SecurityFocus Newsletter #186

SecurityFocus Newsletter #186

This Issue is Sponsored by: GuardedNet - Transforming Security Data into Knowledge

Event Correlation - Is it Security's Holy Grail?

neuSECURE isa centralized monitoring system that correlates and analyzes event data from firewalls, IDS's, hosts and routers for real-time attack detection and response. It's proven to improve attack detection and reduce the time you spend investigating attacks.

Sign up to receive our White Paper about neuSECURE's correlation capabilities entitled "Event Correlation: Security's Holy Grail?" at http://www.guarded.net/sfocusfebruary_correlation.html

I. FRONT AND CENTER

1. Intrusion Prevention Systems: the Next Step in the Evolution...
2. U.S. Information Security Law, Part One
3. The Consequences of Criminalizing Crypto
4. Media Gone Mad
5. SecurityFocus DPP Program
6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. BUGTRAQ SUMMARY
7. Netscape Communicator Password Disclosure Weakness
8. Typo3 Showpic.PHP File Enumeration Vulnerability
9. Typo3 Translations.PHP Remote File Include Vulnerability
10. Typo3 Log HTML Injection Vulnerability
11. Typo3 Runtime Error Page Information Disclosure Vulnerability
12. Typo3 Translations.PHP File Disclosure Vulnerability
13. Axis Communications 2400 Video Server Command.CGI File Creation...
14. Sun Microsystems Solaris FTP Client Debug Mode Password Display...
15. Apple QuickTime/Darwin Streaming Server Remote File Existence...
16. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
17. Typo3 HTML Hidden Form Field Information Disclosure Weakness
18. USRobotics Broadband-Router GET Request DoS Vulnerability
19. FreeBSD syncookies TCP Initial Sequence Number Weakness
20. moxftp Banner Parsing Buffer Overflow Vulnerability
21. Microsoft Outlook and Outlook Express Arbitrary Program...
22. Smart IRC Daemon Remote Client DNS Buffer Overflow Vulnerability
23. GONiCUS System Administrator Remote File Include Vulnerability
24. PlatinumFTPServer Directory Traversal Variant Vulnerability
25. nCipher Support Software Key Import Temporary File Cleanup...
26. Mambo Site Server Cookie Validation Vulnerability
27. Veritas Bare Metal Restore Remote Code Execution Vulnerability
28. WihPhoto sendphoto.php File Disclosure Vulnerability
29. phpWebFileManager File Disclosure Vulnerability
30. ClarkConnect Linux clarkconnectd Remote Information Disclosure...
31. CuteNews Remote File Include Vulnerability
32. Netscape Style Sheet Denial Of Service Vulnerability
33. Apache Web Server MIME Boundary Information Disclosure...
34. Nokia 6210 vCard Denial of Service Vulnerability
35. Eterm Screen Dump Escape Sequence Local File Corruption...
36. Hanterm-XF Loop-Based Escape Sequence Denial of Service...
37. XTerm Window Title Reporting Escape Sequence Command Execution...
38. Eterm Window Title Reporting Escape Sequence Command Execution...
39. RXVT Screen Dump Escape Sequence Local File Corruption...
40. ATerm Menu Bar Escape Sequence Command Execution Vulnerability...
41. RXVT Menu Bar Escape Sequence Command Execution Vulnerability...
42. UXTerm Window Title Reporting Escape Sequence Command...
43. DTTerm Window Title Reporting Escape Sequence Command...
44. RXVT Window Title Reporting Escape Sequence Command Execution...
45. Hanterm-XF Window Title Reporting Escape Sequence Command...
46. Gnome-Terminal Window Title Reporting Escape Sequence Command...
47. Xterm Loop-Based Escape Sequence Denial Of Service...
48. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun...
49. Apple QuickTime/Darwin Streaming Server Command Execution...
50. Apple QuickTime/Darwin Streaming Administration Server...
51. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI...
52. Apple QuickTime/Darwin Streaming Server parse_xml.cgi Remote...
53. Microsoft Internet Explorer Self Executing HTML File...
54. Apple QuickTime/Darwin Streaming Server Malicious Port Request...
55. Netscape JavaScript Regular Expression Denial Of Service...
56. Opera Automatic Redirection Cross Site Scripting Vulnerability
57. Microsoft Windows ME Help and Support Center Buffer Overflow...
58. Electronic Arts Battlefield 1942 Remote Administration...
59. AMX Mod Remote 'amx_say' Format String Vulnerability
60. Frisk F-Prot Antivirus Command Line Scanner Buffer Overflow...
61. Ecartis Hidden Form Field Password Modification Vulnerability
62. InstantServer ISMail Remote User Fields Buffer Overflow...
63. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
64. Hypermail CGI Mail Open Relay Vulnerability
65. Hypermail Local Temporary File Race Condition Vulnerability
66. Invision Board ipchat.php Remote File Include Vulnerability
67. mhc-utils Insecure Temporary File Creation Vulnerability
68. jCIFS SmbSession Unauthorized Access Vulnerability
69. Multiple Netpbm Buffer Overflow Vulnerabilities
70. Axis Communications HTTP Server Messages Information... III. SECURITYFOCUS NEWS ARTICLES
71. Program Hides Secret Messages in Executables
72. Windows Update keeps tabs on all system software
73. Klez-H tops monthly virus charts. Again
74. Monster.com warns false job postings could lead to identity theft IV. SECURITYFOCUS TOP 6 TOOLS
75. gpgdir v0.1
76. pam_require v0.1
77. ulogd-php v0.6
78. Anti-Spam SMTP Proxy v0.1.4
79. dea v1.3.1
80. Percival Network Monitoring System v1.1
81. SECURITYJOBS LIST SUMMARY
82. Fwd: CHECK Certification (Thread)
83. Probs obtaining Liability Insurance, please assist (Thread)
84. Quick Question - Greythorn (Thread)
85. Job Posting (Thread)
86. OTTAWA - Account "hunter" Specialist - $150k Target (Thread)
87. Security Engineer/Analyst position with Bristol-Myers Squibb...
88. Enterprise Security Organization Seeking Senior Architects...
89. Seeking Senior Security Architects for Enterprise Security...
90. FEDERAL SALES MANAGER - New York - $200k U.S. (Thread)
91. CHECK certified? (Thread)
92. Seeking Job. Sr Security Software Engineer (Thread)
93. PARIS, France - Application SE - $120k package (Thread)
94. ATLANTA - Application SE - $120k package (Thread)
95. POSITION: Program Security Officer, Sudbury, MA (Clearance...
96. NEW YORK - Application SE - $120k package (Thread)
97. Windows Driver Developer - Network Security (Thread)
98. Seeking employment as Security Analyst/Consultant - Waterloo,...
99. Fw: CHECK certified? (Thread)
100. Sr.Account Manager/Director Eastern Canada Sales - Network...
101. REVISION Linux Developer-Remote Access Solutions (Thread)
102. Forensic and Information Security Analyst Looking for a home...
103. Security Operations Manager, UK based - to £70k + car...
104. IT Security Evangelist for EMEA - only apply if currently in...
105. Fw: Infomation Security Professional - Houston, TX (Thread)
106. Security Sys Adm/Architect needed in Redwood City, CA (Thread)
107. Seeking Full-time or Consultant InfoSec Position (Thread)
108. Manager of IT Security #757JS - TN - $105k (Thread)
109. Sr. Forencics Manager/Consultant (Thread)
110. Sr. Consultant needed with Electronic Evidence Experience...
111. Chicago, IL - Computer Forensic Investigator - EOE...
112. UNIX/NT/Network/Management Experienced Professional (Thread)
113. Security Audit Consultant - Princeton, NJ (Thread)
114. Information Security Consultant - PS145051 (Thread)
115. Sr. Security Project Manager - Cleveland, Ohio PS144964...
116. Information Security Consultant - Cleveland, Ohio PS145032...
117. Sr. Project Manager - Cleveland, Ohio PS145033 (Thread)
118. Systems Engineering Consultant - Cleveland, Ohio PS145042...
119. Dynamic Consulting Firm Seeking Electronic Evidence Expert...
120. Progressive Consulting Firm looking for Best of the Best in...
121. Resume of Unix/Network Security Guru (Thread)
122. An experienced security professional is available (Thread)
123. Seeking Full-time or Consultant InfoSec Position. (Thread)
124. The last word belongs to Ben (Thread)
125. Had a lot of jobs - how do I avert that negative aspect (Thread)
126. APAC - V.P. Business Development - Network Security - $350k+...
127. FW: Had a lot of jobs ? how do I avert that negative aspect...
128. Had a lot of jobs how do I avert that negative aspect (Thread)
129. Had a lot of jobs - how do I avert that negative aspect (Thread)
130. combine the jobs, don't say your're a job hopper Had a lot of...
131. Had a lot of jobs ? how do I avert that negative aspect (Thread) VI. INCIDENTS LIST SUMMARY
132. More /sumthin (Thread)
133. Weird Windows logon attempts (Thread)
134. Possible new backdoor: mspx-smss.exe ? (Thread)
135. Interesting (Thread)
136. Weird apache logs (Thread)
137. Incident Focus Area Article Announcement (Thread)
138. Remote Access Software (Wireless Devices) (Thread)
139. Web server crashed, now is trying to contact an IP by port 80...
140. ICQ problem. (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
141. DoS in 'USR848000A-02' (Thread)
142. Security contact for Bank Of America (Thread)
143. Non registering shell (Thread)
144. freeconsole() (Thread)
145. Regarding F-Prot for Linux (Thread)
146. Apache 2.x leaked descriptors (Thread)
147. makeunicode2.py release announcement (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
148. Hostname given to XP clients (Thread)
149. DMZ boxes in the domain - Bad moderator (Thread)
150. How do you patch yours? (was: Monitor Services on Windows...
151. Monitor Services on Windows machines (Thread)
152. [despammed] Utility to determine who deteled files (Thread)
153. Utility to determine who deteled files (Thread)
154. Administrivia: Results (Thread)
155. Article Announcement: Exchange 2000 in the Enterprise: Tips...
156. One Time Passwords (Thread)
157. DMZ boxes in the domain (Thread)
158. Windows2000 QuickLaunch (Thread)
159. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread)
160. Antwort: Monitor Services on Windows machines (Thread)
161. SecurityFocus Microsoft Newsletter #126 (Thread)
162. Administrivia (Thread)
163. MS Software Update Service (Thread)
164. Windows 2000 Static arp not static (Thread) IX. SUN FOCUS LIST SUMMARY
165. Article Announcement: Secure MySQL Database Design (Thread)
166. Sun Security Admin Beta (Thread)
167. LINUX FOCUS LIST SUMMARY
168. Article Announcement: Secure MySQL Database Design (Thread)
169. Red Hat Network updates (Thread) XI. SPONSOR INFORMATION -
170. FRONT AND CENTER

     ---

171. Intrusion Prevention Systems: the Next Step in the Evolution of IDS By Neil Desai

Intrusion prevention systems combine the blocking capabilities of a firewall with the deep packet inspection of intrusion detection systems. this discussion will look at five different categories of IPSs that focus on attack prevention at layers that most firewalls are not yet able to decipher.

http://www.securityfocus.com/infocus/1670

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. U.S. Information Security Law, Part One: Protecting Private Sector Systems, and Information Security Professionals and Trade Secrets by Steven Robinson

Information security professionals work within an enterprise to protect it from all non-physical threats to the integrity and availability of its data and systems. Performing this function draws security professionals into simultaneous, ongoing relationships between the enterprise on the one hand and, successively on the other, the enterprise's employees and other agents, its customers, suppliers, competitors, government officials and regulators, to say nothing of unidentified and sometimes unidentifiable actors.

http://www.securityfocus.com/infocus/1669

3. The Consequences of Criminalizing Crypto By Mark Rasch

There is nothing like the fear of weapons of mass destruction to bring out weary old legislative proposals. Earlier this month, it leaked out that the Justice Department was considering a broad expansion of its investigative authority, including the creation of new criminal offenses, ostensibly to assist in the fight against terrorism. Many of the proposals contained in the "Domestic Security Enhancement Act of 2003" had nothing to do with fighting terrorism, but would substantially increase penalties for such mundane offenses as wire fraud or claiming too many deductions on a federal tax return.

http://www.securityfocus.com/columnists/145

4. Media Gone Mad
By Tim Mullen

"Windows XP Kills Dog, Steals Toaster"

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

That's the next headline I'm expecting to read after wallowing through a week of technology press misreporting about the latest security issue in Windows XP -- an "issue" that's really nothing of the sort.

http://www.securityfocus.com/columnists/144

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Netscape Communicator Password Disclosure Weakness BugTraq ID: 6981 Remote: No Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6981 Summary:

Netscape Communicator is a combined web browser and e-Mail Client developed for a variety of platforms including Microsoft Windows, Linux and Unix variant operating environments.

It has been reported that the Netscape Communicator roaming profile function may store sensitive user credentials in the 'prefs.js' configuration file using plaintext or easily disclosed format.

This weakness may result in an attacker accessing sensitive user credentials that may be used in further attacks launched against the system.

Conflicting details have been reported suggesting that perhaps this issue may be due to a user initiated configuration change and that password data may be encrypted using a trivial XOR based encryption algorithm by default.

This report is closely related to the issue described in BID 6215.

2. Typo3 Showpic.PHP File Enumeration Vulnerability BugTraq ID: 6982
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6982
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be exploited by submitting a malicious request for a file (including the relative path). These scripts will return information about whether or not a file exists.

This type of information may be useful in mounting further attacks against the host system, since the scripts will reveal information about the layout of the host's filesystem.

3. Typo3 Translations.PHP Remote File Include Vulnerability BugTraq ID: 6984
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6984
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used by a URI parameter of the 'translations.php' PHP page.

Under some circumstances, it is possible for remote attackers to influence the path for an include file to point to an external file by manipulating the '$ONLY' URI parameter.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

4. Typo3 Log HTML Injection Vulnerability BugTraq ID: 6983
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6983
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYP03 logs all system and access related errors in the TYPO3 database and provides a facility for administrators to view this information from the web. However, data is not sanitized of HTML before being logged. As a result, remote attackers may inject malicious HTML and script code into log files. When these logs are viewed, the hostile code will be interpreted in the web client of the user viewing the logs.

This may allow for theft of administrative cookie-based authentication credentials and other attacks.

5. Typo3 Runtime Error Page Information Disclosure Vulnerability BugTraq ID: 6986
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6986
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

An information disclosure vulnerability has been reported for TYPO3. The vulnerability exists in several 'test', 'class' and 'library' scripts that are included with TYPO3.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

These scripts may be forced to execute and generate runtime errors. When these errors occur, the scripts will output path information.

Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.

6. Typo3 Translations.PHP File Disclosure Vulnerability BugTraq ID: 6985
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6985
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 does not sufficiently sanitize input submitted via URI parameters of potentially malicious data. This issue exists in the 'translations.php' script. Specifically, variations of directory traversal sequences and null characters (%00) may be specified as a value for the 'ONLY' URI parameter. By submitting a malicious web request to this script that contains a relative path to a resource and a null character (%00), it is possible to retrieve arbitrary files that are readable by the web server process.

Successful exploitation will permit the attacker to gain access to sensitive information that may aid in mounting further attacks against the system hosting the software.

7. Axis Communications 2400 Video Server Command.CGI File Creation Vulnerability BugTraq ID: 6987
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6987
Summary:

The 2400 Video Server is a video serving hardware device distributed by Axis Communications. It is designed to serve video via network connections.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with the video server could make it possible for a remote user to create arbitrary files.

It has been reported that the Axis 2400 Video Server does not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.

An attacker could exploit this issue to remotely overwrite some file types. This could allow the attacker to additionally create files that may be used maliciously to execute commands. It is unknown what privileges this daemon operates with. However, files created and commands executed through this issue would be with the privileges of the webserver process.

8. Typo3 Webroot Folders Information Disclosure Weakness BugTraq ID: 6988
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6988
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

It has been reported that TYPO3 installs, by default, several directories into the TYPO3 webroot. These directories are reportedly readable or lacking sufficient authentication mechanisms and contain log, configuration and script files. This weakness may result in the disclosure of sensitive system based information to malicious web users.

The following directories and files have been reported to be prone to this issue:
/install
/fileadmin/
/typo3conf/

The information gathered as a result of this weakness may be used in further attacks against the system.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. Sun Microsystems Solaris FTP Client Debug Mode Password Display Vulnerability BugTraq ID: 6989
Remote: No
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6989
Summary:

Solaris is the UNIX operating system variant distributed by Sun Microsystems.

A problem with the FTP client distributed with Solaris may reveal sensitive information to unauthorized users.

It has been reported that the FTP client distributed with Solaris does not sufficiently guard potentially sensitive information. Because of this, it may be possible for an attacker to observe sensitive information.

The problem is in the display of the FTP password. When the FTP client is executed in debug mode, it displays the FTP password entered in plaintext. A casual observer may be able to see this password, which could result in unauthorized access to the user's account.

1. Apple QuickTime/Darwin Streaming Server Remote File Existence Revealing Vulnerability BugTraq ID: 6992 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6992 Summary:

QuickTime/Darwin Streaming Administration Server is server technology which allows you to send streaming QuickTime data to clients across the Internet.

A problem with QuickTime/Darwin Streaming Server may make it possible for a remote user to gather information about a host's file system.

It has been reported that the QuickTime/Darwin Streaming Server reveals information that may be sensitive. When certain requests are made, a difference in reponses could make possible for an attacker to gain information about the local host.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the return of error messages. When a request for a file that does not exist is made, the server returns an error message different from one that is inaccessible to the remote user. Because of the server also allow directory traversal, an attacker could draw from several requests a map of the local file system.

1. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability BugTraq ID: 6990 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6990 Summary:

QuickTime/Darwin Streaming Administration Server is server technology which allows you to send streaming QuickTime data to clients across the Internet.

A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server (SS). The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Specifically, directory traversal sequences are not sanitized from the value supplied to the 'filename' URI parameter. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.

An attacker may exploit this vulnerability by making a request to the parse_xml.cgi script containing dot-dot-slash ('../') sequences followed by a filename. When the malicious request is processed, the Streaming Server will disclose the contents of the file to an attacker.

This vulnerability was tested on SS for Microsoft Windows systems. Linux versions of Darwin SS are reportedly not vulnerable to this issue.

1. Typo3 HTML Hidden Form Field Information Disclosure Weakness BugTraq ID: 6993 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6993 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. Such fields may contain potentially sensitive information which may provide determined attackers with valuable information which may be useful in exploiting other known issues in the software.

This vulnerability was reported for TYPO3 3.5b5.

1. USRobotics Broadband-Router GET Request DoS Vulnerability BugTraq ID: 6994 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6994 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

USRobotics Broadbrand Router is a hardware appliance used to join an internal network to an internetwork over a broadband connection.

USRobotics Broadband-Routers are reportedly prone to denial of service attacks. An attacker can exploit this vulnerability by issuing an overly long HTTP GET request to the embedded web server of a vulnerable USRobotics device. When the device attempts to process the malformed input, it will crash. It has been reported that this condition may be reproduced from within the internal network.

A restart of the device may be required for the device to function normally after exploitation has occurred.

This condition may be due to a buffer overflow in the router firmware. This issue is reported to affect v2.5 of US Robotics Broadband-Router 8000A/8000-2 (USR848000A-02).

1. FreeBSD syncookies TCP Initial Sequence Number Weakness BugTraq ID: 6920 Remote: Yes Date Published: Feb 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6920 Summary:

Recent versions of FreeBSD include support for SYN cookies (syncookies) support. SYN cookies are used to choose initial TCP sequence numbers (ISNs) to protect against a class of denial of service flooding attacks.

The FreeBSD implementation of syncookies uses a MAC keyed on several secret keys that are rotated periodically. The keys are 32 bits in length that may make a brute force attack feasible and allow an attacker to recover syncookies.

It is possible to generate valid ISN keys using a compromised syncookie. This may allow an attacker to spoof TCP connections that may be used to bypass IP-based access control lists.

Other attacks, including denial of service attacks, are also possible.

1. moxftp Banner Parsing Buffer Overflow Vulnerability BugTraq ID: 6921 Remote: Yes Date Published: Feb 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6921 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

moxftp is a FTP client for use with X windows systems.

A buffer overflow vulnerability has been reported for moxftp. The vulnerability occurs when moxftp is parsing 'Welcome' banner messages from remote FTP servers. When moxftp receives an overly long FTP banner, it will trigger the overflow condition.

An attacker can exploit this vulnerability by enticing a victim moxftp user to connect to a malicious FTP server. Specifically, a FTP banner consisting of greater than 512 characters will trigger the overflow condition.

Any attacker-supplied code will be executed on the victim system with the privileges of the moxftp process.

This vulnerability was reported to affect moxftp 2.2. It is not known whether other versions are affected.

1. Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability BugTraq ID: 6923 Remote: Yes Date Published: Feb 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6923 Summary:

Microsoft Outlook and Outlook Express use Internet Explorer to render HTML email and newsgroup messages by default. When an HTML message is viewed, a temporary object is created in the Internet Explorer cache. The security zone applied to this cache should be the Internet Zone by default, as set by Internet Explorer.

It is possible to execute arbitrary programs through an object embedded within an HTML message viewed with Outlook or Outlook Express.

If an object embedded within the HTML message contains a CODEBASE reference to an executable file on the local system, the program file will be executed. The object must use a CLASSID that does not contain only zeroes.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It may also be possible for an attacker to place a file in a known temporary folder through other means and have it executed through this method.

This issue is similar in nature to BID 3867, which was reportedly fixed by Microsoft. It is possible that the issue was not correctly fixed in cases where Internet Explorer is used by another application to render HTML content. As a result, other applications that rely on Internet Explorer other than Outlook and Outlook Express may also be vulnerable to this issue.

1. Smart IRC Daemon Remote Client DNS Buffer Overflow Vulnerability BugTraq ID: 6924 Remote: Yes Date Published: Feb 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6924 Summary:

Smart IRC Daemon (sircd) is a freely available, open source implementation of an IRCd. It is available for the Unix and Linux operating systems.

A problem with sircd may make possible the execution of arbitrary code.

It has been reported that sircd is vulnerable to a boundary condition error. Under certain circumstances, a client with malicious DNS information may be able to cause a stack-based overflow in the IRC server. This could lead to denial of service, and potentially code execution.

The problem is in the handling of clients with large amounts of DNS information. When the server initially attempts to resolve the client's DNS information, a string of data greater than 94 bytes will result in a stack overflow. Through this, an attacker could send arbitrary instructions that would be executed with the permissions of the IRC server.

It should be noted that the execution of arbitrary code may be limited to the ASCII printable character set, which is a requirement of DNS. This may make exploitation of this issue more difficult.

1. GONiCUS System Administrator Remote File Include Vulnerability BugTraq ID: 6922 Remote: Yes Date Published: Feb 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6922 Summary:

GONiCUS System Administrator is a web-based application written in PHP that is used to manage accounts and systems in a LDAP database.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that GONiCUS System Administrator is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in several PHP pages existing in the
/plugins and /includes folders.

Under some circumstances, it is possible for remote attackers to influence the include path for these scripts to point to an external file on a remote server. Manipulating the 'base' or 'plugin' URI parameters can trigger this vulnerability.

If the remote file is a malicious PHP script, this may be exploited to execute arbitrary system commands in the context of the web server.

This vulnerability has been reported for GONiCUS System Administrator Version 1, previous versions may also be affected.

1. PlatinumFTPServer Directory Traversal Variant Vulnerability BugTraq ID: 6925 Remote: Yes Date Published: Feb 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6925 Summary:

PlatinumFTPServer is an FTP server for Microsoft Windows systems. It is commercially available, and distributed by BYTE/400.

Some PlatinumFTPServer commands may allow remote users to break out of the FTP root directory. This is due to insufficient sanitization of directory traversal sequences from FTP commands.

This may potentially be exploited to list files that are on the local system. Under some circumstances, it may be possible to retrieve files or upload malicious files to directories on the local system which are accessible by the FTP server.

This issue is a variant of the issues described in BID 6554 and BID 6691.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

20. nCipher Support Software Key Import Temporary File Cleanup Vulnerability BugTraq ID: 6927
Remote: No
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6927
Summary:

nCipher Support Software is a suite of administrative tools for nCipher products. It is distributed and maintained by nCipher Corporation.

A problem with nCipher Support Software could lead to an attacker gaining access to sensitive information.

It has been reported that nCipher Support Software does not properly handle some temporary files. Due to insecure management and removal of files when a software-based key is imported using the Support Software, an attacker may be able to gain access to key information after the software has been used.

The problem is due to the insecure management and cleanup of temporary files. When a key is converted from a PEM file to a DER file, temporary copies are made that are not removed after the operation completes. Because of this, a person with access to the system on which the conversion was performed may be able to recover key information, resulting in a compromise of key integrity.

This vulnerability affects the generatekey and KeySafe applications distributed with the Support Software CD. This problem affects all Support Software, though Support Software from CD 7.00 and later will remove PEM and DER files after a key is generated. It will not, however, remove any previously copied keys.

21. Mambo Site Server Cookie Validation Vulnerability BugTraq ID: 6926
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6926
Summary:

Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Mambo Site Server may grant access without sufficiently validating cookie based authentication credentials. It has been reported that Mambo will accept a user cookie sent by the site as an administrative credential. To exploit this issue, the attacker must receive a cookie and then use MD5 to encode their session ID in the cookie. The attacker may then access administrative pages using the modified cookie. Reportedly, session IDs are not issued during normal use of Mambo, but will be issued during logout. A session ID issued during logout is sufficient to exploit this issue.

The attacker may gain unauthorized access to the underlying database through an administrative account. Other administrative actions are also possible.

This issue was reported in Mambo Site Server 4.0.12 RC2. Earlier versions may also be affected.

22. Veritas Bare Metal Restore Remote Code Execution Vulnerability BugTraq ID: 6928
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6928
Summary:

Veritas has announced the existence of a vulnerability in Bare Metal Restore (BMR) designed for use with Tivoli Storage Manager.

It has been discovered that a remote attacker who is able to connect to a BMR Main Server may be able to obtain access with elevated privileges by forcing BMR to execute arbitrary commands. As all commands executed by BMR run with 'root' privileges, it may be possible for an attacker to obtain root access to a vulnerable system.

The precise technical details regarding this vulnerability are currently unknown. This BID will be updated as further information is made available.

23. WihPhoto sendphoto.php File Disclosure Vulnerability BugTraq ID: 6929
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6929
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

WihPhoto is a series of PHP scripts designed to facilitate the management of Web-based photo albums.

A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers.

The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file. Specifically, the sanity of URI parameters for the $album1 and the $pic variables are not verified.

A maliciously crafted web request containing dot-dot directory traversal sequences may break out of the document root. This may result in the disclosure of arbitrary web server readable files, via e-mail, to a remote attacker.

Exploitation of this vulnerability may lead to disclosure of sensitive information that may be useful in mounting further attacks on the host system.

This vulnerability was reported for WihPhoto 0.86-dev. It is not known whether earlier versions are affected.

24. phpWebFileManager File Disclosure Vulnerability BugTraq ID: 6933
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6933
Summary:

phpWebFileManager is file management tool written in PHP. It is designed for inclusion in large projects it can also act as a PostNuke module.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

phpWebFileManager has been reported to be vulnerable to a file disclosure issue.

The 'file.php' script does not sufficiently sanitize externally supplied input via the 'fm_path' variable and is therefore prone to a file disclosure vulnerability. It is possible for a remote attacker to submit a maliciously crafted web request, containing directory traversal sequences, which is capable of breaking out of wwwroot and browsing arbitrary web-readable files on a host running the vulnerable script.

Information gathered as a result of successful exploitation may aid in further attacks against the host.

25. ClarkConnect Linux clarkconnectd Remote Information Disclosure Vulnerability BugTraq ID: 6934
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6934
Summary:

ClarkConnect Linux is an environment designed to provide gateway and other services to home users.

An information disclosure vulnerability has been reported for ClarkConnect Linux that may result in the clarkconnectd service divulging potentially sensitive information to remote attackers.

An attacker can exploit this vulnerability by connecting to the remote system on port 10005 and sending special character codes. This will cause the service to send various system information to a remote party.

Any information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability has been reported for ClarkConnect Linux 1.2.

26. CuteNews Remote File Include Vulnerability BugTraq ID: 6935
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6935
Summary:

CuteNews is a news management system implemented in PHP.

CuteNews is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used by a URI parameter of several PHP pages. Specifically the PHP script files 'comments.php', 'search.php' and 'shownews.php' existing in the 'cutenews' folder are vulnerable to this issue.

Under some circumstances, it is possible for remote attackers to influence the include path for 'config.php' or 'news.txt' files to point to an external file on a remote server by manipulating the '$cutepath' URI parameter.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

This vulnerability was reported for CuteNews Version 0.88. It is not known whether other versions are affected.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

27. Netscape Style Sheet Denial Of Service Vulnerability BugTraq ID: 6937
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6937
Summary:

Netscape is a Web browser developed for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

It has been reported that Netscape based browsers may be vulnerable to a persistent denial of service or performance degradation condition when rendering certain style sheet code.

If a malicious page is viewed, the browser reportedly becomes unstable. One possible condition mentioned was critical failure of the browser while another condition reportedly utilized all CPU resources.

This vulnerability was reported for Netscape browser version 6 and 7. It is not known if previous versions are also affected.

28. Apache Web Server ETag Header Information Disclosure Weakness BugTraq ID: 6939
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6939
Summary:

Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and, Microsoft Windows operating systems.

A cache management feature is available for Apache that makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, for caching purposes, an ETag response header is returned containing various file attributes. ETag information allows further requests for files to contain specific information, such as the file's inode number, which allows for faster lookup times.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. This poses a security risk, as this information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles.

OpenBSD has released a patch that addresses this issue. Inode numbers returned from the server are now encoded using a private hash to avoid the release of sensitive information.

Apache 1.3.22 and earlier are not configurable to disable the use of inodes in ETag headers. However, default behaviour in later versions will still release this sensitive information.

29. Apache Web Server MIME Boundary Information Disclosure Vulnerability BugTraq ID: 6943
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6943
Summary:

Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and, Microsoft Windows operating systems.

A vulnerability has been discovered in the Apache web server that may result in the disclosure of sensitive information. Specifically, the getpid() function is used when generating MIME message boundaries. This will effectively disclose the Apache child process identification (PID) to a remote attacker.

Access to this information may aid an attacker in launching attacks further attacks against target services.

OpenBSD has released a patch that addresses this issue. MIME boundaries are now generated by the server using BASE64 encoded random numbers.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

30. Nokia 6210 vCard Denial of Service Vulnerability BugTraq ID: 6952
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6952
Summary:

Nokia 6210 handsets are capable of receiving vCards through the built-in SMS receiver. vCards are attachments which are used for exchanging address book information.

It is possible to cause a denial of service on the 6210 handset by sending malformed vCards which contain format strings to the handset.

If a specifically crafted multi-part vCard is sent to the handset, it can potentially cause the SMS receiver on the phone to fail, cause the phone to lock up, or automatically restart the phone.

31. Eterm Screen Dump Escape Sequence Local File Corruption Vulnerability BugTraq ID: 6936
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6936
Summary:

Eterm is terminal emulation software which is available for Unix and Linux variants.

Eterm supports a feature which allows screen contents to be dumped to a local file. It is possible to trigger this feature via escape sequences in the terminal window. This feature may be abused to any corrupt local files which are writeable by the terminal user. These files may be overwritten with custom data, which may result in remote compromise or local privilege escalation.

It is possible to exploit this issue if an attacker can cause malicious escape sequences to be displayed in a terminal window of a vulnerable terminal emulator. Malicious escape sequences can be injected into a terminal session through various means, such as programs which log user input without removing potentially dangerous escape sequences. Untrusted applications or servers may also send malicious escape sequences to the terminal. In addition, any systems which allow a user to broadcast messages to other users may provide a means of exploitation. Many UNIX systems support this with the "wall" service.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was originally described in BID 6931 "Multiple Vendor Terminal Emulator Escape Sequence Vulnerabilities". It is now being assigned a separate BID.

32. Hanterm-XF Loop-Based Escape Sequence Denial of Service Vulnerability BugTraq ID: 6944
Remote: No
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6944
Summary:

hanterm-XF is terminal emulation software derived from Xterm and designed to support Hangul input and output. It is available for platforms which support the X Windowing system, such as Unix and Linux variants.

It has been reported that the DEC implementation of hanterm-xf is prone to a denial of service vulnerability.

The hanterm-xf terminal fails to sufficiently filter certain potentially malicious loop-based escape sequences, leaving the terminal open to attacks including attacker initiated tight loops that may exhaust CPU resources.

The problem exists in the DEC UDK processing which is implemented by the vulnerable terminal emulator.

It is possible to exploit this issue if an attacker can cause malicious escape sequences to be displayed in a terminal window of a vulnerable terminal emulator. Malicious escape sequences can be injected into a terminal session through various means, such as programs which log user input without removing potentially dangerous escape sequences. Untrusted applications or servers may also send malicious escape sequences to the terminal. In addition, any systems which allow a user to broadcast messages to other users may provide a means of exploitation. Many UNIX systems support this with the "wall" service.

This vulnerability was originally described in BID 6931 "Multiple Vendor Terminal Emulator Escape Sequence Vulnerabilities". It is now being assigned a separate BID.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews