SecurityFocus Newsletter #191

SecurityFocus Newsletter #191

I. FRONT AND CENTER

1. U.S. Information Security Law, Part 2
2. The Reality of Perception
3. SecurityFocus DPP Program II. BUGTRAQ SUMMARY
4. PostNuke File Path Disclosure Vulnerability
5. Snort Evasion Echo Flag Port Scan Vulnerability
6. Alexandria / SourceForge Cross Site Scripting Vulnerability
7. Alexandria / SourceForge CRLF Injection Vulnerability
8. Alexandria / SourceForge File Disclosure Vulnerability
9. Multiple Vendor Web Browser LiveConnect JavaScript Denial Of...
10. Mutt IMAP Remote Folder Buffer Overflow Vulnerabilities...
11. Beanwebb Guestbook HTML Injection Vulnerability
12. Beanwebb Guestbook Unauthorized Administrative Access...
13. Justice Guestbook HTML Injection Vulnerability
14. Sendmail Address Prescan Memory Corruption Vulnerability
15. Justice Guestbook Path Disclosure Vulnerability
16. ScozBook HTML Injection Vulnerability
17. ScozBook Path Disclosure Vulnerability
18. CCGuestBook HTML Injection Vulnerability
19. CCLog HTTP Header HTML Injection Vulnerability
20. Solaris lpstat Buffer Overflow Vulnerability
21. Solaris dtsession HOME Buffer Overflow Vulnerability
22. Oracle JDBC Daylight Savings Time Timestamp Weakness
23. EZ Server Long Argument Local Denial Of Service Vulnerability
24. SAP DB RPM Install World Writable Binary Vulnerability
25. InstantServers MiniPortal SOHO Anonymous Users Privileges...
26. HP Instant TopTools Remote Denial Of Service Vulnerability
27. Kerio WinRoute Firewall Malformed HTTP GET Request Denial of...
28. Apple QuickTime Player Custom URL Vulnerability
29. PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability
30. Multiple HP Tru64 C Library Vulnerabilities
31. HP MPE/iX Unspecified FTP Privileged Data Access Vulnerability
32. PowerFTP FTP Command Buffer Overflow Denial Of Service...
33. Sun Solaris NewTask Local Privilege Elevation Vulnerability III. SECURITYFOCUS NEWS ARTICLES
34. Fear of a Million Big Brothers
35. Report: Info sharing centers not sharing so much
36. Former hacker warns lawmakers about dangers to personal...
37. Cut software piracy and jumpstart 'stagnant' economies IV. SECURITYFOCUS TOP 6 TOOLS
38. SRG v1.0b1
39. RainPortal v1.0
40. Trusted Debian v0.9.1
41. Async Blockreport v1.0
42. Socks Server 5 v1.3
43. bungmeter v1.0.2
44. SECURITYJOBS LIST SUMMARY
45. Deloitte & Touche: Security Architecture & Design Professionals...
46. Educational Relationship Representative - Contract Part Time...
47. Deloitte & Touce: Network Security Professionals Wanted (Thread)
48. Looking for Secuirty Specialists (Thread)
49. (job offered) Full-time salaried Security Consultants in WA...
50. Seeking employment in the UK - 20 years' experience (Thread)
51. Chief Security Officer (CSO) London, UK, Paris, France. (Thread)
52. QA Position at eEye Digital Security, Aliso Viejo, CA (Thread)
53. Looking for work in NYC. (Thread)
54. JOB POSTING: Mgr, Trending & Analysis (Thread)
55. Washington DC Opportunity (Thread)
56. New Position/Fayetteville, NC (Thread)
57. Resume: Network Security Candidate (Thread)
58. Symantec in Redwood City is hiring a Sr Security...
59. Network Security Analyst, Mechanicsburg, PA (Thread)
60. looking for a security postion (Thread)
61. new requirement (Thread)
62. JOB POSTING (Thread)
63. Engineers Pre and Post Sales (Thread)
64. Sr. Project Manager - Cleveland, Ohio (Thread)
65. FW: Security Sales Consultant for France (Thread)
66. Security Sales Consultant for Belgium (Thread) VI. INCIDENTS LIST SUMMARY
67. RECAP: possible rootkit, maybe partial? (Thread)
68. Logon.dll? Possible root-kit? (Thread)
69. UDP traffic to net and broadcast addresses (Thread)
70. Increase in Source to Port 445 (Thread)
71. Logon/Logoff Failure Events (Thread)
72. UDP scans from AOL NS boxes? (Thread)
73. Field Report: New Worm (Thread)
74. possible rootkit, maybe partial? (Thread)
75. [0.5OT answer]possible rootkit, maybe partial? (Thread)
76. [CERT] possible rootkit, maybe partial? (Thread)
77. Increase of attempts on port 635 in last couple days (Thread)
78. SQL Slammer Variant? (Thread)
79. POP3 logon attempts (Thread)
80. Why alerts on ports 1025-1029, 1036 (Thread)
81. Educational Incident Data Comparison Pilot (X-Post) (Thread)
82. New Article: U.S. Information Security Law, Part 2 (Thread)
83. WebDAV Exploit Lab (Thread)
84. new attack tool combining SMB and WebDAV? (Thread)
85. [CERT] Why alerts on ports 1025-1029, 1036 (Thread)
86. strange DNS behavior over the last 2 days (Thread)
87. California State Bill SB1386 (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
88. IkonBoard v3.1.1: arbitrary command execution (Thread)
89. AOL 8.0 and discover.xml (Thread)
90. Generating Hex Numbers to brute force rs_iis.c (Thread)
91. @(#)Mordred Labs advisory - Integer overflow in PHP...
92. @(#)Mordred Labs advisory - Integer overflow in PHP...
93. Webserver CVS (In)Security (Thread)
94. webdav with sp0/1 (Thread)
95. Sendmail's prescan exploit thoughts (Thread)
96. WebDAV and SMB?!? (Thread)
97. Sambar Server "Buffer OverFlow" Vulnerabilities (Thread)
98. Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit...
99. WebDAV Exploit Lab (Thread)
100. Automatic discovery of shellcode address (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
101. LDAP V3 in Active Directory (Thread)
102. Article Announcement: U.S. Information Security Law, Part 2...
103. SecurityFocus Microsoft Newsletter #131 (Thread)
104. Honeynet Scan of the Month for April released (Thread) IX. SUN FOCUS LIST SUMMARY
105. NO NEW POSTS FOR THE WEEKENDING 04.04.03
106. LINUX FOCUS LIST SUMMARY
107. Live Upgrade for Linux (Thread)
108. Red Hat: To patch or to upgrade? (Thread) XI. SPONSOR INFORMATION
109. FRONT AND CENTER

     ---

110. U.S. Information Security Law, Part 2 By Steven Robinson

This is the second part of a four-part series looking at U.S. information security laws and the way those laws affect security professionals. In this installment, we will look at the legal framework for security of an enterprise's working environment from the perspective of information security professionals, with particular emphasis on the protection of communications.

http://www.securityfocus.com/infocus/1681

2. The Reality of Perception
By Tim Mullen

A new poll finds that seventy-seven percent of security professionals believe Microsoft products are insecure. But a closer look at the survey tells a far more interesting story.

http://www.securityfocus.com/columnists/152

3. SecurityFocus DPP Program

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

1. PostNuke File Path Disclosure Vulnerability BugTraq ID: 7218 Remote: Yes Date Published: Mar 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7218 Summary:

PHP-Nuke is a web based Portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when a request is made which includes invalid URI 'file' parameters to the 'Stats' or 'Members_List' pages.

The affected scripts do not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. Access to sensitive filesystem information may aid an attacker in launching further attacks against a target system.

2. Snort Evasion Echo Flag Port Scan Vulnerability BugTraq ID: 7220
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7220
Summary:

Snort is a freely available, open source intrusion detection system. It is available for Unix, Linux, and Microsoft Windows platforms.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that a vulnerability exists in the default configuration of Snort. Due to this issue it is possible for a user to evade detection while performing some types of scans.

The problem is in the detection of specifically crafted packets. When a port scan is initiated with the TCP SYN, FIN, and ECN flags set, the default configuration of snort will not register these packets as an IDS event. This could permit an attacker to gather information on network resources that could be used for more organized attack against systems.

This problem has been reported in version 1.9.1, though earlier versions may be affected.

3. Alexandria / SourceForge Cross Site Scripting Vulnerability BugTraq ID: 7223
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7223
Summary:

Alexandria is a freely available project management system. VA Software SourceForge is a modified version of Alexandria.

Alexandria does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user.

It has been reported that sections of Alexandria that display a user's resume are prone to cross site scripting attacks. Any attacker-supplied code will be executed within the context of the website running Alexandria.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for Alexandria 2.5 and 2.0.

4. Alexandria / SourceForge CRLF Injection Vulnerability BugTraq ID: 7224
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7224
Summary:

Alexandria is a freely available project management system. VA Software SourceForge is a modified version of Alexandria.

A vulnerability has been reported for Alexandria that may allow remote attackers to use the Alexandria system for proxying of unsolicited e-mail. The vulnerability exists in the 'sendmessage.php' script file.

There is no input validation performed on user-supplied data passed to functions in the 'sendmessage.php' script file. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages.

Attackers may exploit this weakness to manipulate the structure of outgoing messages. For example, it may be possible for attackers to set the recipient to an arbitrary value. This could be leveraged by individuals to send mass unsolicited mail in a manner similar to how "formmail" is actively exploited (BID 3955).

This vulnerability was reported for Alexandria 2.5 and 2.0.

5. Alexandria / SourceForge File Disclosure Vulnerability BugTraq ID: 7225
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7225
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Alexandria is a freely available project management system. VA Software SourceForge is a modified version of Alexandria.

A vulnerability has been reported for Alexandria that may result in the disclosure of sensitive files to remote attackers.

The vulnerability occurs in the 'docman/new.php' and 'patch/index.php' script files which allow the uploading of files. Due to insufficient checks performed by these scripts, it is possible for an attacker to specify any web server readable files as the files that were recently uploaded. This will result in the disclosure of the contents of these files to remote attackers.

This vulnerability was reported for Alexandria 2.5 and 2.0.

6. Multiple Vendor Web Browser LiveConnect JavaScript Denial Of Service Vulnerability
BugTraq ID: 7227
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7227
Summary:

A denial of service vulnerability has been reported for several browsers. The vulnerability occurs when executing certain malformed JavaScript enabled pages.

An attacker can exploit this vulnerability by creating a malicious javascript page which makes a call to certain methods. When an affected browser is used to view the malformed page, it will cause the Java Virtual Machine to crash, resulting in a denial of service condition.

7. Mutt IMAP Remote Folder Buffer Overflow Vulnerabilities BugTraq ID: 7229
Remote: Yes
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7229
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Mutt is a freely available, open source mail user agent. It is available for the Unix and Linux operating systems.

Buffer overrun vulnerabilities have been reported for Mutt. These vulnerabilities are similar to the issues described in BID 7120, Mutt UTF-7 Internationalized Remote Folder Buffer Overrun Vulnerability.

Mutt provides functionality that allows a remote user to read e-mail from folders through Internet Message Access Protocol (IMAP). A specially crafted folder on an IMAP server may be able to trigger these overflow conditions to cause the vulnerable mutt client to crash. Although unconfirmed, it may be possible to execute attacker-supplied code with the privileges of the mutt process.

Further details of this vulnerability are currently unknown. This BID will be updated as more information becomes available.

These vulnerabilities were reported for Mutt 1.3.28 and earlier.

8. Beanwebb Guestbook HTML Injection Vulnerability BugTraq ID: 7231
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7231
Summary:

Beanwebb Guestbook is guestbook software implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating environments.

Guestbook does not adequately filter some HTML code thus making it prone to HTML injection attacks.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that Guestbook does not sufficiently filter user-supplied values from the 'name', 'email' and 'comment' variables on the 'add.php' page. As a result, attackers may embed malicious script code or HTML into Guestbook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

This vulnerability was reported for Guestbook 1.0.

9. Beanwebb Guestbook Unauthorized Administrative Access Vulnerability BugTraq ID: 7232
Remote: Yes
Date Published: Mar 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7232
Summary:

Beanwebb Guestbook is guestbook software implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating environments.

A vulnerability has been reported for Guestbook that may allow remote attackers to obtain unauthorized access to administrative functions.

The vulnerability is likely due to insufficient permissions on the 'admin.php' script file. Typically, access to this script file should be restricted to trustworthy individuals only.

This vulnerability has been reported for Guestbook 1.0.

1. Justice Guestbook HTML Injection Vulnerability BugTraq ID: 7233 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7233 Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Justice Guestbook is guestbook software implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating environments.

It has been reported that Guestbook does not sufficiently filter user-supplied values from the 'name', 'homepage', 'aim', 'yim' 'location' and 'comment' variables on the 'jgb.php3' page. As a result, attackers may embed malicious script code or HTML into Guestbook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

This vulnerability was reported for Guestbook 1.3.

1. Sendmail Address Prescan Memory Corruption Vulnerability BugTraq ID: 7230 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7230 Summary:

It has been reported that Sendmail is affected by a memory corruption condition that is likely remotely exploitable. The flaw is present in the prescan() procedure, one that is used for processing e-mail addresses in SMTP headers. This function is implemented in the source code file "parseaddr.c". It is at least theoretically possible that this condition may be exploited by remote attackers to execute instructions on target systems. This vulnerability is due to a logic error in the conversion of a char to an integer value.

The condition occurs when Sendmail converts an externally supplied character byte to an integer type. It is possible for the byte to be converted to a special control value (-1) that will result in disabling of bounds checking. This is because the integer type is assigned to the value of a signed char without casting it as unsigned:

c = *p++;

The char value 0xFF will cause c to be assigned to the integer representation of -1, the 'NOCHAR' control value. Bounds checking is disabled when the value of the current character (c) is 'NOCHAR'.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This leads to the potential for malicious data to be written beyond the boundaries of the buffer allocated to store it. Attackers may exploit this condition to overwrite potentially sensitive values on the stack with some degree of control.

The discoverer of this condition has reported that it was successfully exploited to execute code locally. It is likely that this vulnerability can be exploited remotely as well.

This vulnerability is eliminated in Sendmail version 8.12.9. Administrators are advised to upgrade as soon as possible.

1. Justice Guestbook Path Disclosure Vulnerability BugTraq ID: 7234 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7234 Summary:

Justice Guestbook is guestbook software implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating environments.

A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page.

The affected script does not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. Access to sensitive filesystem information may aid an attacker in launching further attacks against a target system.

This vulnerability was reported for Justice Guestbook 1.3.

1. ScozBook HTML Injection Vulnerability BugTraq ID: 7235 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7235 Summary:

ScozBook is guestbook software implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating environments.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that ScozBook does not sufficiently filter user-supplied values from the 'username', 'useremail', 'aim', 'msn', 'sitename' and 'siteaddy' variables on the 'add.php' page. As a result, attackers may embed malicious script code or HTML into ScozBook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

This vulnerability was reported for ScozBook 1.1 BETA.

1. ScozBook Path Disclosure Vulnerability BugTraq ID: 7236 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7236 Summary:

ScozBook is guestbook software implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating environments.

A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page with an arbitrary value for the 'PG' URI variable.

The affected script does not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. Access to sensitive filesystem information may aid an attacker in launching further attacks against a target system.

This vulnerability was reported for ScozBook 1.1 BETA.

1. CCGuestBook HTML Injection Vulnerability BugTraq ID: 7237 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7237 Summary:

It has been reported that CCGuestBook does not sufficiently filter user-supplied values from the 'name' and 'webpage title' fields on the 'cc_guestbook.pl' page. As a result, attackers may embed malicious script code or HTML into CCGuestBook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

1. CCLog HTTP Header HTML Injection Vulnerability BugTraq ID: 7238 Remote: Yes Date Published: Mar 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7238 Summary:

CCLog is a script that logs all hits to a certain web site.

It has been reported that CCLog does not sufficiently filter user-supplied values for some HTTP headers. Specifically, the script, cc_log.pl, does not sanitize the values for the 'User-Agent' and 'Referer' HTTP headers. As a result, attackers may embed malicious script code or HTML into specially crafted HTTP requests. When CCLog is used to assemble a HTML version of web site hits and is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

1. Solaris lpstat Buffer Overflow Vulnerability BugTraq ID: 7239 Remote: No Date Published: Mar 31 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7239 Summary:

The lpstat utility is used to display the contents of the print queue. It has been reported that the version of lpstat shipped with Sun Solaris is vulnerable to a locally exploitable buffer overflow. As lpstat for Solaris is configured setuid root, exploitation of this vulnerability could result in elevation of privileges for a local attacker.

The condition occurs when lpstat is invoked as lpq, a symbolic link pointing to the lpstat binary (for BSD compatability). The function bsd_queue() attempts to append user-supplied data to a local buffer using the C library function strcat(). As this function has no bounds checking, a stack-based buffer overflow condition is present. Local attackers may exploit this condition to overwrite the return address of the affected procedure and execute instructions with effective root privileges.

1. Solaris dtsession HOME Buffer Overflow Vulnerability BugTraq ID: 7240 Remote: No Date Published: Mar 31 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7240 Summary:

dtsession, included with Solaris and several other operating systems, is the CDE session manager. It is installed setuid root by default.

It has been reported that dtsession is vulnerable to a locally exploitable buffer overflow vulnerability. The vulnerability is related to handling of the HOME environment variable. An overflow in heap memory allegedly occurs when the environment variable is of excessive length. This condition may be exploited by attackers to corrupt sensitive structures in the heap. This may result in arbitrary addresses being overwritten when free() is called, allowing an attacker to execute instructions with the root privileges of the dtsession process.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

While only Solaris is confirmed, other systems that include CDE are likely vulnerable.

1. Oracle JDBC Daylight Savings Time Timestamp Weakness BugTraq ID: 7241 Remote: No Date Published: Mar 31 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7241 Summary:

The JDBC thin driver is a component of the Oracle Database. Oracle is available for Unix, Linux, and Microsoft operating systems.

A problem with the software may lead to log inconsistency.

It has been reported that the JDBC thin driver distributed with Oracle databases does not sufficiently handle some timestamps. Because of this, transaction times in Oracle logs and databases may be inaccurate.

The problem is in the handling of daylight savings time. It has been reported that errors occur during the hour in which daylight savings time occurs. Timestamps entered by the driver may be inaccurate, and could thus lead to a loss of integrity of log files.

20. EZ Server Long Argument Local Denial Of Service Vulnerability BugTraq ID: 7243
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7243
Summary:

EZ Server is a freely available FTP and HTTP server. It is available for the Microsoft Operating System.

A problem with the software may make a denial of service possible.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that the EZ Server software does not sufficiently handle strings of excessive length in some circumstances. Because of this, a remote attacker may be able to deny service to legitimate users of the system.

The problem is in the handling of arguments to FTP commands. An argument issued with an FTP command that is of excessive length may cause the server to crash. This vulnerability was reportedly reproduced using a minimum of 1994 bytes of data with FTP commands such as cd and ls.

This vulnerability may be a memory corruption issue, and potentially an exploitable buffer overrun. If this is the case, it is possible for an attacker with login access to the vulnerable FTP server to execute code with the privileges of the server software.

21. SAP DB RPM Install World Writable Binary Vulnerability BugTraq ID: 7242
Remote: No
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7242
Summary:

SAP DB is a free enterprise level database available for Microsoft Windows, Linux, Solaris, AIX, Tru64, and HP-UX platforms.

When SAP DB is installed using RPM packages, insecure permissions are left on two binaries.

After performing the installation, the lserver and dbmsrv binaries have '777' permissions. This allows any user on the system to write to the binaries.

It should be noted that this vulnerability only exists when SAP DB is installed using RPM packages. Installing SAP DB from tgz packages will leave these binaries with '755' permissions.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

22. InstantServers MiniPortal SOHO Anonymous Users Privileges Vulnerability BugTraq ID: 7244
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7244
Summary:

InstantServers MiniPortal is a web server package for Windows based machines, based on the Apache project web server. It includes a web based administrative interface, and a bundled FTP server.

An issue in MiniPortal may make it possible for remote users to perform unauthorized actions.

It has been reported that MiniPortal SOHO does not sufficiently restrict the anonymous user. Because of this, a default configuration may make remote denial of service attacks possible.

The problem is in the permission scheme implemented with a default installation. Reports indicate that the default does not restrict a user from creating and deleting files on the deployed server. This could potentially lead to denial of service attack, or local access to the vulnerable host by an unauthorized user.

23. HP Instant TopTools Remote Denial Of Service Vulnerability BugTraq ID: 7246
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7246
Summary:

Instant TopTools is a remote system monitoring software package distributed by HP. Instant TopTools is available for Unix, Linux, and Microsoft operating systems.

A problem with the software could make a denial of service possible.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that Instant TopTools does not properly handle some types of requests. Because of this, a remote user could potentially deny service to a host using the vulnerable software.

The problem is in the handling of the Instant TopTools calling itself. When a request is issued where the Instant TopTools hpnst.exe program calls itself, the program enters a loop, and begins consuming resources. Multiple requests will render the vulnerable host unusable, requiring a reboot to resume normal function.

This problem has been reported to affect Instant TopTools on the Microsoft Windows platform. Other platforms may also be affected.

24. Kerio WinRoute Firewall Malformed HTTP GET Request Denial of Service Vulnerability BugTraq ID: 7245
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7245
Summary:

Kerio WinRoute Firewall is an enterprise level firewall that performs stateful packet inspection. It runs on Windows NT/2000/XP.

The WinRoute Firewall is vulnerable to a denial of service when a malformed HTTP GET request is sent to the Web Administration interface. This results in the firewall consuming 100% of CPU resources on the system.

If the GET request is missing the Host: parameter, the firewall will consume 100% of CPU resources, resulting in a loss of more than half of future connection requests.

The Web Administration interface is not enabled by default.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

25. Apple QuickTime Player Custom URL Vulnerability BugTraq ID: 7247
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7247
Summary:

QuickTime Player is the media player distributed by Apple for QuickTime Media Files. This problem affects the player on the Microsoft Windows platform.

A problem in the software may make remote code execution possible.

It has been reported that the QuickTime Player does not properly handle some types of URLs. Because of this, a remote attacker may be able to execute arbitrary commands on the vulnerable system.

Few technical details are available concerning this vulnerability. It is known that for an attack to be successful, a user must load a maliciously-crafted URL into the QuickTime Player. It is also known that loading the URL results in the execution of arbitrary code as the QuickTime user.

Initial reports indicate that this issue is a buffer overrun vulnerability. If this is the case, it would be possible for the attacker to place malicious instructions in the URL supplied to the target user. When the URL is loaded into the player, the instructions contained in the URL would be executed with the privileges of the user invoking QuickTime. This vulnerability has been reported to affect QuickTime on only the Microsoft Windows platform.

26. PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability BugTraq ID: 7248
Remote: Yes
Date Published: Mar 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7248
Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The PHP-Nuke 'block-Forums.php' script does not sufficiently sanitize data supplied via form fields, making it prone to HTML injection attacks. In particular, the subject field is not sanitized of HTML tags. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software.

Exploitation could allow for theft of cookie-based authentication credentials or other attacks.

27. Multiple HP Tru64 C Library Vulnerabilities BugTraq ID: 7249
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7249
Summary:

HP has recently issued fixes for numerous security vulnerabilities in the implementation of the C library for Tru64. These vulnerabilities may affect many programs with a variety of consequences including local privilege escalation, denial of service and, remote root compromise.

This entry may be modified during analysis as some of the reported vulnerabilities are already in the Symantec vulnerability database. The reported vulnerabilities are:

• SSRT2322 Bind resolver exploit in ISC
• SSRT2384 TCP exploit denies all RPC service
• SSRT2341 calloc() potential overflow
• SSRT2439 xdrmem_getbytes() potential overflow
• SSRT2412 portmapper hang after port scan with C2 enabled

The list of affected executables are as follows:

/usr/bin/ypmatch
/usr/sbin/traceroute
/usr/sbin/lpc
/usr/bin/lprm
/usr/bin/lpq
/usr/bin/lpr
/usr/lbin/lpd
/usr/bin/binmail
/usr/bin/ipcs
/usr/sbin/quot
/usb/bin/at
/usr/bin/ps
/usr/bin/uux
/usr/bin/uucp
/usr/bin/csh
/usr/bin/rdist
/usr/bin/mh/inc
/usr/bin/mh/msgchk
/usr/sbin/imapd
/usr/bin/deliver
/sbin/.upd..loader
/usr/dt/bin/mailcv
/usr/dt/bin/dtterm
/usr/dt/bin/dtsession
/usr/dt/bin/rpc.ttdbserverd
/usr/bin/X11/dxterm
/usr/bin/X11/dxconsole
/usr/bin/X11/dxpause
/usr/bin/X11/dxsysinfo
/usr/sbin/telnetd
/usr/bin/su
/usr/bin/chsh
/usr/bin/passwd
/usr/bin/chfn
/usr/tcb/bin/dxchpwd

28. HP MPE/iX Unspecified FTP Privileged Data Access Vulnerability BugTraq ID: 7250
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7250
Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

MPE/iX is an Internet-ready operating system for the HP e3000 class servers.

A vulnerability has been reported for the ftp binary shipped with MPE/ix systems. Exploitation of the vulnerability may result in remote attackers obtaining access to sensitive data on vulnerable systems.

Further information about this vulnerability is currently unknown. This BID will be updated as more information becomes available.

29. PowerFTP FTP Command Buffer Overflow Denial Of Service Vulnerability BugTraq ID: 7251
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7251
Summary:

PowerFTP server is a shareware ftp server available for the Microsoft Windows platform. It is distributed and maintained by Cooolsoft.

A buffer overflow vulnerability has been reported for PowerFTP. This vulnerability occurs when overly long values are supplied for some FTP commands. Specifically, the 'ls' and 'cd' commands are vulnerable to exploitation.

An attacker can exploit this vulnerability by connecting to a vulnerable system and sending an overly long value, consisting of at least 1994 characters, to either the 'ls' or 'cd' commands. This will trigger the overflow condition and will cause PowerFTP to crash thereby resulting in a denial of service.

Although unconfirmed, it may be possible to exploit this vulnerability to run attacker-supplied code with the privileges of PowerFTP.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for PowerFTP 2.25.

30. Sun Solaris NewTask Local Privilege Elevation Vulnerability BugTraq ID: 7252
Remote: No
Date Published: Mar 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7252
Summary:

Solaris is the freely available UNIX Operating System variant distributed and maintained by Sun Microsystems.

A problem in the operating system could permit a local user to gain unauthorized privileges.

It has been reported that a privilege elevation vulnerability exists in the Solaris newtask program. Because of this, an attacker may be able to gain elevated privileges, and potentially compromise the integrity of the vulnerable host.

newtask is a task management program that can be used to either initiate a new task owned by a specific project in the executing user's shell, or change the task of an already running process. The program is installed with setuid root privileges.

Few technical details concerning this vulnerability are available. It is known that this issue could permit a local user to gain administrative access. This may be due to either a boundary condition error, or an input validation error. In either instance, commands executed through abuse of the program will be executed with the privileges of the administrative user.

31. Red Hat Linux 9 vsftpd Compiling Error Weakness BugTraq ID: 7253
Remote: Yes
Date Published: Apr 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7253
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

vsftpd is a GPL licensed secure FTP server for UNIX and Linux platforms.

tcp_wrappers is an IP packet filtering facility for UNIX and Linux platforms.

In Red Hat Linux 9, vsftpd was switched to a standalone service instead of being run by xinetd. When this change was made, vsftpd was not compiled against tcp_wrappers.

Because of this, the vsftpd user is unable to perform any IP packet filtering on access to the FTP server.

This issue only affects Red Hat Linux 9 boxed sets that were manufactured for sale in the United States. The affected part numbers are RHF0120US and RHF0121US. Versions of Red Hat 9 that were downloaded or purchased from international boxed sets are not affected.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Fear of a Million Big Brothers By Kevin Poulsen

The U.S. government's surveillance push isn't the only thing on the minds of privacy advocates this year. Concern is growing about the trails netizens leave in routine Web server logs, and who's seeing them. ... >>

http://www.securityfocus.com/news/3711

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Report: Info sharing centers not sharing so much By Kevin Poulsen

Critical infrastructure providers still keep some attacks secret from the government, fearing public disclosure.

http://www.securityfocus.com/news/3690

3. Former hacker warns lawmakers about dangers to personal financial information
By David Ho, The Associated Press Apr 3 2003 4:02PM

A convicted computer hacker told lawmakers Thursday that many attacks on companies that hold consumer financial information go undetected because of poor security.

http://www.securityfocus.com/news/3704

4. Cut software piracy and jumpstart 'stagnant' economies By Tim Richardson, The Register

Clamping down on software piracy could help "jumpstart the world's stagnant and struggling economies" by creating new jobs and business opportunities.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/news/3688

IV. SECURITYFOCUS TOP 6 TOOLS

1. SRG v1.0b1 by Matt Brown Relevant URL: http://www.crc.net.nz/software/srg.php Platforms: Linux Summary:

SRG (Squid Report Generator) is a log file analyzer and report generator for the Squid Web proxy. It was created to allow easy integration with authentication systems such as those that are used for squid itself. It is fast and flexible, and can report details down to the individual files fetched.

2. RainPortal v1.0
by Florent DEFONTIS
Relevant URL:
http://www.securesphere.net/html/projects_rainp.php Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

RainPortal was designed to secure your private messages while talking on IRC networks. As long as you have RainPortal running and the person you are talking to also, all your private messages will be strongly encrypted while passing on the server.

3. Trusted Debian v0.9.1
by Peter
Relevant URL:
http://www.trusteddebian.org/
Platforms: Linux
Summary:

The Trusted Debian project aims to create a highly secure but usable Linux platform. It brings together security solutions including kernel patches, compiler patches, security related programs, and techniques.

4. Async Blockreport v1.0
by Christian Reis
Relevant URL:
http://freshmeat.net/redir/blockreport/38774/url_tgz/blockreport Platforms: Linux
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Async Blockreport processes sendmail logs and produces reports of the messages blocked using DNSBLs for each system user. Blockreport can be set up as a cron job to mail these reports to your users periodically, providing them with an idea of how much spam they would be getting if the spam filters didn't work, and also telling them if any false positives occurred.

5. Socks Server 5 v1.3
by Matteo Ricchetti
Relevant URL:
http://digilander.iol.it/matteo.ricchetti/ Platforms: Linux
Summary:

Socks Server 5 is a socks server for the Linux platform which supports the Socks protocol versions 4 and 5.

6. bungmeter v1.0.2
by gid
Relevant URL:
http://gid0ze.net/bungmeter/
Platforms: Linux, POSIX
Summary:

Bungmeter is fork of fnetload. It's a small network graph monitor. It displays a graphical representation of the the data flowing in and out of a given network interface. It's designed to be small and lightweight.

V. SECURITY JOBS SUMMARY

1. Deloitte & Touche: Security Architecture & Design Professionals Wanted! (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/317359

2. Educational Relationship Representative - Contract Part Time - Non Location Specific (Thread) Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/77/317357

3. Deloitte & Touce: Network Security Professionals Wanted (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/317328

4. Looking for Secuirty Specialists (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/317321

5. (job offered) Full-time salaried Security Consultants in WA (Thread) Relevant URL:

http://online.securityfocus.com/archive/77/317297

6. Seeking employment in the UK - 20 years' experience (Thread) Relevant URL:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux