SecurityFocus Newsletter #181

SecurityFocus Newsletter #181

This newsletter is sponsored by: SPI Dynamics <http://www.spidynamics.com/>

ALERT: SQL Injection Attacks via Port 80 and 443! It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.spidynamics.com/mktg/sqlinjection18

I. FRONT AND CENTER

1. SunScreen, Part One: An Overview of the Sun Microsystem Firewall
2. The Turkey that Bites
3. The Canary in the Data Mine
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12,2003,Orlando,FL) II. BUGTRAQ SUMMARY
6. Sambar Server results.stm Cross Site Scripting Vulnerability
7. MyRoom save_item.php Arbitrary File Upload Vulnerability
8. PHPMyPub Unauthorized Administrative Access Vulnerability
9. PeopleSoft XML External Entity Remote File Disclosure...
10. Multiple FTP Server Virtual User File Removal Vulnerability
11. CVS Directory Request Double Free Heap Corruption Vulnerability
12. Nite Server FTPD File Disclosure Vulnerability
13. ModLogAn Remote Heap Corruption Vulnerability
14. Blackboard Learning System search.pl SQL Injection Vulnerability
15. MTink Printer Status Monitor Environment Variable Buffer..
16. ESCPUtil Local Printer Name Buffer Overflow Vulnerability
17. Apache Web Server MS-DOS Device Name Arbitrary Code Execution...
18. Apache Web Server Illegal Character HTTP Request File...
19. Apache Web Server MS-DOS Device Name Denial Of Service...
20. Apache Web Server Default Script Mapping Bypass Vulnerability
21. WinRAR Archive File Extension Buffer Overrun Vulnerability
22. YABB SE Packages.PHP Remote File Include Vulnerability
23. Microsoft Windows Locator Service Buffer Overflow Vulnerability
24. Microsoft Content Management Server Cross-Site Scripting...
25. Microsoft Outlook 2002 V1 Exchange Server Security Certificate...
26. Rediff Bol URL Handling Denial Of Service Vulnerability
27. ZyXEL DSL Modem Default Remote Administration Password...
28. Kodak KCMS KCS_OPEN_PROFILE Procedure Arbitrary File Access...
29. PHPOutsourcing Zorum Remote Include Command Execution...
30. Palm HotSync Manager Remote Denial of Service Vulnerability
31. Microsoft Windows MSGINA.DLL Read-Lock Denial Of Service...
32. YaBB SE News.PHP Remote File Include Vulnerability
33. EditTag edittag.pl File Disclosure Vulnerability
34. slocate Local Buffer Overrun Vulnerability III. SECURITYFOCUS NEWS ARTICLES
35. UK WHOIS service suspended after rogue attack
36. NTL sacks 'hacker' for 'gross misconduct'
37. Gates Pledges Better Software Security IV. SECURITYFOCUS TOP 6 TOOLS
38. RubyFilter v0.9
39. radmind v0.9.3
40. BENIDS v0.1.3
41. JMap Port Scanner v0.2
42. IMAP Spam Begone v0.96
43. spamstats v0.3b
44. SECURITYJOBS LIST SUMMARY
45. Internship (Thread)
46. Seeking: Network Security Engineer - Herndon, VA - USA (Northern
47. Common Criteria Security Engineer position in VA (Thread)
48. POSITION: Security Specialist - CA (Thread)
49. POSITION: Information Security Consultant - CA (Thread)
50. Sales Support / Tactical Marketing Position (Boston, MA) (Thread)
51. Inside Sales Position (Boston, MA) (Thread)
52. Seeking Entry Level Security Position (fwd) (Thread)
53. Network Security Analyst (Univ. of Texas@Austin) (Thread)
54. Federal Account Manager (Thread)
55. UI Designer/Wireless Developer for Enterprise Firewall in...
56. Sr. Java Developer and SE/QA Engineer in No Va. (Thread)
57. SECURITY SPECIALIST in Kearneysville, WV (Thread)
58. Security Engineer needed in the UK (Thread)
59. I'm looking for a job (Thread)
60. Director of Product Marketing (Entercept) (Thread)
61. Seeking Entry Level Security Position (Thread)
62. DOD Federal Sr.Account Manager - WASHINGTON, D.C. (Thread)
63. ACCOUNT MANAGER - Security Sales ** ATLANTA (Thread)
64. Director of Professional Services (Application Security) (Thread)
65. [Fwd: [Snort-users] For anyone looking for employment...]...
66. Technical Marketing Engineer, San Jose, CA (Thread)
67. Security Sales Positions with Tenable Network Security (Thread)
68. Security Product Developer Positions with Tenable Network ...
69. Visual Basic + ASP Senior Developer Central London (Thread)
70. Need Security Computer Scientist w/clearance (Thread)
71. Practice Manager (Thread)
72. looking for entry level position in security. (Thread)
73. Looking for some advice (Thread)
74. Orlando CISSP Seeking Management or Auditing (Thread) VI. INCIDENTS LIST SUMMARY
75. strange attacks - flood udp packets from 1030 to msql (Thread)
76. udp/1434 (Thread)
77. strange traffic (Thread)
78. MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! (Thread)
79. New MS SQL Server Worm (Thread)
80. Increased activity on UDP/1434 (Thread)
81. Is anyone else seeing a real heavy incrase in TCP/1434? (Thread)
82. New Web Hack? (Thread)
83. Hacked web server (Thread)
84. SNMP Weirdness (Thread)
85. Paypal.com hosting IRC server, possible hack? (Thread)
86. SGI.com hosts HACKED and being abused by scriptkiddies on IRC...
87. New spam-probing wave? (Thread)
88. mIRC Zombie, port 445 (Thread)
89. unusual http access in proxy log (Thread)
90. Odd Shares showing up on workstations (Thread)
91. Openbsd 3.2 wtmp delay and named backdoor (Thread)
92. Strange Apache logs - maybe DDOS? (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
93. SQL Sapphire Worm Analysis (Thread)
94. Administrivia: New Moderators (Thread)
95. What to do with a vulerability? (Thread)
96. Assorted Trend Vulns Rev 2.0 (Thread)
97. ColdFusion session id analysis - help wanted (Thread)
98. Need help w/ Dell Windows security issue (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
99. Attacking EFS through cached domain logon credentials (Thread)
100. At.exe Service Account - scripted or registry? (Thread)
101. Win2k log management (Thread)
102. AD replication over WAN (Thread)
103. Securing IIS/5 with ASP (Thread)
104. w2k server compromised (Thread)
105. Bypass Traverse Checking? (Thread)
106. Stopping Admin Alert SPAM (Thread)
107. Fw: Bypass Traverse Checking? (Thread)
108. SecurityFocus Microsoft Newsletter #121 (Thread)
109. Has this been exploited in a known virus yet? (Thread) IX. SUN FOCUS LIST SUMMARY
110. NO NEW POSTS FOR THE WEEK ENDING 01.26.03
111. LINUX FOCUS LIST SUMMARY
112. Secure Web-Based Administration (Thread) XI. SPONSOR INFORMATION
113. FRONT AND CENTER

     ---

114. SunScreen, Part One: An Overview of the Sun Microsystem Firewall By Ido Dubrawsky

SunScreen is Sun Microsystem's firewall that runs under the Solaris operating system. It provides for packet filtering, authentication and data encryption as well as the creation of IPsec-based VPNs. This article is the first of a two-part series that will offer a brief overview of the implementation and administration of SunScreen.

http://online.securityfocus.com/infocus/1660

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. The Turkey that Bites
By Jon Lasser

With last week's RIAA worm hoax, the scallywags at Gobbles raised security advisories to subversive performance art.

http://online.securityfocus.com/columnists/137

3. The Canary in the Data Mine
By Mark Rasch

At the turn of the century just past, mining companies would use a brightly colored bird in the mine shaft to protect the lives of citizens. These canaries were more sensitive to the foul, noxious and deadly but invisible vapors that would otherwise threaten the lives of the mine shaft workers. When the canaries died, the miners would know an invisible threat existed.

http://online.securityfocus.com/columnists/136

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today&#x2019;s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Sambar Server results.stm Cross Site Scripting Vulnerability BugTraq ID: 6643 Remote: Yes Date Published: Jan 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6643 Summary:

Sambar Server is a multi-threaded web server which will run on Microsoft Windows 9x/ME/NT/2000 operating systems.

Sambar Server does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by manipulating URI parameters in the results.stm page to include malicious HTML code. Any attacker-supplied code will be executed within the context of the website running Sambar Server.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials.

This vulnerability was reported for Sambar Server 5.3 and earlier.

2. MyRoom save_item.php Arbitrary File Upload Vulnerability BugTraq ID: 6644
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6644
Summary:

MyRoom is an online item management system implemented in PHP. It is available for a variety of platforms including Linux variant operating systems and Microsoft Windows.

A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system.

Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. The room/save_item.php script has been reported to be vulnerable to this issue.

Specifically, the script only checks to see whether the file to be uploaded is an image file. As such, any file that includes the allowed extensions may be uploaded. Any uploaded files will be stored in the
'img/photo' folder.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

This vulnerability was reported for MyRoom 3.5 GOLD.

3. PHPMyPub Unauthorized Administrative Access Vulnerability BugTraq ID: 6645
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6645
Summary:

PHPMyPub is a collection of PHP scripts designed to manage a publicity campaign.

A problem with PHPMyPub may allow unauthorized users to obtain administrative access to a site hosting PHPMyPub.

The vulnerability exists due to inadequate checks performed by the script. Specifically, the admin/index.php script does not verify the authenticity of cookie information.

An attacker can exploit this vulnerability by manipulating a cookie named
'adminpub' with a non-zero value. This will allow an attacker to obtain
administrative access to the site hosting PHPMyPub.

This vulnerability was reported for PHPMyPub 1.2.0.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. PeopleSoft XML External Entity Remote File Disclosure Vulnerability BugTraq ID: 6647
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6647
Summary:

PeopleSoft includes the Administration Gateway which is a java servlet designed to administer the Application Messaging Gateway. The Administration servlet is accessible to all users by default. The servlet can be used to add data handlers to PeopleSoft.

A vulnerability has been discovered in the PeopleSoft Application Messaging Gateway when the SimpleFileHandler handler has been added. The issue occurs due to insufficient XML sanitization.

When an HTTP POST request is made to a PeopleSoft server implementing the SimpleFileHandler, XML data can be included which will later be parsed and used in a response by the server. It is possible to include an XML external entity within the XML fields sent by a user. Through this method, it may be possible for an attacker to specify an arbitrary system file to be returned within the XML fields of the server's response.

Information obtained through the exploitation of this vulnerability may aid an attacker in launching further attacks against a target server. It has been reported that under certain circumstances it may be possible to open arbitrary TCP connections through the affected servlet.

5. Multiple FTP Server Virtual User File Removal Vulnerability BugTraq ID: 6649
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6649
Summary:

A problem has been reported in some FTP servers that may allow users to circumvent file permissions.

Under some circumstances, it may be possible for users to remove files that have been placed in an FTP archive by other users. A file placed by one user may be delete by another user with insufficient permissions, though the target file may not be overwritten. This problem has been reported to occur in the instance of the virtual user feature of FTP servers being used on Solaris systems.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This problem has been reported to affect both NCFTPD and ProFTPD. Exploitation of this issue may result in the destruction of data.

6. CVS Directory Request Double Free Heap Corruption Vulnerability BugTraq ID: 6650
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6650
Summary:

CVS is the concurrent versioning system. CVS is a freely available, open source software development package for the Unix, Linux, and Microsoft Windows platforms.

CVS is prone to a double free vulnerability in Directory requests. Malformed Directory requests may potentially cause dynamically allocated memory to be de-allocated twice, using the free() function.

An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code in the security context of the CVS server.

7. Nite Server FTPD File Disclosure Vulnerability BugTraq ID: 6648
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6648
Summary:

Nite Server is a FTP server for Microsoft Windows platforms.

Nite Server is prone to a file disclosure vulnerability. User-supplied input is not sufficiently filtered from FTP commands. As a result, it is possible for remote FTP users to break out of the FTP root directory by issuing a 'cd' (change directory) request containing directory traversal sequences.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Any system files which are readable by the FTP server may potentially be disclosed to a malicious FTP user who exploits this vulnerability. The FTP server will typically run with SYSTEM privileges on Windows.

This issue was reported in Nite Server 1.83. Earlier versions may also be affected.

8. ModLogAn Remote Heap Corruption Vulnerability BugTraq ID: 6652
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6652
Summary:

ModLogAn is a modular logfile analyzer which parses logfiles generated by several server types including HTTP and FTP. It is available for the Unix and Linux operating systems.

A vulnerability has been discovered in ModLogAn. The problem occurs when attempting to decode a URL with the url_decode() function. When the url_decode() function detects a percentage character ('%') in a URL, it incorrectly presumes that the following 2 bytes will represent a hexadecimal encoded value. After this assumption is made the length counter (for the size of the decoded string) is reduced by two. If the URL contains values after the percentage character which are not hexadecimal, the URL data may be larger than the buffer allocated for the decoded string.

By generating a malicious log entry containing a URL with excessive percentage characters designed to trigger to the issue, it may be possible for an attacker to corrupt heap memory.

Exploiting this issue to overwrite a malloc() header may make it possible to overwrite an arbitrary word in memory when the corrupted chunk is freed. This may result in arbitrary attacker-supplied instructions being executed with the privileges of the ModLogAn process.

9. Blackboard Learning System search.pl SQL Injection Vulnerability BugTraq ID: 6655
Remote: Yes
Date Published: Jan 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6655
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Blackboard Learning system is a suite of software products available for Microsoft Windows, Linux and Solaris servers that power an "e-Education Infrastructure" for education providers.

Blackboard Learning System, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database.

This vulnerability was reported to exist in the search.pl script file (the address book search feature). A remote attacker can exploit this vulnerability to brute-force user accounts. It may also be possible to conduct other attacks, such as executing stored procedures and exploiting vulnerabilities in the database server.

This vulnerability was reported for Blackboard Learning System 5.5.1,level 1 and 2. Previous releases may also be affected.

1. MTink Printer Status Monitor Environment Variable Buffer Overflow Vulnerability BugTraq ID: 6656 Remote: No Date Published: Jan 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6656 Summary:

mtink is a printer status monitor for Linux operating systems. It is used to monitor ink quantity, negotiate changing and cleaning of ink cartridges, etc.

mtink is prone to a locally exploitable buffer overflow condition. This is due to insufficient bounds checking of the $HOME environment variable. An attacker may take advantage of this issue to corrupt sensitive regions of memory, such as stack variables, with attacker-supplied values. This may result in execution of arbitrary attacker-supplied code.

mtink is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this issue may be exploited to execute arbitrary code with elevated privileges. Other distributions may also be affected if mtink is installed or runs with elevated privileges.

1. ESCPUtil Local Printer Name Buffer Overflow Vulnerability BugTraq ID: 6658 Remote: No Date Published: Jan 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6658 Summary:

escputil is a freely available, open source print driver for the Linux operating system. It is publicly maintained.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that a buffer overflow in escputil exists.

This problem is due to insufficient bounds checking on the values supplied as arguments of the -P command line parameter. It is possible for a malicious local user to corrupt sensitive regions of memory with attacker-supplied values.

escputil is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this issue may be exploited to execute arbitrary code with elevated privileges. Other distributions may also be affected if the utility is installed or runs with elevated privileges.

It should also be noted that this program is included with a number of other packages for printing on Linux systems.

1. Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability BugTraq ID: 6659 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6659 Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in Apache Web server for Microsoft Windows 9x/Me operating environments. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, the issue exists due to the way some CGI input is redirected when the ScriptAlias directive is enabled.

The ScriptAlias directive is used to map between URLs and paths residing outside of the DocumentRoot. This directive also enables the target directory as containing only CGI scripts.

An attacker can exploit this vulnerability by making a malformed HTTP POST request to 'con.xxx' in a directory enabled with ScriptAlias. When this malformed POST data is sent to a CGI, it may result in any malicious code to be executed by the requested CGI.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability exists for Apache versions prior to 2.0.44 for Microsoft Windows 9x/Me operating environments.

1. Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability BugTraq ID: 6660 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6660 Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in Apache Web server for Microsoft Windows operating environments. The vulnerability exists in the way some HTTP requests are handled by the Apache Server. Any HTTP requests that end in some illegal characters will cause the server to disclose the contents of certain files to a remote attacker.

It has been reported that an HTTP request that ends in the '>' character will cause the Apache Web server to serve certain files to the remote attacker. Any information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system.

This vulnerability exists for Apache versions prior to 2.0.44 for Microsoft Windows operating environments.

1. Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability BugTraq ID: 6662 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6662 Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in Apache Web server for Microsoft Windows 9x/Me operating environments. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP requests that involve MS-DOS device names may cause the Apache Web server to crash.

An attacker can exploit this vulnerability by sending a malformed HTTP GET request to the Apache server using a reserved MS-DOS device name such as
'aux'. When the server receives this request it will crash.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability exists for Apache versions prior to 2.0.44 for Microsoft Windows 9x/Me operating environments.

1. Apache Web Server Default Script Mapping Bypass Vulnerability BugTraq ID: 6661 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6661 Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in the Apache Web browser that may result in the server bypassing existing default mappings when serving files.

The vulnerability exists when making requests for files in directories with extensions. The vulnerability may cause the Web server to incorrectly parse the requested file.

An attacker may be able to make a request for www.target.com/folder.php/test. The request for the file test should be served as a text file but due to some flaws in the mapping algorithm, the file 'test' will be interpreted as a PHP script.

This may have unintended consequences on users and the system.

This vulnerability was reported to affect Apache versions prior to 2.0.44.

1. WinRAR Archive File Extension Buffer Overrun Vulnerability BugTraq ID: 6664 Remote: No Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6664 Summary:

WinRAR is a compression utility capable of reading and writing files using several different archival formats. It is available for the Microsoft Windows Operating system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in WinRAR. The problem occurs when displaying an archive in the ListView Control window. If a file in the archive contains a file extension of 256 bytes or more, a buffer in WinRAR will be overrun. This may allow an attacker to construct a malicious WinRAR archive designed to overwrite sensitive values in memory.

It has been reported that it is possible for an attacker to exploit this issue to run arbitrary instructions. Commands executed in this manner would be run with the privileges of the vulnerable program.

1. YABB SE Packages.PHP Remote File Include Vulnerability BugTraq ID: 6663 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6663 Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for a number of platforms include Unix, Linux, and Microsoft Windows operating systems.

YaBB SE allows remote users to influence the location of an external script ('Packer.php') that is included by the 'Packages.php'. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included by YaBB SE. If the attacker includes malicious PHP code, then it may be executed.

This may allow a remote attacker to execute arbitrary commands in the context of the webserver.

1. Microsoft Windows Locator Service Buffer Overflow Vulnerability BugTraq ID: 6666 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6666 Summary:

It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote clients into a local buffer.

An attacker can exploit this vulnerability by constructing a remote procedure call that invokes Locator service with malformed parameters. When the Locator service receives this request, the malicious arguments will trigger the overflow condition.

This vulnerability may be exploited by remote attackers to execute custom instructions on the target domain controller. It is also possible to crash the service with a malicious request. It should be noted that, to exploit this vulnerability, no authentication is required. Additionally, the Locator service is enabled by default on all Windows 2000 and Windows NT Domain Controllers (DC).

1. Microsoft Content Management Server Cross-Site Scripting Vulnerability BugTraq ID: 6668 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6668 Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Microsoft Content Management Server (MCMS) 2001 is an Enterprise Server product used for developing and managing E-Commerce web sites. MCMS contains pre-defined ASP web pages which are used to update web sites.

A vulnerability has been discovered in one of the pre-defined ASP pages included in MCMS. Due to insufficient sanitization of user-supplied data by the ASP page, MCMS may be prone to cross-site scripting attacks. The issue occurs when constructing a response page which relies on various user-supplied values.

By constructing a malicious link an attacker may be able to trick an unsuspecting user into triggering this vulnerability. This could be used to steal a user's private information, such as cookie-based authentication credentials. Other attacks are also possible.

• This issue may be the same vulnerability described in BID 5922. If this turns out to be the case, this BID will be retired and the previous BID will be updated accordingly. 20. Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability BugTraq ID: 6667 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6667 Summary:

Microsoft Outlook 2002 is a e-mail, calendaring, and scheduling application for Microsoft Windows.

Microsoft Outlook 2002 supports various types of certificates to facilitate transport of encrypted e-mail via public key cryptography. One type of certificate supported by Microsoft Outlook 2002 is V1 Exchange Server Security certificates, which may be used in combination with a Microsoft Exchange server.

There is a flaw in the Microsoft Outlook 2002 implementation of message encryption using V1 Exchange Server Security certificates. When configured to use this method, Outlook 2002 fails to correctly encrypt messages. As a result, messages are transferred in plaintext, visible to network eavesdroppers. Furthermore, the user may assume that the message was successfully encrypted.

A remote adversary may potentially take advantage of this issue if they are in a position to intercept user mail or eavesdrop on network traffic between the client host sending the mail and hosts receiving or processing the mail.

This issue is reported to occur when Outlook 2002 is used to send HTML e-mail using the certificate.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should also be noted that the implementation of digital signatures using V1 Exchange Server Security is not affected.

21. Rediff Bol URL Handling Denial Of Service Vulnerability BugTraq ID: 6670
Remote: Yes
Date Published: Jan 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6670
Summary:

Bol is a freely available chat client available from Rediff. It is available for Microsoft Windows operating systems.

A problem could make it possible for remote user to deny service to legitimate users of the chat client.

It has been reported that a problem in Rediff Bol may allow remote users to log other users out of the Bol chat client. Due to improper handling of some types of requests, a remote user could send an URL request to the client in the form of a rbol: command that would cause the client log out.

Under ordinary circumstances, the chat client should not react input from untrusted users. This problem could make it possible for a remote user to launch a continuous denial of service against a user of the vulnerable client.

22. ZyXEL DSL Modem Default Remote Administration Password Vulnerability BugTraq ID: 6671
Remote: Yes
Date Published: Jan 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6671
Summary:

It has been reported that the administration interface on some ZyXEL devices, including the 642 and 645 series, is remotely accessible and pre-set with a default username and password.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The devices, which may have been provided to users of the Sprint ADSL service, allow administrative access through FTP, HTTP and Telnet services from any address. Furthermore, a well-known default administrative username and password are preconfigured. The default administrative username is 'root' and the associated password is typically '1234'.

An attacker can exploit this vulnerability by connecting to a vulnerable device and retrieve some files the hold configuration information and username and passwords. This will allow the attacker to manipulate and reconfigure affected devices.

It has additionally been reported that sensitive information set in the devices by ISPs, such as user email addresses, may be obtained by remote attackers.

It is important to note that other ZyXEL devices may share this default account.

23. Kodak KCMS KCS_OPEN_PROFILE Procedure Arbitrary File Access Vulnerability BugTraq ID: 6665
Remote: Yes
Date Published: Jan 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6665
Summary:

The Kodak Color Management System (KCMS) is an image and video management Application Programming Interface (API) for Unix, Linux, and Windows Operating Systems. It is distributed and maintained by Kodak.

A problem could make it possible for a remote user to gain unauthorized remote access to arbitrary files.

It has been reported that a problem exists in the Kodak Color Management System (KCMS) due to the insecure handling of input. It may be possible for a remote user to gain access to arbitrary files on a vulnerable host. This could allow remote information gathering, leakage of sensitive information, and potentially privilege elevation.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem occurs in the KCS_OPEN_PROFILE. By exploiting a vulnerable system running the kcms_server process, it is possible for a remote user to download any file to which the kcms_server has read access. As the kcms_server process is typically executed as root, this could be any file on the target system. It should be noted that an attacker must use the TT_ISBUILD procedure call of ToolTalk to exploit this issue.

24. PHPOutsourcing Zorum Remote Include Command Execution Vulnerability BugTraq ID: 6669
Remote: Yes
Date Published: Jan 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6669
Summary:

Zorum is a freely available, open source PHP forum. It is available for UNIX, Linux, and Microsoft operating systems.

A problem could make it possible for remote users to execute arbitrary commands.

It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands that may be carried out on the vulnerable host.

This problem could allow a remote attacker to execute arbitrary code with the privileges of the web server process. This could result the attacker gaining local access, and potentially elevated privileges.

25. Palm HotSync Manager Remote Denial of Service Vulnerability BugTraq ID: 6673
Remote: Yes
Date Published: Jan 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6673
Summary:

A vulnerability has been discovered in the Palm HotSync Manager. It has been reported that a remote attacker can trigger a denial of service in affected servers.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The issue occurs when a user sends "OK ATDT<" to a vulnerable system. A menu will be presented saying insufficient memory is available and three options will be presented. When an option is selected the affected process will freeze or terminate.

The precise technical details regarding this vulnerability are not currently known. This BID will be updated as more information becomes available.

This vulnerability was reported for HotSync Manager 4.0.4.

26. Microsoft Windows MSGINA.DLL Read-Lock Denial Of Service Vulnerability BugTraq ID: 6672
Remote: No
Date Published: Jan 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6672
Summary:

It has been reported that Microsoft Windows 2000 Terminal Servers and XP Pro are prone to a denial of service due to a problem with 'MSGINA.DLL'. This condition may be triggered by users who can successfully login to the server via RDP or ICA.

'MSGINA.dll' is the vendor-supplied Graphical Identification and
Authentication dynamic-link library. 'MSGINA.DLL' is loaded by the WinLogon executable and helps to facilitate graphical client sessions.

If a malicious user causes a read-lock to be placed on
'%SYSTEMROOT%\SYSTEM32\MSGINA.DLL', the next user to log in will be
prompted with a dialog stating that 'MSGINA.DLL' failed to load and will be given the opportunity to restart the system.

An attacker may trigger this condition by opening the dynamic-link library with an external application, such as a hex editor.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

27. YaBB SE News.PHP Remote File Include Vulnerability BugTraq ID: 6674
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6674
Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for a number of platforms include Unix, Linux, and Microsoft Windows operating systems.

A vulnerability has been discovered in YaBB SE. Due to insufficient sanitization of some user-supplied variables by the 'News.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the
'$template' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for YaBB SE 1.5.1 and earlier.

28. EditTag edittag.pl File Disclosure Vulnerability BugTraq ID: 6675
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6675
Summary:

EditTag is a script which facilitates website content management.

A file disclosure vulnerability has been reported in the EditTag
'edittag.pl' script.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Due to insufficient sanitization of CGI parameters a maliciously crafted web request containing encoded dot-dot-slash (%2e%2e%2f) directory traversal sequences may break out of the document root and disclose arbitrary web server readable files to a remote attacker.

Exploitation of this vulnerability may lead to disclosure of sensitive information that may be useful in mounting further attacks on the host system.

29. slocate Local Buffer Overrun Vulnerability BugTraq ID: 6676
Remote: No
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6676
Summary:

Secure Locate (slocate) provides a secure way to index and quickly search for files on your system. It is available for the Linux and Unix operating systems. Typically slocate is installed with setgid 'slocate' privileges.

A buffer overrun vulnerability has been discovered in slocate. The issue occurs when 1024, or more, bytes of data are supplied to both the regex ('-r') and the parse /etc/updatedb.conf ('-c') command line arguments. This issue occurs due to insufficient bounds checking on user-supplied input.

A malicious local user may be able to exploit this issue to overwrite sensitive locations in memory. For instance, by overwriting the programs instruction pointer it may be possible to redirect program flow to point to attacker-supplied instructions. As slocate is typically installed with setgid privileges, any code execution accomplished by an attacker will be executed with group 'slocate' privileges. An attacker may leverage this privilege escalation to exploit the target system further.

It should be noted that this issue has been reportedly verified on RedHat 7.3 and 7.2. RedHat 6.2 appears to be immune to this issue. It has not yet been verified whether other versions are also affected.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. UK WHOIS service suspended after rogue attack By Tim Richardson, The Register

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Nominet UK was forced to suspend its WHOIS service last night after a rogue attempt to copy the entire registry of .uk domains.

http://online.securityfocus.com/news/2129

2. NTL sacks 'hacker' for 'gross misconduct' By Tim Richardson, The Register

NTL has sacked one of its employees for "gross misconduct" after he hacked into the independent customer forum ntlhell.co.uk. The hack - which included sending the members of ntlhell.co.uk a derogatory email - took place on New Year's Eve.

http://online.securityfocus.com/news/2128

3. Gates Pledges Better Software Security By Ted Bridis, The Associated Press

Microsoft Corp. Chairman Bill Gates promised that his company will continue improving security in its products, part of a campaign to convince large customers that the Windows operating system is safe for even sensitive businesses.

http://online.securityfocus.com/news/2124

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

IV. SECURITYFOCUS TOP 6 TOOLS

1. RubyFilter v0.9 by Matt Armstrong Relevant URL: http://www.lickey.com/rubyfilter/ Platforms: MacOS, POSIX, UNIX Summary:

RubyFilter is a Ruby email filtering program that can serve as a replacement for email delivery programs such as procmail. It is also a Ruby module which provides classes that make it easy to write programs that filter and deliver email.

2. radmind v0.9.3
by UMich RSUG
Relevant URL:
http://rsug.itd.umich.edu/software/radmind Platforms: FreeBSD, Linux, MacOS, OpenBSD, Solaris, SunOS, UNIX Summary:

radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. At its core, radmind operates as a tripwire. It is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change. Each managed machine may have its own loadset composed of multiple, layered overloads. This allows, for example, the operating system to be described separately from applications. Loadsets are stored on a remote server. By updating a loadset on the server, changes can be pushed to managed machines.

3. BENIDS v0.1.3
by lifeonmars
Relevant URL:
http://www.marlboro.edu/~ttoomey/benids/ Platforms: Linux, POSIX
Summary:

BENIDS is a pcap-based Network Intrusion Detection System for Linux. It uses its own XML rule file format which allows arbitrary, complex boolean matching conditions. It generates IDMEFv0.3 alert messages, and also supports fragment and TCP stream reassembly.

4. JMap Port Scanner v0.2
by slashtom
Relevant URL:
http://slashtom.org/Software/index.php?package=jmap Platforms: Os Independent
Summary:

JMap is a Java network portscanner, a security tool to identify open ports on any host. It features a Swing-based GUI.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. IMAP Spam Begone v0.96
by balamw
Relevant URL:
http://www.rogerbinns.com/isbg/
Platforms: Python
Summary:

IMAP Spam Begone is a script that scans an IMAP inbox for spam using SpamAssassin, moving any found to another folder. Unlike normal mail setups it does not need to be involved in mail delivery, and can be run on a completely different machine to where your mailbox is stored.

6. spamstats v0.3b
by Vincent Deffontaines
Relevant URL:
http://www.gryzor.com/tools/#spamstats
Platforms: POSIX
Summary:

Spamstats is a Perl script that analyses spamassassin+mailer logs in order to extract useful informations about spam traffic. It displays scores, volumes, and spamassassin analysis times for spam/non-spam/both. It also extracts top spammed mailboxes. Its time options let it be used in conjunction with SNMP to generate near realtime graphs. Currently supported mailers are postfix and exim.

V. SECURITY JOBS SUMMARY

1. Internship (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/308286

2. Seeking: Network Security Engineer - Herndon, VA - USA (Northern VA / MD / DC area) - ePlus Technology Inc. (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/308301

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Common Criteria Security Engineer position in VA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/308287

4. POSITION: Security Specialist - CA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/308253

5. POSITION: Information Security Consultant - CA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/308294

6. Sales Support / Tactical Marketing Position (Boston, MA) (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/308288

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux foc