue their side this week.

http://online.securityfocus.com/columnists/128

4. A Year-end Mailbag
By George Smith

"Why are you rambling?," and other feedback received by your anti-virus columnist.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/columnists/130

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

II. BUGTRAQ SUMMARY

1. Sapio WebReflex Directory Traversal Vulnerability BugTraq ID: 6327 Remote: Yes Date Published: Dec 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6327 Summary:

WebReflex is a software package designed to operate a HTTP server off a cdrom, providing web hosting on Microsoft Windows systems. This webserver is intended for use on such systems as Windows 95 and Windows 98. It is written and maintained by Sapio Design Ltd.

It has been reported that WebReflex fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root.

An attacker is able to traverse outside of the established web root by using dot-dot-slash (../) directory traversal sequences. An attacker may be able to obtain any web server readable files from outside of the web root directory.

Disclosure of sensitive system files may aid the attacker in launching further attacks against the target system.

This vulnerability was reported for WebReflex 1.53. It is not known whether other versions are affected.

2. OpenLDAP Multiple Buffer Overflow Vulnerabilities BugTraq ID: 6328
Remote: Yes
Date Published: Dec 06 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6328
Summary:

OpenLDAP is an open-source implementation of the LDAP protocol.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Several buffer overflow vulnerabilities have been reported for OpenLDAP.

Precise technical details about the nature of the vulnerabilities are currently unknown. This BID will be updated as more information becomes available.

An attacker may be able to exploit these vulnerabilities to gain control over the execution of the vulnerable OpenLDAP process. Although unconfirmed, an attacker may be able to execute malicious attacker-supplied code with the privileges of the OpenLDAP process.

3. SuSE GNUPlot French Documentation Buffer Overflow Vulnerability BugTraq ID: 6329
Remote: No
Date Published: Dec 06 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6329
Summary:

GNUPlot is an interactive function plotting program. It is used to plot data and functions in a graphical format.

A buffer overflow vulnerability has been reported for GNUPlot shipped with SuSE Linux. Reportedly, the vulnerability exists in the French documentation and may allow an attacker to gain control over the execution of the gnuplot process.

This vulnerability is exacerbated by the fact that gnuplot is typically installed setuid root on some SuSE distributions.

Precise technical details about the nature of the vulnerability are currently unknown. This BID will be updated as more information becomes available.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. APBoard Unauthorized Thread Reading Vulnerability BugTraq ID: 6330
Remote: Yes
Date Published: Dec 06 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6330
Summary:

APBoard is a web-based bulletin board package based on PHP and MySQL from Another PHP Product.

A vulnerability has been reported for APBoard that may allow unauthorized users to read postings in internal forums. The vulnerability is a result of the 'useraction.php' script failing to properly check user credentials.

An attacker can exploit this vulnerability to subscribe to a thread in an internal forum. This may expose sensitive information not intended to be viewed by the attacker.

This vulnerability was reported for APBoard 2.02. It is not known whether other versions are affected.

5. Apple Mac OS X Directory Kernel Panic Denial Of Service Vulnerability BugTraq ID: 6331
Remote: No
Date Published: Dec 07 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6331
Summary:

Mac OS X is the BSD-derived operating system distributed and maintained by Apple Sofware.

A problem with Mac OS X may make possible a local denial of service attack.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that OS X may crash under some conditions. When a user creates a directory, descends it, creates another directory of the same name, then attempts to move the directory up one level in the hierarchy, the system reacts unpredictably. It has been reported that this can cause a crash of the system.

This vulnerability could be exploited by a local user to deny service to legitimate users of the host. This vulnerability requires that an attacker have the ability to execute the command in a Terminal application.

6. Ultimate PHP Board Add.PHP Path Disclosure Vulnerability BugTraq ID: 6333
Remote: Yes
Date Published: Dec 07 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6333
Summary:

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems.

A problem has been discovered in UPB that could lead to the disclosure of potentially sensitive information.

Under some circumstances, it may be possible to gain access to sensitive information, such as the installation path of UPB. By passing an erroneous request to the add.php script, UPB may return the full path to the installation. This could lead to the disclosure of sensitive information, and potentially lead to further attack.

7. Ultimate PHP Board ViewTopic.PHP Directory Contents Browsing Vulnerability BugTraq ID: 6334
Remote: Yes
Date Published: Dec 08 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6334
Summary:

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem has been discovered in UPB that could lead to the disclosure of the contents of directoires.

Under some circumstances, it may be possible to disclose the contents of directories. By passing a malicious request to the viewtopic.php script, UPB may return a listing of the directory. This could be futher refined to disclose the contents of selected files.

This could lead to the disclosure of sensitive information, and potentially lead to further attack. It should be noted that the ability of the attacker to read information is limited to the privileges of the web server. Additionally, it is thought that an attacker may not read directories above the data_dir directory used by UPB.

8. Ultimate PHP Board ViewTopic.PHP Cross Site Scripting Vulnerability BugTraq ID: 6335
Remote: Yes
Date Published: Dec 08 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6335
Summary:

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems.

A problem has been discovered in UPB that could lead to cross site scripting attacks.

By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser of the user visiting the malicious URL. This could lead to the execution of HTML and script code in the security context of the UPB site.

9. vBulletin HTML Injection Vulnerability BugTraq ID: 6337
Remote: Yes
Date Published: Dec 09 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6337
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

vBulletin is commercial web forum software written in PHP and back-ended by a MySQL database. It will run on most Linux and Unix variants, as well as Microsoft operating systems.

Problems with vBulletin could make it possible for an attacker to inject arbitrary HTML in vBulletin forum messages.

vBulletin does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user chooses to view a message posting that contains malicious HTML code, the code contained in the message would be executed in the browser of the vulnerable user. This will occur in the context of the site hosting the vBulletin forum software.

Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

This vulnerability was reported for vBulletin 2.2.7 and 2.2.8. It is not known whether other versions are affected.

1. Mollensoft Software Enceladus Server Suite Directory Traversal Vulnerability BugTraq ID: 6338 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6338 Summary:

Enceladus Server Suite is a Web and FTP server designed for use with Microsoft Windows operating systems.

It has been reported that Enceladus fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to view and download sensitive resources located outside of the web root.

An attacker is able to traverse outside of the established web root by using dot-dot-slash (../) directory traversal sequences. An attacker may be able to obtain any web server readable files from outside of the web root directory.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Disclosure of sensitive system files may aid the attacker in launching further attacks against the target system.

This vulnerability was reported for Enceladus Server Suite 2.6.1. It is not known whether other versions are affected.

1. apt-www-proxy NULL HTTP Request Denial Of Service Vulnerability BugTraq ID: 6339 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6339 Summary:

apt-www-proxy is a proxy server designed for use with web-based apt-get repositories.

A denial of service vulnerability has been reported for apt-www-proxy. The
'parse_get()' function in 'utils.c' will fail when attempting to parse
HTTP requests. This will cause the process to crash thus resulting in a denial of service condition.

To restore functionality, the apt-www-proxy service must be restarted.

This vulnerability has been reported for apt-www-proxy 0.1.

1. apt-www-proxy Format String Vulnerability BugTraq ID: 6340 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6340 Summary:

apt-www-proxy is a proxy server designed for use with web-based apt-get repositories.

apt-www-proxy is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog()' function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability exists due to inadequate checks performed in the
'awp_log()' function in the 'utils.c' source file.

Successful exploitation of this issue may allow the attacker to execute arbitrary instructions with the privileges of the vulnerable process.

This vulnerability has been reported for apt-www-proxy 0.1.

1. ProFTPD STAT Command Denial Of Service Vulnerability BugTraq ID: 6341 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6341 Summary:

ProFTPD is a popular FTP server that ships with numerous Unix and Linux variants.

A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition.

An attacker can exploit this vulnerability by logging on to a vulnerable FTP server and issuing a STAT command composed of several '/*' characters. When the FTP server receives this command, it will result in a denial of service condition.

This vulnerability has been reported to affect ProFTPD 1.2.7rc3 and earlier.

• This issue is closely related to the vulnerability described in BID 2496.
  1. Ikonboard User Profile Photo URI HTML Injection Vulnerability BugTraq ID: 6342 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6342 Summary:

Ikonboard is a web-based bulletin board system implemented in Perl. It may be installed under Linux, Windows, or many Unix platforms.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Ikonboard is prone to a vulnerability which may enable an attacker to cause arbitrary HTML and script code to be interpreted by the web client of other Ikonboard users.

Ikonboard allows users to post a link in their user profile to an external picture. Ikonboard does not sufficiently sanitize HTML from these photo URIs in user profiles. An attacker may take advantage of this issue to embed malicious script code into their user profile. When the profile is viewed by other users, the attacker-supplied script code will execute in the security context of the site hosting the Ikonboard software.

Exploitation may allow an attacker to steal cookie-based authentication credentials or to manipulate web content.

This issue was reported in Ikonboard 3.1.1. Other versions may also be affected.

1. Ikonboard X-Forwarded-For: Proxy Header Field HTML Injection Vulnerability BugTraq ID: 6343 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6343 Summary:

Ikonboard is a web-based bulletin board system implemented in Perl. It may be installed under Linux, Windows, or many Unix platforms.

Ikonboard is prone to HTML injection attacks via X-Forwarded-For: HTTP header fields for proxies. The HTTP X-Forwarded-For: header field is used by many proxy server implementations to indicate the original source of a request that has been forwarded by the proxy. When Ikonboard is accessed via a proxy, it will log the user's IP address as the address that appears in the X-Forwarded-For: HTTP header field. HTML will not be sanitized when this information in the HTTP header field is logged. When an administrator views the logged IP address, script code supplied via a malicious X-Forwarded-For: HTTP header field will be executed in the web client of the administrator.

While the data in the header field is limited to 16 characters, it may be possible to embed malicious script code or HTML over multiple requests.

Successful exploitation may enable a remote attacker to steal cookie-based authentication credentials from an administrative user.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue was reported in Ikonboard 3.1.1. Other versions may also be affected.

1. Xoops Private Message System Font Attributes HTML Injection Vulnerability BugTraq ID: 6344 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6344 Summary:

Xoops is open-source, freely available web portal software written in object-oriented PHP. It is back-ended by a MySQL database and will run on most Unix and Linux distributions.

Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes, including bold, italic and underline tags, are not sufficiently filtered of HTML code. This makes it possible for an attacker to supply malicious input in the HTML font tags that contain arbitrary script code. When another user receives the attacker's private message, the malicious script code will be executed on that user in the context of the site running Xoops.

This issue may be exploited by an attacker to steal a legitimate user's cookie-based authentication credentials, potentially making it possible to hijack the users session.

This vulnerability has been reported for Xoops 1.3.5.

1. Mollensoft Software Enceladus Server Suite CD Buffer Overflow Vulnerability BugTraq ID: 6345 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6345 Summary:

Enceladus Server Suite is a Web and FTP server designed for use with Microsoft Windows operating systems.

Enceladus Server Suite is prone to a remotely exploitable buffer overflow vulnerability. It is possible to trigger this condition by supplying an overly long value for the FTP change directory (CD) command. The issue is due to insufficient bounds checking of the vulnerable FTP command. By triggering this condition an attacker may corrupt process memory, including stack variables such as the return address, with attacker-supplied data. Given the ability to corrupt memory with attacker-supplied data, it is possible for an attacker to cause the execution of arbitrary code.

To exploit this issue, the attacker must be able to authenticate to the FTP server included in Enceladus and issue a maliciously crafted CD command.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation will enable a remote attacker to execute arbitrary code with the privileges of the Enceladus Server Suite software, which will most likely run with SYSTEM (or equivalent) privileges. This vulnerability may also be used to cause a denial of service.

This issue has been reported for Enceladus Server Suite 3.9. Other versions may also be affected.

1. Cyrus SASL Library Username Heap Corruption Vulnerability BugTraq ID: 6347 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6347 Summary:

SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

A heap corruption vulnerability has been discovered in Cyrus SASL library. The overflow occurs in the 'user_buf' and 'authid_buf' buffers while sanitizing usernames. It is possible to trigger this condition by passing an overly long string as the 'myhostname' parameter.

Exploiting this vulnerability will give an attacker the ability to overflow a sensitive buffer in heap memory by 19 bytes. This may allow the corruption of malloc headers, which could later result in an arbitrary location in memory being overwritten.

It should be noted that this issue only exists if the default realm is set.

It should also be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library.

1. Cyrus SASL Library LDAP Heap Corruption Vulnerability BugTraq ID: 6348 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6348 Summary:

SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A heap corruption vulnerability has been discovered in Cyrus SASL library. It has been discovered that saslauthd utility fails to allocate sufficient memory when required to escape various characters, including '*', '(',
')', '\' and '\0'. By passing a malicious string as a 'username' or
'realm' value, it may be possible for an attacker to cause insufficient
memory to be allocated for user-supplied input.

Exploiting this issue may allow an attacker to corrupt malloc headers, which could later result in an arbitrary location in memory being overwritten. Successful exploitation of this vulnerability would result in the execution of arbitrary code with the privileges of the vulnerable application.

It should be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library.

20. Cyrus SASL Library Logging Memory Corruption Vulnerability BugTraq ID: 6349
Remote: Yes
Date Published: Dec 09 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6349
Summary:

SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

A memory corruption vulnerability has been discovered in SASL when generating logs files. It has been reported that under some circumstances SASL fails to allocate sufficient memory for the '\0' character for a string used in log entries. By causing Cyrus to generate a malicious log it may be possible for an attacker to write the '\0' character to a sensitive location in memory.

This could potentially be exploited to overwrite the LSB of a sensitive variable or possibly cause inaccurate logs to be created.

It should be noted that under rare circumstances a string that is not NULL terminated can cause a situation that may be exploited to execute arbitrary code. It is not known whether this situation occurs in the SASL library.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should also be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library.

21. Trend Micro PC-cillin Mail Scanner Buffer Overflow Vulnerability BugTraq ID: 6350
Remote: No
Date Published: Dec 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6350
Summary:

Trend Micro is a provider of desktop and network antivirus products.

A buffer overflow vulnerability has been reported for PC-cillin's mail scanning utility. The mail scanning utility is a service that acts as a proxy to mail clients and runs as 'pop3trap.exe'.

An attacker can exploit this vulnerability by connecting to a vulnerable pop3trap.exe service and sending an overly long string, consisting of at least 1100 characters. This will result in the process crashing and allowing the attacker to gain control over the execution of the process.

Any code to be executed will run with the privileges of the pop3trap.exe process.

This vulnerability affects PC-cillin 2000, 2002, 2003 and OfficeScan Corporate Edition 5.02.

22. Canna Server Local Buffer Overflow Vulnerability BugTraq ID: 6351
Remote: No
Date Published: Dec 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6351
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Canna is a kana-kanji conversion server which is necessary for Japanese language character input. It is available for the Linux operating system.

A buffer overflow vulnerability has been discovered in Canna. Exploiting this issue may allow an attacker to overwrite sensitive locations in memory. It may be possible to run arbitrary system commands, with 'bin' level privileges, by redirecting program flow to execute attacker-supplied instructions.

It should be noted that Canna is typically installed only when Japanese language support is enabled.

Precise technical details regarding this vulnerability are not yet known. This BID will be updated as more information becomes available.

23. Canna Server Denial Of Service Vulnerability BugTraq ID: 6354
Remote: Yes
Date Published: Dec 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6354
Summary:

Canna is a kana-kanji conversion server which is necessary for Japanese language character input. It is available for the Linux operating system.

A vulnerability has been discovered in Canna. It has been reported that due to insufficient request validation it is possible for a remote attacker to crash the Canna server. Under some circumstances it may also be possible to cause information leakage.

It should be noted that Canna is typically installed only when Japanese language support is enabled.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Precise technical details regarding this vulnerability are not yet known. This BID will be updated as more information becomes available.

24. WGet NLST Client Side File Overwriting Vulnerability BugTraq ID: 6352
Remote: Yes
Date Published: Dec 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6352
Summary:

wget is a freely available, open source FTP utility. It is included with many Unix and Linux operating systems.

A problem with wget may result in the overwriting of arbitrary files.

wget does not properly handle some types of server responses. When a NLST response is received from an FTP server, RFC specifications require that clients check the input to see if it contains directory information. wget does not properly check this information, which may allow a remote FTP server to overwrite files on the client system.

It should be noted that this vulnerability requires an FTP server to know the path to the file to be overwritten. Additionally, this vulnerability may be exploited to overwrite only those files which are write-permissible by the FTP client user.

25. Kunani FTP File Disclosure Vulnerability BugTraq ID: 6355
Remote: Yes
Date Published: Dec 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6355
Summary:

Kunani FTP is a publically available server which uses any ODBC compatible datasource to authenticate users/passwords. It is available for the Microsoft Windows Operating system.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in Kunani FTP server. By passing a malicious request containing dot-dot-slash (../) directory traversal sequences, it is possible for a remote attacker to access arbitrary system files outside of FTP directories. Information gathered through successful exploitation of this vulnerability may aid an attacker in launching further attacks against a target system.

This issue was discovered in Kunani FTP server 1.0.10. It is not known whether other versions are affected.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Senate Closes Accidental Anonymizer By Kevin Poulsen Dec 10 2002

Misconfigured servers spawn an undocumented feature at Senate.gov.

http://online.securityfocus.com/news/1780

2. Fences go up as Net outgrows its innocence By Anick Jesdanun, The Associated Press

On the Internet, you can learn about virtually anything. You can seek comfort from others similarly afflicted by a rare disease or explore such sensitive topics as birth control.

http://online.securityfocus.com/news/1803

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. All bugs are created equal
By John Leyden, The Register

Security tools vendor ISS has promised to handle security vulnerabilities affecting open source and Windows platforms the same way following criticism of its premature disclosure of open source security problems.

http://online.securityfocus.com/news/1800

4. Trend Micro squashes buffer overflow bug By John Leyden, The Register

Trend Micro has issued a fix to address buffer overflow vulnerabilities within popular versions of its anti-virus software packages.

http://online.securityfocus.com/news/1799

IV. SECURITYFOCUS TOP 6 TOOLS

1. ssh-keyinstall v1.0.0 by William Stearns Relevant URL: http://www.stearns.org/ssh-keyinstall/ Platforms: Linux, POSIX Summary:

ssh-keyinstall is a script that helps an ssh user set up the keys at both ends of an ssh connection. It creates an rsa or dsa key if needed and copies the public half to the server. Once the process is done, you'll be able to log in with the passphrase and key instead of a password.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Smart Card ToolKit v0.3.2
by Alexandre Becoulet
Relevant URL:
http://etud.epita.fr/~becoul_a/sctk
Platforms: Linux, POSIX
Summary:

Smart Card ToolKit provides a library and associated tools for smart cards. Phoenix and Smartmouse protocols are supported for ISO7816 asynchronous smart card access and debugging. JDM is supported for programming PIC-based smart cards like piccard, goldwafer (goldcard), and silvercard. SPI is supported for programming AVR based smart cards (funcard). PIC and AVR loaders provide access to external i2c EEPROM. I2c memory smart cards are also supported. All tools use Intel hex file format to store data. An Intel hex to binary and vice-versa converting tool is also provided.

3. xferlogDB v0.3.3
by Brian Christensen brian@jordhulen.dk
Relevant URL:
http://www.jordhulen.dk/xferlogDB
Platforms: Os Independent
Summary:

xferlogDB is a tool for analyzing xferlogs from glFTPd.

4. Pixilate v0.1
by Kirby Kuehl vacuum@users.sourceforge.net Relevant URL:
http://winfingerprint.sourceforge.net/pixilate.php Platforms: FreeBSD, Linux, NetBSD, OpenBSD Summary:

Pixilate is a packet generation tool based off of Libnet 1.1.0 (Older Libnet 1.0.x versions will not work). Pixilate generates packets by parsing a file that contains ACLs in either Cisco IOS format (using the -r option) or in Cisco PIX 6.2x format. Currently TCP, UDP, IGMP, and various types of ICMP packets are built with the appropriate source and destination for each rule. "any" as a source generates a random source address and "any" as a destination will send the packet to the user supplied destination (-d option). For more information, see the pixilate manpage.

5. Iptables Script Generator v0.1
by zac
Relevant URL:
http://iptables.linux.dk/
Platforms: N/A
Summary:

The iptables Script Generator is a set of PHP scripts that makes in easy to generate a custom iptables script for router and/or firewall use. It also makes it possible for computers on your LAN to surf on the Internet

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. Java Log analyzer 1.0 v1.0
by Antonio Da Silva
Relevant URL:
http://jxla.novadeck.org/en/index.xml
Platforms: Java
Summary:

JXLA is a http log analyzer written in Java. Reports are created in XML. You can fully configure the output by using your own XSL stylesheet.

V. SECURITY JOBS SUMMARY

1. Senor Sales Engineer (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303160

2. Seeking security opportunities (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303204

3. Chief Technology Officer (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/303203

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Network Security Analyst - Mechanicsburg, PA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303175

5. Information Security Manager, HIPAA - Reno/NV (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303197

6. Penetration Testers / Team Leader- UK, South East - CHECK Certified... (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303191

7. Security Engineer - NY Metro (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303192

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Software Engineers - Calgary AB, Canada (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303010

9. Security Compliance and Reporting Lead-Cleveland, Ohio (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303009

1. Senior Security Project Manager (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/303018

1. Need Security Consultants in Boston Area (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/302943

1. Australian Security Businesses (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/302766

1. Stop me before I consult again (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/302775

1. Seeking Indianapolis-based Ethical Hacker (NOT an oxymoron) (Thread) Relevant URL:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/77/302781

VI. INCIDENTS LIST SUMMARY

1. DNS help (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/303217

2. Odd entries in my Security Router logs (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/303199

3. EBay Fraud Attempt (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/302971

4. strange attractors or weaknesses in Nimda's prng (Thread) Relevant URL:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/75/302982

5. what else you can do with worm networks...fun, profit, etc (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/302691

6. Spam via proxy (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/302681

7. netbios vuln (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/302682

8. A small quandary (Thread)
Relevant URL:

Don't know where to look next?
In addition to our free technical library, Pantek provides professional IT services to com