SecurityFocus Newsletter #176

SecurityFocus Newsletter #176

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Microsoft Baseline Security Analyzer V1.1
2. Evaluating Network Intrusion Detection Signatures, Part Three
3. OpenAV: Developing Open Source AntiVirus Engines
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. BUGTRAQ SUMMARY
6. Symantec Enterprise Firewall RealAudio Proxy Buffer Overflow...
7. Eric S. Raymond Fetchmail Heap Corruption Vulnerability
8. EServ Buffer Overflow Vulnerability
9. mICQ Denial Of Service Vulnerability
10. XOOPS Information Disclosure Vulnerability
11. Halcyon Software iASP File Disclosure Vulnerability
12. MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing...
13. Cypherix Cryptainer Information Disclosure Vulnerability
14. Multiple Vendor SSH2 Implementation Vulnerabilities
15. Multiple Vendor XML Parser Denial Of Service Vulnerability
16. PHP-Nuke Web Mail Remote PHP Script Execution Vulnerability
17. PHP-Nuke Web Mail Script Injection Vulnerability
18. Macromedia ColdFusion HTML Injection Vulnerability
19. PFinger Syslog Format String Vulnerability
20. zkfingerd SysLog Format String Vulnerability
21. zkfingerd say() Format String Vulnerability
22. PHP-Nuke Multiple Path Disclosure Vulnerabilities
23. Multiple Vendor SSH2 Implementation Incorrect Field Length...
24. Multiple Vendor SSH2 Implementation Buffer Overflow...
25. Multiple Vendor SSH2 Implementation Empty Elements / Multiple...
26. PHP-Nuke 6.0 Multiple Cross Site Scripting Vulnerabilities
27. Multiple Vendor SSH2 Implementation Null Character Handling...
28. Captaris Infinite WebMail HTML Injection Vulnerability
29. Multiple Vendor Archiving Software Tar Hostile Destination...
30. Oracle Startup Script LD_LIBRARY_PATH Vulnerability
31. Linux Kernel 2.2 mmap() Local Denial of Service Vulnerability
32. CPIO Tar Hostile Destination Path Vulnerability
33. ZipMagic Tar Hostile Destination Path Vulnerability
34. WinZip Tar Hostile Destination Path Vulnerability
35. PKZip Tar Hostile Destination Path Vulnerability III. SECURITYFOCUS NEWS ARTICLES
36. DEA Data Thief Sentenced to 27 Months
37. Sysadmin accused of Paine Webber computer sabotage
38. SSH flaws sighted
39. Macromedia Flash Crash IV. SECURITYFOCUS TOP 6 TOOLS
40. Levy v0.3
41. IP Security Validator for Linux v1.0
42. Easy Integrity Check System v1.0a
43. Caudium v1.2.6RC3
44. Lepton's Crack v1.0.1
45. dasm2 v1.0
46. SECURITYJOBS LIST SUMMARY
47. Opening - Wireless Security - TEXAS INSTRUMENTS, Dallas (Thread)
48. C4ISR Network Engineers - Location MA, DC, VA, MD, IN (Thread)
49. Awarding Security Specialist Opportunity in Annapolis, Maryland...
50. Computer Forensics/ Network Security Professional - Minneapolis...
51. What is a reasonable cut that a contracting company should take...
52. Security Solutions Sales Consultant (Thread)
53. Opening for cleared person in MD (Thread)
54. Cleared former CSO, IA visionary available (Thread)
55. Seeking Network Security Position (Thread)
56. 2 x Director of Strategic Alliances - BOSTON (Thread)
57. What is a reasonable cut that a contracting company should...
58. Security Analyst (Thread)
59. Computer Incident Response Position (Thread)
60. What is a reasonable cut that a contracting company should...
61. Contract Positions. (Thread)
62. Wanted: Ethical Web App Cracker - NY area/VA area (Thread)
63. Telecomms Fraud Project Manager Available UK & Europe (Thread)
64. Symantec in Redwood City - Open Jobs (Thread)
65. Application Security Consultant - DC metro area (Thread)
66. 2 Networking Security Business Dev. Mgrs. - BOSTON, Mass...
67. Sales Engineer - NY/NJ, DC/VA, Chicago/Dallas (Thread)
68. About the Exploits Researcher/Programmer role I posted (Thread)
69. Houston area security postions available (Thread)
70. Exploits Researcher/Programmer Needed (Thread)
71. Senior Security Engineer position in NYC (Thread)
72. Seeking Opportunities in Northern California (Thread)
73. RACF Project Work - Full or Part Time Schedule (Thread) VI. INCIDENTS LIST SUMMARY
74. IRC -> smtp worm? (Thread)
75. abuse of open transparent proxies (Thread)
76. Worm on 445/tcp? (Thread)
77. fswserv.html ???? (Thread)
78. New CIFS (port 445) worm? (Thread)
79. FW: Lioten Worm 135-139 and 445 (Thread)
80. Re[2]: Rooted, .haos on system (Thread)
81. Rooted, .haos on system (Thread)
82. Iraq Oil worm (Thread)
83. Win2k Audit Logs - What happened here? (Thread)
84. Logs: Many hits with source port of 80 (Thread)
85. Many hits with source port of 80 (Thread)
86. DNS help (Thread)
87. Terminal Services / TsInternetUser [RMC-RUFLVP4] (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
88. Cross site scripting explained (Thread)
89. [NGSEC] ngGame #2 - Web Authentication II (Thread)
90. Web single sign-on (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
91. Removing locking user from CTRL-ALT-DEL window - NT 4.0 (Thread)
92. Logging Terminal Services Access? (Thread)
93. ipsecpol on Windows 2000 (Thread)
94. SecurityFocus Microsoft Newsletter #117 (Thread)
95. Users Peeved at Microsoft Security Effort (Thread)
96. IIS 4 Security (Thread)
97. Exchange 5.5 delivery receipts (Thread)
98. Bulletin MS02-069 (Thread) IX. SUN FOCUS LIST SUMMARY
99. NO NEW POSTS FOR THE WEEK ENDING 12.20.02
100. LINUX FOCUS LIST SUMMARY
101. User´s and Shells (Thread) XI. SPONSOR INFORMATION
102. FRONT AND CENTER

     ---

103. Microsoft Baseline Security Analyzer V1.1 By Mike Fahland, Eric Schultze

Earlier this month, Microsoft released version 1.1 of the Microsoft Baseline Security Analyzer (MBSA). This article will offer a brief overview of MBSA.

http://online.securityfocus.com/infocus/1649

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Evaluating Network Intrusion Detection Signatures, Part Three by Karen Kent

In this three-part series of articles, we are presenting recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well as selecting attacks to be used in testing. The second installment concluded the discussion of criteria for choosing attacks and provided recommendations for generating attacks and creating a good testing environment. This article will wrap up the series by examining other ways of generating attacks with other security-related tools and by manually creating your own attacks.

http://online.securityfocus.com/infocus/1651

3. OpenAV: Developing Open Source AntiVirus Engines by Costin G. Raiu

This article will take a look at the OpenAntivirus AV engine, assess its progress so far, and offer some suggestions of how the developers can continue to develop it. While some of the commentary in the following sections may be fairly critical, the purpose of this paper is not to flame the OpenAV project or its developers but, on the contrary, to salute their efforts. Hopefully, this article and the comments herein will make a significant contribution to the development of a viable, working open source antivirus product.

http://online.securityfocus.com/infocus/1650

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Symantec Enterprise Firewall RealAudio Proxy Buffer Overflow Vulnerability BugTraq ID: 6389 Remote: Yes Date Published: Dec 13 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6389 Summary:

Raptor Firewall is an enterprise level firewall originally developed by Axent Technologies and is maintained and distributed by Symantec. Symantec Enterprise Firewall is formerly known as Raptor firewall. It is available for Microsoft Windows and Unix operating systems.

A vulnerability has been reported for Symantec Enterprise Firewall. A buffer overflow vulnerability occurs in the RealAudio Proxy installed on Symantec Enterprise Firewall. Reportedly when the Proxy process is sent a specially formatted stream of data, it will trigger a buffer overflow condition. This will result in the rad (ReadAudio) and statsd (statistics) services to unexpectedly terminate and produce Dr. Watson logs.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability occurs when the RealAudio Proxy receives packets that do not follow the RealAudio Protocol. An attacker can exploit this vulnerability and send a specially crafted stream of data to the Proxy process. This will result in a local buffer to be overrun with attacker supplied values and will trigger the buffer overflow condition. This will cause the rad and statsd services to terminate resulting in a denial of service condition.

Although unconfirmed, it may be possible for an attacker to gain control over the execution of the vulnerable RealAudio Proxy process.

2. Eric S. Raymond Fetchmail Heap Corruption Vulnerability BugTraq ID: 6390
Remote: Yes
Date Published: Dec 13 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6390
Summary:

Fetchmail is a freely available, open source mail retrieval utility. It is maintained by Eric S. Raymond.

A remotely exploitable heap overflow vulnerability has been reported for Fetchmail 6.1.3 and earlier. The vulnerability occurs when Fetchmail performs a reply-hack action. The action is performed so that all addresses in email headers are searched for local email addresses. Next Fetchmail will allocate enough space for the case that all addresses are local addresses. Due to a calculation flaw, Fetchmail does not allocate enough space for memory buffers.

An attacker can exploit this vulnerability by composing an email with specially crafted header lines and sending it to the vulnerable system. When Fetchmail attempts to parse the headers, it will allocate insufficient space and will result in Fetchmail corrupting heap memory with attacker-supplied values.

An attacker may exploit this condition to overwrite arbitrary words in memory. This may allow for the execution of arbitrary code.

This vulnerability has been reported for Fetchmail 6.1.3 and earlier.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. EServ Buffer Overflow Vulnerability
BugTraq ID: 6391
Remote: Yes
Date Published: Dec 13 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6391
Summary:

EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems.

A buffer overflow vulnerability has been reported for EServ. The vulnerability occurs when EServ receives an overly long stream of data for any of its listening services.

An attacker can exploit this vulnerability by sending an overly long stream of data, consisting of at least 5080000 characters, to any of the ports that EServ is listening on. This will trigger the buffer overflow condition and will result in the EServ process crashing.

Although unconfirmed, it may be possible for an attacker to gain control over the execution of the vulnerable process and execute malicious attacker-supplied code.

This vulnerability was reported for EServ 2.97 and 2.99; it is likely that previous versions are also affected.

4. mICQ Denial Of Service Vulnerability
BugTraq ID: 6392
Remote: Yes
Date Published: Dec 13 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6392
Summary:

mICQ is a text-based ICQ client designed for use with Linux variant operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A denial of service vulnerability has been reported for mICQ. The vulnerability occurs when mICQ is processing certain types of ICQ messages. Specifically, when mICQ receives messages that do not have the required 0xFE separator, it will crash.

This vulnerability has been reported to affect all versions of mICQ.

5. XOOPS Information Disclosure Vulnerability BugTraq ID: 6393
Remote: Yes
Date Published: Dec 13 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6393
Summary:

Xoops is open-source, freely available web portal software written in object-oriented PHP. It is back-ended by a MySQL database and will run on most Unix and Linux distributions.

Xoops includes a Private Message System for users, so that they may send messages to one another. It has been reported that the 'pmlite.php' script contains a flaw, which allows unauthorized users to view private messages. This issue can be exploited due to invalid authorization validation.

Information gained by exploiting this issue may aid an attacker in launching further attacks against the vulnerable site or other users.

6. Halcyon Software iASP File Disclosure Vulnerability BugTraq ID: 6394
Remote: Yes
Date Published: Dec 13 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6394
Summary:

Halcyon Software Instant ASP (iASP) is a portable active server framework that lets developers deploy Active Server Pages (ASP) on any Java technology-enabled Web Server or Application Server.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in the Remote Console Applet used by Halcyon Software iASP. Due to insufficient validation of user-supplied requests, it is possible for a remote attacker to access arbitrary system files. This issue can be exploited by constructing a malicious request for a known system resource and including dot-dot-slash (../) directory traversal sequences.

Information gained through exploiting this issue, such as a systems shadow or SAM file, may aid an attacker in launching further attacks against a target server.

It should be noted that this vulnerability is known to exist in iASP v1.0.9 and earlier. It is not yet know whether this issue affects later versions.

7. MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing Vulnerability BugTraq ID: 6395
Remote: Yes
Date Published: Dec 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6395
Summary:

MyPHPLinks is a freely available, open source PHP application distributed by MyPHPSoft. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with MyPHPLinks could allow remote attackers unauthorized access to system resources.

It has been reported that a problem with the checking of input by MyPHPLinks exists. A problem in the checking of the idsession variable used by MyPHPLinks to verify Administrator access may allow a remote user to gain access to the host. This problem could allow an attacker to gain administrator access to the MyPHPLinks section of a web site.

This vulnerability may be exploited by passing a SQL statement through the idsession variable. This SQL statement must evaluate to true. Exploitation of this vulnerability would allow an attacker to change the links indexed in a MyPHPLink implementation.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Cypherix Cryptainer Information Disclosure Vulnerability BugTraq ID: 6396
Remote: No
Date Published: Dec 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6396
Summary:

Cypherix Cryptainer is data encryption software designed for use with Microsoft Windows operating systems.

A vulnerability has been reported for Cryptainer that may allow attackers to obtain access to the passwords used by Cryptainer. The vulnerability exists due to the way Cryptainer stores the user-supplied password to access the program. Specifically, Cryptainer stores the password in memory in clear text.

This vulnerability can only be exploited when Cryptainer is loaded and the victim user has entered the password at least once. However, Cryptainer contains a feature that allows the program to be minimized in the System Tray. This satisfies one condition of exploitation and may provide local attackers with a greater chance for exploitation.

By exploiting this issue a malicious local user may be able to retrieve sensitive information from a system using Cryptainer and may lead to compromise of computing resources.

9. Multiple Vendor SSH2 Implementation Vulnerabilities BugTraq ID: 6397
Remote: Yes
Date Published: Dec 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6397
Summary:

Several vulnerabilities have been reported for multiple products that use the SSH2 implementation for secure communications.

The vulnerabilities have been reported to affect KEXINIT (key exchange initialization) phases of SSH communications. It should be noted that key exchange and initialization are performed prior to any sort of authentication. An attacker may exploit these vulnerabilities to perform denial of service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Further information about these vulnerabilities are currently unknown. Where possible, separate BugTraq IDs will be assigned for individual vulnerabilities when more details are available.

1. Multiple Vendor XML Parser Denial Of Service Vulnerability BugTraq ID: 6398 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6398 Summary:

A denial of service vulnerability occurs in the XML parser, either Crimson or Xerces, used by several vendors.

An attacker can exploit this vulnerability by sending a specially crafted message to the SOAP (Simple Object Access Protocol) interface used by the vulnerable software. Specifically, malformed XML data can be inserted in the DTD (Document Type Definition) section of an XML document. When the XML parser receives this message, it will consume all available CPU resources. This will cause the system to become unresponsive to further requests for service thereby resulting in a denial of service condition.

This vulnerability has been previously described in BIDs 6363 and 6378 for Macromedia JRun and BEA Systems WebLogic.

1. PHP-Nuke Web Mail Remote PHP Script Execution Vulnerability BugTraq ID: 6399 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6399 Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

A vulnerability has been discovered in a web mail module available for PHP-Nuke. When a user opens an email containing an attachment the file will be stored in a remote accessible web directory. The module fails to filter attachments containing active content, making it possible for an attacker to access a PHP script located in the users web directory.

By sending a user a malicious attachment and then accessing the script a remote attacker is able to cause arbitrary PHP code to be executed on the target system. This may allow an attacker to access sensitive information or compile malicious programs designed to open backdoors into the server.

1. PHP-Nuke Web Mail Script Injection Vulnerability BugTraq ID: 6400 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6400 Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in the web mail module available for PHP-Nuke. Due to insufficient sanitization of message content it is possible for an attacker to embed script code into a malicious HTML email. An unsuspecting user that opens the email will cause the script code to be executed within their browser.

Exploiting this issue may allow an attacker to steal cookie-based authentication credentials, which may be used at a later time to hijack a user's web session.

1. Macromedia ColdFusion HTML Injection Vulnerability BugTraq ID: 6401 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6401 Summary:

Macromedia ColdFusion is a web application server. It supports quick development, publication and management of web content.

A HTML injection vulnerability has been reported for ColdFusion 5.0. Reportedly, ColdFusion does not adequately sanitize log entries of malicious HTML code. When certain ColdFusion functions receive inappropriate or faulty data, ColdFusion will generate an exception and write a log entry to the file 'application.log' typically found in the
'c:\cfusion\log\' directory.

An attacker can exploit this vulnerability to insert malicious HTML code into a function that will trigger the exception and cause a malicious log entry to be written. When some user views the logs, typically the administrator, any malicious HTML code in the logs will be executed in the victim user's browser, in the security context of the host.

It has been reported that a malformed INT function will generate the log entry. Other functions have also been reported to generate log entries.

This issue may potentially be exploited to hijack web content or steal cookie-based authentication credentials from users.

1. PFinger Syslog Format String Vulnerability BugTraq ID: 6403 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6403 Summary:

PFinger is an open-source finger daemon. It is available for Linux and Unix variants.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

PFinger is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog()' function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values. This issue can be exploited via a malformed response to a DNS lookup when a host levies a finger request to the vulnerable server.

The vulnerability exists in the 'log()' function in the 'log.c' source file. Successful exploitation of this issue may allow the attacker to execute arbitrary instructions with the privileges of the daemon, which normally runs as 'nobody'.

It has been suggested that this issue may not be exploitable with many available DNS resolvers, since the '%' character is not allowed in responses.

1. zkfingerd SysLog Format String Vulnerability BugTraq ID: 6402 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6402 Summary:

zkfingerd is a small fingerd replacement server. It is available for Unix and Linux operating systems.

zkfingerd is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog()' function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values.

The vulnerability exists in the 'putlog()' function in the 'log.c' source file. Successful exploitation of this issue may allow the attacker to execute arbitrary instructions, possibly, with elevated privileges.

This vulnerability was reported for zkfingerd 0.9.1 and earlier.

1. zkfingerd say() Format String Vulnerability BugTraq ID: 6404 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6404 Summary:

zkfingerd is a small fingerd replacement server. It is available for Unix and Linux operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

zkfingerd is prone to a format string vulnerability. This problem exists in the 'say()' function. The function does not perform sufficient checks when displaying user-supplied input. It is possible to corrupt memory by passing format strings through the vulnerable function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values.

Successful exploitation of this issue may allow the attacker to execute arbitrary instructions, possibly, with elevated privileges.

This vulnerability was reported for zkfingerd 0.9.1 and earlier.

1. PHP-Nuke Multiple Path Disclosure Vulnerabilities BugTraq ID: 6406 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6406 Summary:

PHP-Nuke is a web based Portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Multiple path disclosure vulnerabilities have been discovered in PHP scripts used by PHP-Nuke. The issue occurs when a request is made for a script, which should not be accessed directly. Some scripts do not provide sufficient error handling for cases where these scripts are accessed directly. This will cause the script to generate an error page containing the absolute path information. The PHP scripts affected by this issue include voteinclude.php, navbar.php, attachment.php, and mainfile.php.

Exploiting this issue will cause the target server to disclose sensitive information about the layout of the filesystem of the host running the vulnerable software. Information of this nature may aid in mounting further attacks against the host.

1. Multiple Vendor SSH2 Implementation Incorrect Field Length Vulnerabilities BugTraq ID: 6405 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6405 Summary:

A vulnerability with incorrect lengths of fields in SSH packets have been reported for multiple products that use the SSH2 for secure communications.

These vulnerabilities have been reported to affect initialization, key exchange, and negotiation phases of SSH communications. It should be noted that key exchange and initialization are performed prior to any sort of authentication.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit these vulnerabilities to perform denial of service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code.

Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

1. Multiple Vendor SSH2 Implementation Buffer Overflow Vulnerabilities BugTraq ID: 6407 Remote: Yes Date Published: Dec 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6407 Summary:

Multiple vendor SSH2 implementations are reported to be prone to buffer overflows. These buffer overflows are alleged to be exploitable prior to authentication.

These conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol.

It is possible to exploit these conditions to cause memory to be corrupted with attacker-supplied data. In some cases, the resulting memory corruption can be leveraged by an attacker to cause malicious code to be executed.

Successful exploitation will enable remote attackers to cause execution of code in the security context of the specific server and client implementations.

Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

20. Multiple Vendor SSH2 Implementation Empty Elements / Multiple Separator Vulnerabilities BugTraq ID: 6408
Remote: Yes
Date Published: Dec 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6408
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators.

The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. It should be noted that key exchange and initialization are performed prior to any sort of authentication.

An attacker may exploit these vulnerabilities to perform denial of service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code.

Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

21. PHP-Nuke 6.0 Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 6409
Remote: Yes
Date Published: Dec 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6409
Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Cross-site scripting vulnerabilities have been discovered in multiple PHP scripts used by PHP-Nuke 6. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests.

The scripts, which are vulnerable to these issues, include
'bb_smilies.php', 'bbcode_ref.php', 'editpost.php', 'newtopic.php',
'reply.php', 'topicadmin.php', 'viewforum.php', and 'searchbb.php'.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By constructing a malicious link which exploits one of these vulnerabilities, it may be possible to execute arbitrary code within the context of a website visited by an unsuspecting user. This may allow a remote attacker to steal cookie-based authentication credentials, which could be used at a later time to hijack a user's web session.

22. Multiple Vendor SSH2 Implementation Null Character Handling Vulnerabilities BugTraq ID: 6410
Remote: Yes
Date Published: Dec 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6410
Summary:

Multiple vendor SSH2 implementations are reported to be prone to issues related to the handling of null characters in strings.

It is reported that malformed data containing null characters may potentially cause conflicts between delimiter-based and length-based strings. These issues may be used to cause unpredictable behavior to occur, such as a denial of service or memory corruption. It is reportedly possible to trigger these conditions prior to authentication.

These conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol.

Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

23. Captaris Infinite WebMail HTML Injection Vulnerability BugTraq ID: 6411
Remote: Yes
Date Published: Dec 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6411
Summary:

Captaris Infinite WebMail is a Web server application that provides HTML access to email stored in SMTP, POP3, and IMAP mail systems. It is available for the Microsoft Windows operating system.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in Infinite WebMail. Due to insufficient sanitization of HTML content it is possible to embed arbitrary script code within an HTML email. The problem occurs in the <p> and <b> HTML tags.

When an unsuspecting user of the vulnerable software views the malicious message, the attacker-supplied code will executed in their web browser in the security context of the webmail system.

This may allow an attacker to steal cookie-based authentication credentials from users of the webmail system. Other attacks are also possible.

24. Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability BugTraq ID: 6412
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6412
Summary:

Multiple archiving utilities are prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames.

By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

Exploitation will vary depending on each vulnerable implementation but generally entails including dot-dot-slash (../) directory traversal sequences followed by a hostile attacker-supplied destination path. Some implementations may not give the user any indication that files will be extracted to an unexpected location.

25. Oracle Startup Script LD_LIBRARY_PATH Vulnerability BugTraq ID: 6414
Remote: No
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6414
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Oracle Database is a commercially available database server.

A problem with the Oracle startup script could lead to arbitrary library attacks. The problem is in the initialization of an environment variable.

The '/etc/profile.d/oracle.sh' script insecurely initializes the LD_LIBRARY_PATH environment variable. Specifically, the script does not properly check whether the environment variable already exists and creates an LD_LIBRARY_PATH with an empty element. When ld is used, it will look for paths to search for in the LD_LIBRARY_PATH environment variable. Any empty elements it finds will be treated as the current directory; any libraries needed by Oracle that are found in the current working directory will be loaded.

An attacker can exploit this vulnerability to trick a user into performing some actions in a directory where a malicious library exists. This may allow an attacker to run arbitary code, contained within the malicious library, with the privileges of the victim user.

26. Linux Kernel 2.2 mmap() Local Denial of Service Vulnerability BugTraq ID: 6420
Remote: No
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6420
Summary:

A denial of service vulnerability has been discovered in the Linux 2.2 kernel. It has been reported that it is possible for an unprivileged user to cause the kernel to stop responding due to a bug in the implementation of mmap().

When a process requests a map of memory which is invalid, a pointer to the buffer is returned. Although the pointer is returned, the mapped page is un-readable by the requesting process. A failure occurs in the kernel when another process attempts to read data at the location of that pointer through a mmap() of that process memory space (/proc/pid/mem). The kernel does not prevent read attempts on this invalid memory and as a result the system hangs. This may be due to a deadlock condition.

It should be noted that this issue does not affect the 2.4 kernel tree. This is because support for mmap() in the /proc/pid/mem implementation has been dropped.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

27. WinRAR Archive Improper File Representation Weakness BugTraq ID: 6422
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6422
Summary:

WinRAR is a compression utility capable of reading and writing files using ZIP, RAR, CAB, ARJ, LZH, TAR, GZ, ACE, UUE, BZ2, JAR, and ISO archives. It is available for the Microsoft Windows Operating system.

WinRAR contains a weakness when displaying the directory traversal sequence '../' to the user when contained in .tar archives. Instead of displaying the '../' sequence, the user interface will display '..'. This could allow a user viewing a .tar archive to believe that the extraction path information contained in the archive is legitimate and can be redistributed to other users.

Passing along such an archive could allow another user to be exploited if their archive extraction utility is vulnerable to the Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability (BID 6412). This issue was originally mentioned in BID 6412 and is now being assigned an individual Bugtraq ID.

28. CPIO Tar Hostile Destination Path Vulnerability BugTraq ID: 6415
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6415
Summary:

cpio is a utility to copy files in and out of cpio and .tar archives. It is maintained by GNU and is available for various Unix and Linux platforms.

cpio is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames.

By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit this condition by specifying a relative extraction path in a malicious .tar that points to sensitive or criticals files, such as system binaries. The cpio utility will not warn the user that the extraction path may be hostile or may overwrite files unexpectedly. However, it is possible for users to inspect the contents of the archive to ensure that files will not be extracted to an unexpected location.

This vulnerability was originally described in BID 6412 "Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability" and is now being assigned an individual Bugtraq ID.

29. ZipMagic Tar Hostile Destination Path Vulnerability BugTraq ID: 6416
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6416
Summary:

ZipMagic is a file compression utility available from Aladdin Systems. It is available for the Microsoft Windows operating system.

A vulnerability has been discovered in Aladdin Systems ZipMagic when handling malicious .tar archives. The problem lies in the handling of pathnames.

By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

An attacker may exploit this condition by specifying a relative extraction path in a malicious .tar that points to sensitive or criticals files, such as system binaries.

This vulnerability was originally described in BID 6412 "Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability" and is now being assigned an individual Bugtraq ID.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

30. WinZip Tar Hostile Destination Path Vulnerability BugTraq ID: 6418
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6418
Summary:

WinZip is an archiving utility for Microsoft Windows platforms.

WinZip is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames.

By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

This issue is present when the "Extract folder names" option is checked in the extraction dialogue, which is the default setting and is used to retain the directory structure when extracting files. An attacker may exploit this condition by specifying a relative extraction path in a malicious .tar that points to sensitive or critical files, such as system binaries.

This vulnerability was originally described in BID 6412 "Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability" and is now being assigned an individual Bugtraq ID.

31. PKZip Tar Hostile Destination Path Vulnerability BugTraq ID: 6419
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6419
Summary:

PKZip is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

An attacker may exploit this condition by specifying a relative extraction path in a malicious .tar that points to sensitive or critical files, such as system binaries.

This issue was reported in PKZip for Microsoft Windows platforms. It is not known if other platforms are also affected.

This issue is similar to the issue described in Bugtraq ID 5933, but affects how .tar archives are handled specifically.

This vulnerability was originally described in BID 6412 "Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability" and is now being assigned an individual Bugtraq ID.

32. Speedproject Squeez Archive Improper Character Display Weakness BugTraq ID: 6417
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6417
Summary:

Speedproject Squeez is a compression utility capable of reading and writing files using ACE, ARJ, BZIP, CAB, GZIP, LZH, RSR, SQX, TAR, UUE, and ZIP formats.

Squeez contains a weakness when displaying the directory traversal sequence '../' to the user when contained in .tar archives. Instead of displaying the '../' sequence, the user interface will display '___'. This could allow a user viewing a .tar archive to believe that the extraction path information contained in the archive is legitimate and can be redistributed to other users.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Passing along such an archive could allow another user to be exploited if their archive extraction utility is vulnerable to the Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability (BID 6412). This issue was originally mentioned in BID 6412 and is now being assigned an individual Bugtraq ID.

33. Speedproject SpeedCommander Archive Improper Character Display Weakness BugTraq ID: 6421
Remote: Yes
Date Published: Dec 17 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6421
Summary:

Speedproject SpeedCommander is a file manager that supports a number of archiving formats.

Speedproject SpeedCommander contains a weakness when displaying the directory traversal sequence '../' to the user when contained in .tar archives. Instead of displaying the '../' sequence, the user interface will display '___'. This could allow a user viewing a .tar archive to believe that the extraction path information contained in the archive is legitimate and can be redistributed to other users.

Passing along such an archive could allow another user to be exploited if their archive extraction utility is vulnerable to the Multiple Vendor Archiving Software Tar Hostile Destination Path Vulnerability (BID 6412). This issue was originally mentioned in BID 6412 and is now being assigned an individual Bugtraq ID.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. DEA Data Thief Sentenced to 27 Months By Kevin Poulsen

Federal agent earned cash on the side with his own information awareness program.

http://online.securityfocus.com/news/1847

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Sysadmin accused of Paine Webber computer sabotage By John Leyden, The Register

A former sysadmin with UBS PaineWebber was indicted yesterday on federal charges of trying to manipulate the stock price of the brokerage's parent company by crippling its computer network.

http://online.securityfocus.com/news/1886

3. SSH flaws sighted
By John Leyden, The Register

Secure shell (SSH) protocol implementations from several vendors are subject to a number of potentially serious security flaws, security clearing house CERT warned earlier this week.

http://online.securityfocus.com/news/1885

4. Macromedia Flash Crash
By John Leyden, The Register

A buffer overrun flaw in Macromedia Flash can be used to inject malicious code into target systems. Potential attackers could try to persuade victims to download maliciously altered versions of Macromedia Flash movies (SWF) but there's still a risk there as crackers are hardly adverse to disguising Trojan code as prOn download or Warez.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/news/1884

IV. SECURITYFOCUS TOP 6 TOOLS

1. Levy v0.3 by Godot godot@linuxmafia.org rELEVANT url: http://muse.linuxmafia.org/levy/ Platforms: Perl (any system supporting perl) Summary:

Levy is a Perl script which generates a basic iptables ruleset based on a given external interface and a set of ports to open. It is designed to save time in creating a skeleton ruleset to work from, though it can construct a fully functional firewall with NAT support.

2. IP Security Validator for Linux v1.0
by alphaWorks
Relevant URL:
http://www.alphaworks.ibm.com/
Platforms: Linux
Summary:

IP Security Validator enables independent evaluation of VPN configurations and quick/autonomous reaction to problems. An offline mode even allows the offline evaluation of traffic that was captured into a file with other tools such as tcpdump or pcapture. This way, traffic collected from non-Linux network nodes can be evaluated o