SecurityFocus Newsletter #180

SecurityFocus Newsletter #180

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Exchange 2000 in the Enterprise: Tips and Tricks Part Two
2. The Curmudgeon's Crystal Ball: Security Predictions for 2003
3. Open Source Honeypots: Learning with Honeyd
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12,2003,Orlando,FL) II. BUGTRAQ SUMMARY
6. Xynph FTP Server Relative Path Directory Traversal Vulnerability
7. BitMover BitKeeper Daemon Mode Remote Command Execution...
8. BitMover BitKeeper Local Temporary File Race Condition...
9. BitMover BitKeeper Local Insecure Temporary File Permissions...
10. YABB SE Reminder.PHP SQL Injection Vulnerability
11. Stunnel Unspecified SIGCHLD Signal Handler Vulnerability
12. phpPass AccessControl.PHP SQL Injection Vulnerability
13. W-Agora Remote File Disclosure Vulnerability
14. mpg123 Invalid MP3 Header Memory Corruption Vulnerability
15. Cyboards PHP Lite Remote File Include Vulnerability
16. Cyboards PHP Lite Multiple Cross Site Scripting Vulnerabilities
17. Solaris UUCP Local Buffer Overflow Vulnerability
18. Symantec Norton Internet Security ICMP Packet Flood Denial Of...
19. Geeklog Profiles.PHP Multiple Cross-Site Scripting...
20. Geeklog Users.PHP Cross-Site Scripting Vulnerability
21. Geeklog Comment.PHP Cross-Site Scripting Vulnerability
22. Geeklog Homepage User Field HTML Injection Vulnerability
23. vAuthenticate Remote SQL Injection Vulnerability
24. vSignup Remote SQL Injection Vulnerability
25. Psunami Bulletin Board Psunami.CGI Remote Command Execution...
26. D-Link DWL-900AP+ Firmware Upgrade Configuration Reset...
27. HTML Forms Generation And Validation Forms.PHP HTML Injection...
28. Trend Micro OfficeScan CGI Directory Insufficient Permissions...
29. Trend Micro Virus Control System Denial Of Service Vulnerability
30. Trend Micro Virus Control System Information Disclosure... III. SECURITYFOCUS NEWS ARTICLES
31. Rumsfeld orders .mil Web lockdown
32. MS seeks malware, bust phones after SPV security crack
33. Discarded computer hard drives prove a trove of personal info
34. BBC in ironic virus infection IV. SECURITYFOCUS TOP 6 TOOLS
35. ForceSQL v2.0
36. SMAC v1.0
37. Active@ File Recovery v2.0
38. NBTdeputy v1.0
39. APD v1
40. mysql_auth v0.5
41. SECURITYJOBS LIST SUMMARY
42. Senior Identity Manager - Cleveland, Ohio (Thread)
43. Policy, Procedure, and Compliance Senior Manager - Cleveland...
44. Vulnerability Manager (Thread)
45. Senior Enterprise Security Manager position in PA (Thread)
46. Security Engineer (Thread)
47. WANTED - Senior Sales Exec - New York (Tri-State Area) (Thread)
48. Vice President of Business Development (Thread)
49. Security System Engineer - Baltimore/Washington DC (Thread)
50. Security Engineer -- San Diego (Thread)
51. Senior Security Engineer - Baltimore/Wshington DC (Thread)
52. Seeking information security opportunity in - CA/ LA (CISSP)...
53. Lead Business Development/Security Consultant(s) - UK (Thread)
54. Seeking Information Security employment (Thread)
55. Senior Federal Territory Manager (Thread)
56. Information Security Analyst (Thread)
57. IDS Signature Engineer needed now! (revised) (Thread)
58. IDS Signature Engineer needed now! (Thread)
59. Security Position with Bristol-Myers Squibb-Hopewell-NJ (Thread)
60. Seeking internship or entry-level position (Thread)
61. Looking for a security based role (no expierence) (Thread)
62. @stake Employment in Seattle (Thread)
63. Looking for security job opportunity in Northern... VI. INCIDENTS LIST SUMMARY
64. Hacked web server (Thread)
65. Virus? Trojan? (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
66. NO NEW POSTS FOR THE WEEK ENDING 01.17.03 VIII. MICROSOFT FOCUS LIST SUMMARY
67. AD replication over WAN (Thread)
68. SecurityFocus Microsoft Newsletter #120 (Thread)
69. AD replication (Thread)
70. Understaing Event Details in Windows NT (Thread)
71. FW: AD replication over WAN (Thread) IX. SUN FOCUS LIST SUMMARY
72. NO NEW POSTS FOR THE WEEK ENDING 01.17.03
73. LINUX FOCUS LIST SUMMARY
74. How to build CD with chkrootkit on it? (Thread) XI. SPONSOR INFORMATION
75. FRONT AND CENTER

    ---

76. Exchange 2000 in the Enterprise: Tips and Tricks Part Two By Tim Mullen

This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. In the first part, we finished up building a messaging infrastructure that handled many of the issues mail administrators must contend with. This segment will address the security ramifications of publishing mail content to the Internet via Outlook Web Access.

http://online.securityfocus.com/infocus/1658

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. The Curmudgeon's Crystal Ball: Security Predictions for 2003 By Richard Forno

As we ring in the new year, it's in with the new and out with the old. Or is it? Our fearless forecaster thinks not.

http://online.securityfocus.com/columnists/135

3. Open Source Honeypots: Learning with Honeyd by Lance Spitzner

Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd.

http://online.securityfocus.com/infocus/1659

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Xynph FTP Server Relative Path Directory Traversal Vulnerability BugTraq ID: 6587 Remote: Yes Date Published: Jan 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6587 Summary:

Xynph FTP Server is a shareware FTP server available for Microsoft Windows operating systems.

A problem in Xynph FTP Server may allow a remote user to gain access to unauthorized resources.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with the handling of input has been reported in Xynph FTP Server. Under some circumstances, it may be possible for a remote user to escape the FTP root directory using relative path notation. This could allow unauthorized access to systems using the vulnerable software.

It should be noted that this problem may allow an attacker to download arbitrary files on the vulnerable system. Additionally, the attacker would be able to access any files on the system to which the FTP server has access rights, which may be run with SYSTEM privileges in some configurations.

2. BitMover BitKeeper Daemon Mode Remote Command Execution Vulnerability BugTraq ID: 6588
Remote: Yes
Date Published: Jan 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6588
Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make remote command execution possible.

It has been reported that BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute abitrary commands.

The program does not properly filter single quotes. As a result, commands contained between quotes will be executed on the host running the vulnerable software. Any commands executed between quotes will be executed with the privileges of the BitKeeper daemon process.

3. BitMover BitKeeper Local Temporary File Race Condition Vulnerability BugTraq ID: 6589
Remote: No
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6589
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make local symbolic link attacks possible.

It has been reported that BitKeeper is vulnerable to a race condition error. Under some circumstances, BitKeeper creates files in the temporary directory. However, it may be possible to create a symbolic link in a crucial point of program execution that would result in the overwriting of files at the end of the link.

The program does not properly open the temporary file. Rather than performing the check and opening the file all in one function, the program first checks, then in a seperate function opens the file. This creates a window of attack that could result in the overwriting of files that are write-accessible to the BitKeeper process.

4. BitMover BitKeeper Local Insecure Temporary File Permissions Vulnerability BugTraq ID: 6590
Remote: No
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6590
Summary:

BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with BitKeeper may make the destruction or injection of information possible.

It has been reported that BitKeeper insecurely creates temporary files. Under some circumstances, BitKeeper creates files in the temporary directory. However, these files are created with world-writable permissions, which may allow the removal of these files, or injection of data into them.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. YABB SE Reminder.PHP SQL Injection Vulnerability BugTraq ID: 6591
Remote: Yes
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6591
Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for Unix, Linux, and Microsoft Operating Systems.

A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks.

It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user.

This problem may allow a remote user to change the password of the administrative user of an instance of YaBB SE. It may also allow a remote user to gain other information from SQL databases used to backend YaBB SE.

6. Stunnel Unspecified SIGCHLD Signal Handler Vulnerability BugTraq ID: 6592
Remote: No
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6592
Summary:

Stunnel is a freely available, open source cryptography wrapper. It is designed to wrap arbitrary protocols that may or may not support cryptography. It is maintained by the Stunnel project.

A vulnerability has been reported for Stunnel. The vulnerability exists in the SIGCHLD signal handling routine. Reportedly, some functions in the signal handler are used in an unsafe manner.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

This vulnerability has been reported to affect Stunnel versions prior to 4.04.

7. phpPass AccessControl.PHP SQL Injection Vulnerability BugTraq ID: 6594
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6594
Summary:

phpPass is a system that allows restrictions to web pages. It is implemented in PHP and is available for a variety of platforms.

A problem with phpPass may allow an attacker to launch a SQL injection attack.

The vulnerability exists in the accesscontrol.php script included with phpPass. Due to insufficient sanitization of user-supplied input, it is possible for a remote user to inject arbitrary SQL into the database used by a vulnerable site. This may allow an attacker to view pages that would normally be restricted.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for phpPass 2. It is not known whether other versions are affected.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. W-Agora Remote File Disclosure Vulnerability BugTraq ID: 6595
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6595
Summary:

W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems.

A file disclosure vulnerability has been reported for W-Agora. Reportedly, some scripts included with W-Agora do not adequately sanitize some user-supplied input. The vulnerability was reported to exist in the index.php and modules.php script files.

An attacker can construct a URL consisting of dot-dot-slash (../) character sequences to obtain access to files outside of the document root. It should be noted that only files accessible by the web server will be disclosed to the attacker.

Exploitation of this vulnerability may lead to disclosure of sensitive information that may be useful in mounting further attacks on the host system.

This vulnerability affects W-Agora 4.1.5.

9. mpg123 Invalid MP3 Header Memory Corruption Vulnerability BugTraq ID: 6593
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6593
Summary:

mpg123 is a MPEG audio player for Linux variant operating systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A memory corruption vulnerability has been reported for mpg123 that may result in code execution.

The vulnerability exists when mpg123 is used to play certain MP3 files. Specifically, when playing MP3 files with malformed or overly large headers, it may be possible to cause mpg123 to execute malicious attacker-supplied code.

The file common.c defines MAX_INPUT_FRAMESIZE to a value of 1920 bytes. An attacker can exploit this vulnerability by creating a malicious MP3 file that contains headers consisting of greater than 1920 bytes. When mpg123 is used to play this corrupted MP3 file, it will trigger the buffer overflow condition. Any attacker supplied code will be executed with the privileges of the mpg123 process.

This vulnerability has been reported to affect mpg123pre0.59s.

1. Cyboards PHP Lite Remote File Include Vulnerability BugTraq ID: 6597 Remote: Yes Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6597 Summary:

A vulnerability has been discovered in Cyboards PHP Lite. Due to insufficient sanitization of user-supplied variables by the
'default_header.php' and 'options_form.php' scripts, it is possible for a
remote attacker to include a malicious PHP file in a URL.

By placing a script on an attacker-controlled host and mimicking the name and directory structure of the server, it is possible to cause a vulnerable server to include the file.

It may be possible to exploit this issue to execute arbitrary commands with the privileges of the target server.

1. Cyboards PHP Lite Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 6596 Remote: Yes Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6596 Summary:

Multiple cross site scripting vulnerabilities have been discovered in Cyboards PHP Lite. These issues occur due to insufficient validation of user supplied values.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running Cyboards PHP Lite.

This issue affects the following PHP scripts:

include/default_header.php
include/options_form.php
adminopts/login_form.php
adminopts/include/ban_form.php
adminopts/include/board_form.php

This issue could be exploited to steal a legitimate users cookie-based authentication credentials. Information gained in this manner could be later used to hijack a legitimate users web session.

1. Solaris UUCP Local Buffer Overflow Vulnerability BugTraq ID: 6600 Remote: No Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6600 Summary:

UUCP is the Unix-to-Unix Copy Protocol infrastructure, implmented with numerous Unix and Unix clone operating systems.

A vulnerability has been discovered in the Solaris implementation of UUCP. The problem is due to insufficient bounds checking of user-supplied filenames. By passing excessive data as an argument for the '-s' command line parameter it is possible to trigger a buffer overflow. By exploiting this issue to overwrite sensitive locations in memory, it may be possible for an attacker to execute arbitrary code.

As UUCP is installed setuid root this would result in the execution of attacker-supplied commands with the privileges of the superuser.

1. Symantec Norton Internet Security ICMP Packet Flood Denial Of Service Vulnerability BugTraq ID: 6598 Remote: Yes Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6598 Summary:

Symantec Norton Internet Security is a suite of commercial security utilities including Norton Personal Firewall and Norton Antivirus.

Symantec Norton Internet Security 2003 is reported to be prone to a denial of service condition.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It is possible to trigger this condition by sending an excessive (approximately 65500 or more) number of ICMP packets to a host running Norton Internet Security. This may cause a denial of service and possible system instability.

For this issue to be present, the software must be configured to allow ICMP packets and the firewall must be enabled.

It is not known if earlier versions of the software are also affected by this vulnerability.

1. Geeklog Profiles.PHP Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 6601 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6601 Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

1. Geeklog Users.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6602 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6602 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to a cross-site scripting vulnerability in the
'users.php' script.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

1. Geeklog Comment.PHP Cross-Site Scripting Vulnerability BugTraq ID: 6603 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6603 Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to a cross-site scripting vulnerability in the
'comment.php' script.

This issue is due to insufficient sanitization of input submitted in URI parameters. This input will be displayed in webpages generated by Geeklog. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client in the security context of the site hosting Geeklog.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

1. Geeklog Homepage User Field HTML Injection Vulnerability BugTraq ID: 6604 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6604 Summary:

Geeklog is freely available, open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is prone to HTML injection attacks.

The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field when editing their user information. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.

1. vAuthenticate Remote SQL Injection Vulnerability BugTraq ID: 6605 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6605 Summary:

vAuthenticate is an authentication script that uses PHP and MySQL. It is available for the Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered in vAuthenticate. It has been reported that the 'auth.php' fails to sufficiently sanitize user-supplied variables, making various PHP files prone to SQL injection attacks. This may make it possible for an unauthorized to access protected documents. The 'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for vAuthenticate 2.8.

1. vSignup Remote SQL Injection Vulnerability BugTraq ID: 6606 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6606 Summary:

vAuthenticate is an authentication script that uses PHP and MySQL. It is available for the Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered in vSignup. It has been reported that the 'auth.php' fails to sufficiently sanitize user-supplied variables, making various PHP files prone to SQL injection attacks. This may make it possible for an unauthorized to access protected documents. The
'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

This vulnerability was reported for vSignup 2.1.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

20. Psunami Bulletin Board Psunami.CGI Remote Command Execution Vulnerability BugTraq ID: 6607
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6607
Summary:

Psunami is bulletin board software. It is implemented in Perl and is available for Unix and Linux variants.

Psunami Bulletin Board is prone to a remote command execution vulnerability. This issue is present in the 'psunami.cgi' script.

Psunami does not sufficiently sanitize shell metacharacters from query strings. Input supplied via the 'topic' URI parameter will be passed to a Perl open() call. As a result, it may be possible for a remote attacker to execute arbitrary commands in the context of the webserver process.

A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

21. D-Link DWL-900AP+ Firmware Upgrade Configuration Reset Vulnerability BugTraq ID: 6609
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6609
Summary:

The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of speeds up to 22Mbps. A vulnerability has been discovered in the DWL-900AP+. The D-Link AirPlus Access Point Manager is used for various adminstrative tasks including firmware upgrades. It has been reported that upgrading the DWL-900AP+ firmware with this software will cause all configuration settings to be reset to factory defaults.

This poses as a security risk as an unknowing user may upgrade there device and leave their device accessible with a publically known adminstrator password.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

22. HTML Forms Generation And Validation Forms.PHP HTML Injection Vulnerability BugTraq ID: 6608
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6608
Summary:

The HTML Forms Generation And Validation package is a freely available, open source PHP package. It is written and maintained by Manuel Lemos.

A problem with HTML Forms Generation And Validation could make HTML injection attacks possible.

It has been reported that the forms.php component of HTML Forms Generation And Validation does not properly check input. Because of this, an attacker could potentially launch HTML injection attacks indirectly via form fields.

This may allow for malicious script code to be inadvertently executed in the browser of a user who views pages which include attacker-supplied HTML and script code.

23. Trend Micro OfficeScan CGI Directory Insufficient Permissions Vulnerability BugTraq ID: 6616
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6616
Summary:

Trend Micro OfficeScan is an enterprise-level centrally managed antivirus solution.

A vulnerability has been reported for Trend Micro OfficeScan that may allow attackers to access programs residing in the cgi directory of the OfficeScan installation.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by making a request to any programs in the 'cgi' directory by a HTTP request. Some of these programs, such as the 'cgiChkMasterPwd.exe', allow an attacker to access OfficeScan's pages with administrative access. This may allow an attacker to modify or disable OfficeScan functionality.

24. Trend Micro Virus Control System Denial Of Service Vulnerability BugTraq ID: 6617
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6617
Summary:

Trend Micro Virus Control System (TVCS) is a Web based management system that allows administrators to configure, monitor and maintain anti-virus programs on a network.

A denial of service vulnerability has been reported for TVCS. The vulnerability occurs when numerous requests for 'activesupport.exe' are made.

An attacker can exploit this vulnerability by making a request for the
'/tvcs/activesupport.exe' service. This will result in the web server
failing to respond for a limited period of time. Subsequent requests will ensure that the web server will fail to respond for an indefinite period of time.

This vulnerability has been reported to affect older versions of Trend Micro TVCS. The TVCS system has been replaced by TMCM (Trend Micro Control Manager) which is reportedly not vulnerable to this issue.

25. Trend Micro Virus Control System Information Disclosure Vulnerability BugTraq ID: 6618
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6618
Summary:

Trend Micro Virus Control System (TVCS) is a Web based management system that allows administrators to configure, monitor and maintain anti-virus programs on a network.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An information disclosure vulnerability has been reported for TVCS. Reportedly, it is possible for an attacker to access the log files generated by TVCS. The log files contain very sensitive information about the system, including user names and passwords.

Any information obtained in this manner may be used by an attacker to launch further destructive attacks against a system.

This vulnerability has been reported to affect older versions of Trend Micro TVCS. The TVCS system has been replaced by TMCM (Trend Micro Control Manager) which is reportedly not vulnerable to this issue.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Rumsfeld orders .mil Web lockdown By Kevin Poulsen

The defense secretary cites an al Qaeda training manual in ordering the armed services to strip official Web sites of information that could aid the enemy.

http://online.securityfocus.com/news/2062

2. MS seeks malware, bust phones after SPV security crack By John Lettice, The Register

A quite bizarre CNET report reveals that Microsoft's Security Response Center began investigations into the circumvention of security on the SPV smartphone on Tuesday, searching - so says CNET, anyway - for reports of rogue programs on the network and damaged phones.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/news/2059

3. Discarded computer hard drives prove a trove of personal info By Justin Pope, The Associated Press

So, you think you cleaned all your personal files from that old computer you got rid of? Two graduate students at the Massachusetts Institute of Technology suggest you think again.

http://online.securityfocus.com/news/2055

4. BBC in ironic virus infection
By John Leyden, The Register

The BBC fell victim to the latest variant of the ExploreZip worm, and a certain amount of hubris, last week.

http://online.securityfocus.com/news/2052

IV. SECURITYFOCUS TOP 6 TOOLS

1. ForceSQL v2.0 by Network Intelligence India Pvt. Ltd. Relevant URL: http://www.nii.co.in/tools.html Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

forceSQL is a password auditing tool for MS SQL Servers. It audits accounts by guessing passwords on SQL Databases. It uses both brute-force and dictionary attacks. It works much faster than other such tools because it bypasses the SQL ODBC API and talks directly to the network layer by constructing its own login packets.

2. SMAC v1.0
by KLC Consulting Security Team
Relevant URL:
http://www.klcconsulting.net/smac/
Platforms: Windows 2000, Windows XP
Summary:

SMAC is a free GUI tool, which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems, whether the manufactures allow this option or not.

SMAC does not change the hardware burned-in MAC addresses. It is not necessary. SMAC changes the "software based" MAC addresses on the Windows 2000 & XP systems, and the new MAC addresses you change will sustain from the reboots.

3. Active@ File Recovery v2.0
by Active@ Data Recovery Services
Relevant URL:
http://www.file-recovery.net/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

Active@ File Recovery is a powerful software utility, designed to restore accidentally deleted files and directories. It allows you to recover files that have been deleted from the Recycle Bin, as well as those deleted after avoiding the Recycle Bin (e.g. Shift-Delete).

4. NBTdeputy v1.0
by urity urity@securityfriday.com
Relevant URL:
http://www.securityfriday.com/ToolDownload/NBTdeputy/nbtdeputy_doc.html Platforms: Windows 2000
Summary:

NBTdeputy register a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. NBTdeputy helps to resolve IP address from NetBIOS computer name. It's similar to Proxy ARP.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. APD v1
by teknop
Relevant URL:
http://apd.sourceforge.net/
Platforms: POSIX
Summary:

APD is an promiscuous node detection tool which uses ARP packets to determine whether or not a host is in promiscuous mode. This project is based of the work of securityfriday.

6. mysql_auth v0.5
by HEGEDUS, Ervin
Relevant URL:
http://people.fsn.hu/~airween/mysql_auth/ Platforms: UNIX
Summary:

mysql_auth is a basic authenticator for Squid Proxy. You can configure all MySQL variables for your existing user/password database (dbhost, dbadmin, dbpasswd, dbname, tablename, columns name), or create a new database. It includes a utility called mypasswd that updates your database.

V. SECURITY JOBS SUMMARY

1. Senior Identity Manager - Cleveland, Ohio (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306912

2. Policy, Procedure, and Compliance Senior Manager - Cleveland, Ohio (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306914

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Vulnerability Manager (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/306920

4. Senior Enterprise Security Manager position in PA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306906

5. Security Engineer (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/306954

6. WANTED - Senior Sales Exec - New York (Tri-State Area) (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306743

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Vice President of Business Development (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306739

8. Security System Engineer - Baltimore/Washington DC (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306775

9. Security Engineer -- San Diego (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306731

1. Senior Security Engineer - Baltimore/Wshington DC (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306507

1. Seeking information security opportunity in - CA/ LA (CISSP) (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306492

1. Lead Business Development/Security Consultant(s) - UK (Thread) Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/77/306666

1. Seeking Information Security employment (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306443

1. Senior Federal Territory Manager (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306354

1. Information Security Analyst (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306353

1. IDS Signature Engineer needed now! (revised) (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306352

1. IDS Signature Engineer needed now! (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306173

1. Security Position with Bristol-Myers Squibb-Hopewell-NJ (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306308

1. Seeking internship or entry-level position (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306144

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

20. Looking for a security based role (no expierence) (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306194

21. @stake Employment in Seattle (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306101

22. Looking for security job opportunity in Northern California/Central Valley. (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/306100

VI. INCIDENTS LIST SUMMARY

1. Hacked web server (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/306624

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Virus? Trojan? (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/306370

VII. VULN-DEV RESEARCH LIST SUMMARY

1. NO NEW POSTS FOR THE WEEK ENDING 01.17.03

1. AD replication over WAN (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/306896

2. SecurityFocus Microsoft Newsletter #120 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/306905

3. AD replication (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/306717