SecurityFocus Newsletter #200

SecurityFocus Newsletter #200

This Issue is Sponsored by: Neoteris

Evaluating SSL VPNs? Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.securityfocus.com/Neoteris-sf-news

I. FRONT AND CENTER

1. The Enemy Within: Firewalls and Backdoors
2. Adding Security to the Cert
3. Learning to Love Big Brother
4. Welcome to the SecurityFocus Firewalls Focus Area
5. Welcome to the SecurityFocus Pen-Test Focus Area II. BUGTRAQ SUMMARY
6. cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
7. Desktop Orbiter Resource Exhaustion Denial Of Service...
8. Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability
9. PHP-Nuke User/Admin Cookie SQL Injection Vulnerability
10. Microsoft Internet Explorer False URL Information Vulnerability
11. PHP Transparent Session ID Cross Site Scripting Vulnerability
12. JBoss Null Byte Request JSP Source Disclosure Vulnerability
13. iisCart2000 Arbitrary File Upload Vulnerability
14. WebCortex WebStores2000 SQL Injection Vulnerability
15. Apache Tomcat Insecure Directory Permissions Vulnerability
16. Multiple Mod_Gzip Debug Mode Vulnerabilities
17. Webfroot Shoutbox Expanded.PHP Remote Command Execution...
18. WinMX Plaintext Password Storage Weakness
19. myServer HTTP GET Argument Buffer Overflow Vulnerability
20. XMame Lang Local Buffer Overflow Vulnerability
21. Webchat Module Path Disclosure Weakness
22. Webfroot Shoutbox Expanded.PHP Remote Directory Traversal...
23. WebChat Users.PHP Database Username Disclosure Weakness
24. WebChat Users.PHP Cross-Site Scripting Vulnerability
25. Gator EWallet Information Encoding Weakness
26. Crob FTP Server Remote Username Format String Vulnerability
27. Sun Management Center Change Manager PamVerifier Buffer...
28. SPChat Module Remote File Include Vulnerability
29. Cafelog b2 B2Functions Script B2INC Variable Include...
30. CafeLog b2 Blog.Header Script SQL Injection Vulnerability
31. Wordpress Posts SQL Injection Vulnerability
32. Cafelog b2 B2MenuTop Script B2INC Variable Include Vulnerability
33. Wordpress Remote PHP File Include Vulnerability
34. Pi3Web SortName Buffer Overflow Vulnerability
35. Microsoft Windows XP Nested Directory Denial of Service...
36. Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of...
37. Multiple Vendor kon2 Local Buffer Overflow Vulnerability
38. IRCXpro Server Settings.INI Plaintext Password Storage...
39. Red Hat Linux TTY Layer Kernel Panic Denial Of Service...
40. Red Hat Linux Kernel MXCSR Handler Unspecified Vulnerability
41. Red Hat Linux EXT3 Filesystem Data Corruption Vulnerability
42. Sun Solaris Telnet Daemon Remote Denial Of Service Vulnerability
43. HP-UX UUCP Unspecified Buffer Overflow Vulnerability
44. Linux Kernel Fragment Reassembly Remote Denial Of Service...
45. HP-UX UUSUB Unspecified Buffer Overflow Vulnerability
46. Pablo Software Solutions FTP Server Anonymous Users Privileges... III. SECURITYFOCUS NEWS ARTICLES
47. Group Releases Anti-Disclosure Plan
48. Holy Grail of crypto to arrive in three years, say UK boffins
49. Cisco builds WLAN security framework
50. U.S. reviewing old, secret surveillance files in terrorism... IV. SECURITYFOCUS TOP 6 TOOLS
51. Passcheck v2.99
52. LibTomCrypt v0.76
53. OpenSSH SecurID patch v3.6.1p2 v1
54. Logdog v2.0-RC3
55. KisMAC v0.05a
56. A Joint Monitoring System (AJMS) v1.8
57. SECURITYJOBS LIST SUMMARY
58. Looking for an infosec position in Calgary, AB (Thread)
59. SR. IT MANAGER WITH SECURITY BACKGROUND LOOKING IN MINNESOTA...
60. PWC - Threat & Vulnerability Management (Senior Associate )...
61. LOOKING FOR A SR. IDS MANAGER - BETHESDA, MD (Thread)
62. Newport News, VA - MS Exchange SW Development Manager (Thread)
63. Networking and Security Engineer Available. Travel OK. (Thread)
64. Recent CISSP seeking in GA or NC. (Thread)
65. Metro DC - junior to midlevel security position sought (Thread)
66. Corporate Security Analyst - San Jose, CA (Thread)
67. Seeking infosec employment (Thread)
68. 20-yr International IT & Internet Security Veteran (Thread)
69. New Focus Areas on SecurityFocus.com X-POST (Thread)
70. Tivoli Security Specialist needed (Thread)
71. Looking for a sales position (Thread)
72. Neoteris is hiring!!! - Regional Sales Manager - Benelux (Thread)
73. Neoteris is hiring!!! - Regional Sales Manager - Japan (Thread)
74. Neoteris is hiring!!! - Federal Sales Manager - VA/MD/DC (Thread)
75. Neoteris is hiring!!! - Senior Technical Support Engineer...
76. CISSP, Looking for assignment in Research Triangle Park, NC...
77. Very Experienced British Expat Returning (Thread)
78. Security professional looking for work. (willing to relocate)...
79. CISSP & CISA Available Nationwide for Contract Consulting...
80. Credit Card Fraud Analyst/Project Manager ? Chicago (Thread)
81. IT PROFESSIONALS WANTED (Thread)
82. Java / Web Developer - Senior - 8 - 12 month contract (Thread)
83. Position In Jacksonville, FL (Thread)
84. Systems Security Engineer, TiVo, Inc., Alviso, CA (Thread)
85. Rocky Mtn. CISSP for hire (Thread)
86. Security Engineer/Santa Monica, CA (Thread)
87. systems administrator looking for work - NW Ohio (Thread)
88. Need Security Evangelist in Dallas (Thread)
89. Verisign - number in the UK (Thread)
90. Security Sales Engineers and Account Executives/Seattle (Thread) VI. INCIDENTS LIST SUMMARY
91. FW: File Folders Own Changed (Thread)
92. Help with an odd log file... (Thread)
93. strange cmd.exe access (Thread)
94. strange traffic on UDP port 53 (Thread)
95. Dameware Malcode? Is anyone aware of it? (Thread)
96. KazaaLite 2.0.2 Build 1 (Thread)
97. FW: KazaaLite 2.0.2 Build 1 (Thread)
98. Dubious e-mail: [Fwd: Dell.com (Password Request)] (Thread)
99. Hmm....901 (Thread)
100. Announcement: SecurityFocus Pen-Test and Firewalls Focus Areas...
101. FW: Hmm....901 (Thread)
102. A question for the list... (Thread)
103. Whois updates, Was: [ Possible Intrusion Attempt?] (Thread)
104. Weird Traffic from www.eyeblaster-bs.com (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
105. Decision (Thread)
106. win32 shellcoding (Thread)
107. Shellcode questions (Thread)
108. win32 command line overflows: (ex: ollydbg.exe) (Thread)
109. strcpy bug (Thread)
110. Exploiting new IE Object Type Overflow (Thread)
111. New Secuity Vulnerabilities (Thread)
112. possible remote buffer overflow in atftpd (Thread)
113. Frame pointer overwriting and FreeBSD (Thread)
114. man[v1.5l]: format string exploit / POC. (Thread)
115. [Vuln-dev Challenge] Challenge #2 (New technique maybe?) (Thread)
116. Announcement: SecurityFocus Pen-Test and Firewalls Focus Areas...
117. Windows XP mmc.exe Crash (Thread)
118. Gera's Insecure Programing abo7 (Thread)
119. Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash...
120. xmame gain root exploit (Thread)
121. netstrings example vulnerable (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
122. Announcement: SecurityFocus Pen-Test and Firewalls Focus Areas...
123. SecurityFocus Microsoft Newsletter #139 (Thread)
124. Internet Explorer URL Spoofing Threat (Thread) IX. SUN FOCUS LIST SUMMARY
125. New Focus Areas on SecurityFocus.com (Thread)
126. LINUX FOCUS LIST SUMMARY
127. deny deleting a file for users (Thread)
128. Linux firewall/IDS/NAT suggestions (Thread)
129. deny deleting a file for users.. trying a solution (Thread)
130. New Focus Areas on SecurityFocus.com (Thread)
131. process accounting (Thread) XI. SPONSOR INFORMATION
132. FRONT AND CENTER

     ---

133. The Enemy Within: Firewalls and Backdoors by Bob Rudis, CISSP, and Phil Kostenbade, CISSP

This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.

http://www.securityfocus.com/infocus/1701

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Adding Security to the Cert
By Tim Mullen

Shiftless third-party prep courses have made MCSE certification less valuable. Is Microsoft's new security cert doomed to the same fate?

http://www.securityfocus.com/columnists/166

3. Learning to Love Big Brother
By Scott Granneman

Microsoft's digital rights management (DRM) may have implications for security professionals.

http://www.securityfocus.com/columnists/165

4. Welcome to the SecurityFocus Firewalls Focus Area By Marcus Ranum

SecurityFocus is very pleased to announce the roll-out of the new Firewalls focus area.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1700

5. Welcome to the SecurityFocus Pen-Test Focus Area By Ivan Arce

The new SecurityFocus Pen-Test focus area offers a unique forum for the exchange of pen-test information.

http://www.securityfocus.com/infocus/1699

II. BUGTRAQ SUMMARY

1. cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability BugTraq ID: 7758 Remote: Yes Date Published: May 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7758 Summary:

cPanel is a multi-platform web hosting control panel that allows a user to manage their hosted account through a web-based interface.

cPanel includes a Formail-clone/scripts.

It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The issue is reportedly due to a lack of input sanitization performed on the cPanel recipient field, used by the cPanel Formmail-clone. Reportedly, if an attacker appends a reference to the local domain in parenthesis, e.g. 'recipient@example.(localdomain)com' as a part of an e-mail address passed to cPanel. When the cPanel mailer invokes sendmail to handle this address sendmail will strip out the parenthesis and the data contained therein and send the e-mail to the attacker-supplied address.

This issue may be exploited by an attacker to use the vulnerable host as an open relay.

2. Desktop Orbiter Resource Exhaustion Denial Of Service Vulnerability BugTraq ID: 7759
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7759
Summary:

Desktop Orbiter is designed to be a desktop security solution. It is maintained by Anfibia and is available for the Microsoft Windows operating system.

A denial of service vulnerability has been reported for Desktop Orbiter. The vulnerability exists due to the way the application handles connections. Specifically, for every open connection, a snapshot preview of the desktop is loaded into memory. Thus, numerous connections would result in a consumption of all available memory resources.

An attacker can exploit this vulnerability by making numerous connections to a Desktop Orbiter server on TCP port 51054. For every connection, the vulnerable service creates a snapshot of the desktop that is subsequently loaded into memory. This will eventually result in the service consuming all available memory and causing the system to behave unpredictably.

This vulnerability affects Desktop Orbiter 2.01. It is not known whether earlier versions are affected.

3. Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability BugTraq ID: 7760
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7760
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The /bin/mail utility is a mail processing system which can be used to send and receive e-mail messages. It is available for the Unix and Linux operating systems.

A vulnerability has been discovered in /bin/mail on the Linux operating system. The problem occurs when processing the 'CC:' field within an e-mail message. Due to insufficient bounds checking, handling approximately 8824 bytes of data will trigger a buffer overrun.

Successful exploitation of this issue could allow an attacker to execute arbitrary commands with the privileges of /bin/mail. It should be noted that local exploitation of this vulnerability may be inconsequential. However, a malicious e-mail message referenced by the vulnerability utility or a remote CGI interface may both be sufficient conduits for remote exploitation.

4. PHP-Nuke User/Admin Cookie SQL Injection Vulnerability BugTraq ID: 7762
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7762
Summary:

PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site.

PHP-Nuke is reported to be prone to SQL injection attacks during authentication. This is due to insufficient sanitization of cookie values, which will be used in database queries. This could permit an attacker to inject SQL code.

It has been demonstrated that this vulnerability may allow a remote attacker to modify query logic and disclose administrator and user password hashes through a sequential brute force method. Although unconfirmed, it may also be possible, depending on the database implementation and other factors, to launch attacks against the database. This may result in the disclosure of sensitive information.

Having the Web_Links module installed and one link active, is a prerequisite for exploitation of the admin password hash recovery issue.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that although this vulnerability has been reported to affect PHP-Nuke version 5.6 and 6.5 all other versions may potentially be affected.

5. Microsoft Internet Explorer False URL Information Vulnerability BugTraq ID: 7763
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7763
Summary:

An issue has been reported for Microsoft Internet Explorer that may result in a false sense of security for a user.

Due to the way IE handles certain functions, the URL displayed on the
'location bar' will not correspond to the actual URL of the site displayed
in the browser window. As a result, a malicious attacker can exploit this issue to entice a user to visit a web site and make them believe they are at known or trusted page.

6. PHP Transparent Session ID Cross Site Scripting Vulnerability BugTraq ID: 7761
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7761
Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

PHP contains an option known as transparent session IDs. This feature allows session IDs to be embedded with a URL.

A cross-site scripting vulnerability has been discovered in PHP version 4.3.1 and earlier. The problem occurs when the 'session.use_trans_sid' global parameter has been enabled.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Due to insufficient sanitization of the PHPSESSID URI parameter, it is possible for an attacker to embed malicious script code within a link. By embedding malicious code in such a way that an HTML tag will be prematurely terminated, it may be possible to execute arbitrary script code.

Successful exploitation of this issue would allow an attacker to execute arbitrary script code in a victim's browser within the context of the visited website. This may allow for the theft of sensitive information, such as session ID's, or possibly other attacks.

It should be noted that PHP versions prior to release 4.2.0 do not support transparent session IDs by default. Support must be specified during initial compilation.

7. JBoss Null Byte Request JSP Source Disclosure Vulnerability BugTraq ID: 7764
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7764
Summary:

JBoss is a freely available, open source Java Application server. It is distributed and maintained by JBoss Group.

A problem in the software may make it possible to gain unauthorized access to potentially sensitive information.

A problem has been reported in the handling of unexpected characters by the JBoss program. Because of this, an attacker may gain access to potentially sensitive information.

The problem is in the input of null characters with some requests. By placing a valid request, and appending a null byte to the end of the request, it is possible to see the source of the Java Server Page (JSP) requested from JBoss. This could yield potentially sensitive information such as passwords.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that this problem occurs when JBoss is used with Jetty. It is not known what affect this problem has on JBoss with other servers.

8. iisCart2000 Arbitrary File Upload Vulnerability BugTraq ID: 7765
Remote: Yes
Date Published: May 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7765
Summary:

iisCart2000 is web-based shopping cart software implemented in ASP. It is available for the Microsoft Windows operating system.

A vulnerability has been reported for iisCart2000 that may result in an attacker uploading arbitrary files to a vulnerable server. The vulnerability exists in the upload.asp script. Specifically, the script does not properly verify that a user is authorized to upload files.

An attacker can exploit this vulnerability by issuing a request for the vulnerable script (residing in 'admin/' or './'). This will allow an attacker to upload arbitrary files to the vulnerable server. If the uploaded file is a ASP script file, it may be possible for an attacker to execute the uploaded script.

Successful exploitation may result in the execution of attacker-supplied code.

9. WebCortex WebStores2000 SQL Injection Vulnerability BugTraq ID: 7766
Remote: Yes
Date Published: May 31 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7766
Summary:

WebCortex WebStores2000 is shopping cart software implemented in ASP. It is available for Microsoft Windows operating environments.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

WebStores2000 has been reported to be prone to SQL injection attacks.

This vulnerability is reportedly caused by a lack of sufficient sanitization of user-supplied data contained in URI parameters supplied to WebStores2000. Specifically an attacker may inject SQL database commands by embedding malicious SQL commands within either the 'Item_ID' URI parameter, supplied to the browse_item_details.asp script.

Successful exploitation may allow for modification of the structure of SQL queries, resulting in information disclosure, or database corruption. The consequences depend on the nature of specific queries. This issue may allow the attacker to exploit latent vulnerabilities in the underlying database.

1. Microsoft URLScan Information Disclosure Weakness BugTraq ID: 7767 Remote: Yes Date Published: May 31 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7767 Summary:

Microsoft URLScan is a tool that prevents certain types of specific HTTP requests from reaching a IIS (Internet Information Services) server.

A weakness has been reported for URLScan that may result in the disclosure of sensitive information.

The weakness exists because of the way URLScan handles HEAD HTTP requests. Specifically, when URLScan receives a HEAD request that is subsequently rejected, it is automatically converted to a GET request and sent to the underlying IIS server. This is so that the appropriate reject page is delivered to a requesting client.

The information returned may allow an attacker to identify systems that incorporate the use of URLScan.

1. Apache Tomcat Insecure Directory Permissions Vulnerability BugTraq ID: 7768 Remote: No Date Published: Jun 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7768 Summary:

Tomcat is a web server and JSP/Servlet container that is developed by Apache as part of the Jakarta project.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Apache Tomcat may be installed with world-readable permissions for the /opt/tomcat/ directory. Files in this directory may contain sensitive information, such as authentication credentials. Local users may potentially gain unauthorized access to these files as a result.

This issue was reported for Apache Tomcat versions prior to 4.1.24 on Gentoo Linux. It is not known if other distributions are similarly affected.

1. Multiple Mod_Gzip Debug Mode Vulnerabilities BugTraq ID: 7769 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7769 Summary:

Mod_gzip is an Apache web server module that compresses web content before sending it to the client. Mod_gzip is not a standard module for Apache.

Multiple vulnerabilities were reported in Mod_gzip. The following issues exist when the software is run in debug mode:

Insufficient bounds checking of request data may lead to a stack overflow. If a remote user passes an excessive request for a file type (such as gzip) handled by the module, it may be possible to corrupt stack variables with specific values. This could lead to execution of malicious attacker-supplied instructions.

Mod_gzip is prone to a format string vulnerability when Apache logging facilities are used. This is due to missing format specifiers in the code responsible for logging requests for file types handled by the module. Exploitation could permit a remote attacker to overwrite arbitrary locations in memory with malicious data, potentially allowing for code execution.

Mod_gzip logs debugging information in files using predictable names. The following naming scheme is used when log files are created:

/tmp/t<PID>.log

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By anticipating the value of the process ID, a local attacker could launch symlink attacks against other system files. It has been reported that some debugging information is logged as the superuser. This could allow for corruption of arbitrary files. If these files can be corrupted with custom data, then it will be possible to gain elevated privileges.

Exploitation of these issues could result in execution of malicious instructions or corruption of critical or sensitive files.

This record will be divided into multiple BIDs when further analysis of these issues is complete.

1. Webfroot Shoutbox Expanded.PHP Remote Command Execution Vulnerability BugTraq ID: 7772 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7772 Summary:

Webfroot Shoutbox is a web application designed to allow web site visitors a chance to leave messages. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of input into the expanded.php script.

An attacker can exploit this vulnerability to insert malicious PHP code into the web server logs which can then be executed by the PHP interpreter when the logs are requested. This will allow an attacker to execute arbitrary commands on a vulnerable system in the context of the web server.

This vulnerability was reported to affect Webfroot Shoutbox 2.32 and earlier.

1. WinMX Plaintext Password Storage Weakness BugTraq ID: 7771 Remote: No Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7771 Summary:

WinMX is a P2P file sharing application for Microsoft Windows operating systems. It supports the OpenNap protocol and is compatible with a number of P2P servers.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

WinMX stores P2P passwords in plaintext. As a result, these credentials could be exposed to other local users. Passwords are stored in the
'nservers.dat' file and are also be accessible to users via the server
editing feature of the WinMX interface.

This issue has been reported in WinMX 2.6. It is thought that the issue may have been addressed in later versions, though no vendor confirmation is available.

1. myServer HTTP GET Argument Buffer Overflow Vulnerability BugTraq ID: 7770 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7770 Summary:

myServer is an application and web server for Microsoft Windows and Linux operating systems.

myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP requests of excessive length. Specifically, when the web server processes an argument passed to a malicious HTTP GET request that consists of more than 4100+ bytes, the web server will crash. This will result in a denial of service condition.

It is possible that this vulnerability may also allow the execution of arbitrary instructions. Any instructions carried out through this vulnerability would be with the privileges of the web server process. However, the possibility of code execution has not been confirmed.

This vulnerability was reported for myServer version 0.4.1 It is likely that other versions are also affected.

1. XMame Lang Local Buffer Overflow Vulnerability BugTraq ID: 7773 Remote: No Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7773 Summary:

Xmame is a port of the MAME arcade emulator. It is available for Linux and Unix systems.

Xmame is prone to a locally exploitable buffer overflow. The issue exists in the xmame.x11 executable. This is due to insufficient bounds checking of the command line parameter used to specify language settings (--lang). By specifying an excessively long language parameter, it is possible to corrupt stack memory with attacker-supplied values. This could be exploited to control execution flow and cause execution of malicious instructions.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Some builds of Xmame require setuid root privileges to operate properly, particularly those builds with svgalib/xf86_dga support enabled. Successful exploitation on some systems could result in execution of arbitrary code with elevated privileges.

1. Webchat Module Path Disclosure Weakness BugTraq ID: 7774 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7774 Summary:

Webchat is a web based chat module designed for use with PHP-Nuke.

Webchat has been reported prone to a path disclosure weakness.

Reportedly an attacker may make a malicious HTTP request for the 'out.php' script to trigger the condition; alternatively the attacker may pass a non-numeric 'roomid' URI parameter to the Webchat module. Under some circumstances either request will trigger an exception, causing Webchat to display an error message containing the path to an internal PHP include file embedded in the source of the error.

An attacker may use the information gathered in this manner to aid in further attacks launched against the host.

This weakness was reported to affect Webchat version 2.0 other versions may also be affected.

1. Webfroot Shoutbox Expanded.PHP Remote Directory Traversal Vulnerability BugTraq ID: 7775 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7775 Summary:

Webfroot Shoutbox is a web application designed to allow web site visitors a chance to leave messages. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the viewing of potentially sensitive files by attackers.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by manipulating the value of the 'conf' URI parameter submitted to the expanded.php script to obtain any files readable by the web server.

Information obtained in this manner may allow an attacker to launch further, potentially destructive attacks against a vulnerable system.

This vulnerability was reported to affect Webfroot Shoutbox 2.32 and earlier.

1. WebChat Users.PHP Database Username Disclosure Weakness BugTraq ID: 7777 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7777 Summary:

WebChat is a web based chat module designed for use with PHP-Nuke.

WebChat has been reported prone to a database username disclosure weakness.

The issue presents itself when a malicious request is made for the WebChat
'users.php' page. An attacker may pass a guessed username as the
'username' URI parameter to the affected page. Although unconfirmed, it is
likely that this action will return some indication of whether the submitted username exists or not. An attacker may exploit this weakness to enumerate database passwords.

An attacker may use the information gathered in this manner to aid in further attacks launched against the host.

This weakness was reported to affect Webchat version 2.0 other versions may also be affected.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

20. WebChat Users.PHP Cross-Site Scripting Vulnerability BugTraq ID: 7779
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7779
Summary:

WebChat is a web based chat module designed for use with PHP-Nuke.

WebChat has been reported prone to a cross-site scripting vulnerability.

WebChat does not adequately filter script code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the WebChat 'users.php' script. The code contained in the 'username' URI parameter may be executed in the browser of the web user who visits the link. Code will be executed in the security context of the system running the WebChat Module.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

This vulnerability was reported to affect WebChat version 2.0 other versions may also be affected.

21. Gator EWallet Information Encoding Weakness BugTraq ID: 7778
Remote: No
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7778
Summary:

Gator eWallet is software for managing personal data such as passwords and credit card information. It is available for Microsoft Windows operating systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Gator eWallet fails to adequately protect sensitive information stored by users.

Gator eWallet uses Base64 encoding to protect sensitive information. This information is stored in the following data files in the program folder:

mepgh.dat
mepcme.dat
meprca.dat
mepcmeft.dat
GMT.exe.manifest

meperr.dat
mepgus.dat
mepoem.dat

Local users with access to these files may gain access to a plethora of personal information. Base64 encoded data may be trivially reversed to obtain plaintext.

22. Crob FTP Server Remote Username Format String Vulnerability BugTraq ID: 7776
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7776
Summary:

Crob FTP Server is a typical file transfer server available for the Windows operating system.

A vulnerability has been reported for Crob FTP Server. The problem occurs due to the lack of format specifiers supplied to a printf()-like function. The vulnerability specifically occurs when displaying the 'user' parameter while prompting for a password. As a result, an attacker may be capable of exploiting this issue by embedding malicious format specifiers designed to write to memory, such as %hn.

Successful exploitation of this vulnerability would allow an attacker to overwrite arbitrary locations in memory, ultimately allowing for the execution of arbitrary code. All commands executed in this manner would be run with the privileges of the Crob FTP Server.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for Crob FTP Server 2.50.4, however earlier versions may also be affected.

23. Sun Management Center Change Manager PamVerifier Buffer Overflow Vulnerability BugTraq ID: 7781
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7781
Summary:

Sun Management Center Change Manager is a software package available for the Sun Solaris operating system. It is distributed and maintained by Sun.

A problem with Sun Management Center Change Manager may give a remote user unauthorized access to the system.

It has been reported that Sun Management Center (SunMC) Change Manager is vulnerable to a remote boundary condition error. Because of this, it may be possible for an attacker to gain administrative access to a system remotely.

The problem is in the pamverifier program. A buffer overrun in this program can result in the execution of code with the privileges of the administrative user. Because of this, an attacker could exploit this issue to compromise the administrative integrity of a vulnerable system.

It should be noted that SunMC Change Manager is an add-on component of SunMC, and is not installed with SunMC or on Solaris by default.

24. SPChat Module Remote File Include Vulnerability BugTraq ID: 7780
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7780
Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SPChat is a web based chat module designed for use with PHP-Nuke.

SPChat has been reported prone to a remote file include vulnerability.

The issue presents itself due to insufficient sanitization performed on the user-supplied URI variable 'statussess' by the SPChat module. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the
'statussess' URI parameter.

If the remote file is a malicious script, this may allow for execution of attacker-supplied code in the context of the affected SPChat module.

This vulnerability was reported to affect SPChat version 0.8 other versions may also be affected.

25. Cafelog b2 B2Functions Script B2INC Variable Include Vulnerability BugTraq ID: 7782
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7782
Summary:

CafeLog b2 WebLog Tool allows users to generate news pages and weblogs dynamically. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

A remote file include vulnerability has been reported in Cafelog b2. Due to insufficient sanitization of user-supplied values by the b2functions.php script, it is possible for a remote attacker to influence the location of included files.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the '$b2inc' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the web server. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for Cafelog 0.6.1.

26. CafeLog b2 Blog.Header Script SQL Injection Vulnerability BugTraq ID: 7783
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7783
Summary:

Cafelog b2 WebLog Tool allows users to generate news pages and weblogs dynamically. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

The Cafelog b2 tool does not properly sanitize user input sent to the blog.header.php script. Because of this, it is possible for an attacker to pass malicious SQL code to the underlying database.

The problems is in the checking of the $posts variable of the script. SQL code may be inserted into the variable, and will in turn be executed by the database server. Requests could include adding, deleting, and modifying data. Additionally, this may allow a remote attacker to exploit vulnerabilities that exist in the underlying database.

27. Wordpress Posts SQL Injection Vulnerability BugTraq ID: 7784
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7784
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Wordpress allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.

Wordpress has been reported prone to an SQL injection vulnerability.

Wordpress does not properly sanitize user input that is passed to the
'posts' variable. Specifically, data contained in the 'posts' variable is
not converted to an integer before it is passed to an SQL query. An attacker may exploit this vulnerability to insert SQL code into requests and have the SQL code executed by the underlying database server. These requests could include adding, deleting, and modifying data. Additionally, this may allow a remote attacker to exploit vulnerabilities that exist in the underlying database.

It should be noted that although this vulnerability has been reported to affect Wordpress version 0.7, other versions might also be affected.

28. Cafelog b2 B2MenuTop Script B2INC Variable Include Vulnerability BugTraq ID: 7786
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7786
Summary:

CafeLog b2 allows users to generate news pages and weblogs dynamically. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

A remote file include vulnerability has been reported in Cafelog b2. Due to insufficient sanitization of user-supplied values in the b2menutop.php script, it is possible for a remote attacker to influence the location of included files.

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the '$b2inc' parameter.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the web server. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for Cafelog 0.6.2.

29. Wordpress Remote PHP File Include Vulnerability BugTraq ID: 7785
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7785
Summary:

Wordpress allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.

A vulnerability has been reported for Wordpress. The problem is said to occur due to insufficient sanitization of user-supplied URI parameters.

Specifically the '$abspath' variable, which is used as an argument to the PHP require() function, is not sufficiently sanitized of malicious input. As a result, an attacker may be capable of including a malicious
'blog.header.php' from a controlled web server. This may result in the
execution of PHP commands located within the script.

Successful exploitation of this vulnerability would allow an attacker to execute arbitrary PHP commands on a target server, with the privileges of Wordpress.

30. Pi3Web SortName Buffer Overflow Vulnerability BugTraq ID: 7787
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7787
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Pi3Web is a free, multi platform, configurable HTTP server and development environment. It is available for Unix/Linux variants and Microsoft Windows operating systems.

Pi3Web is prone to a buffer overflow vulnerability. This is due to insufficient bounds checking of URI parameters. It is possible to trigger this condition by specifying a 'SortName' URI parameter of excessive length. Excess data will overrun adjacent regions of memory. This condition could be exploited to cause a denial of service or possibly to execute malicious instructions in the context of the server.

This issue was reported for Pi3Web 2.0.2 Beta 1 on Windows platforms.

It was originally believed that this condition only existed with certain indexing configurations but additional reports indicate that this is not the case.

31. Microsoft Windows XP Nested Directory Denial of Service Vulnerability BugTraq ID: 7789
Remote: No
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7789
Summary:

A vulnerability has been reported for all versions of Microsoft Windows XP. The problem occurs while handling the options menu of the last folder within 122 nested directories. The next directories must all use a naming scheme of strictly one character, such as 'a' or 'b'.

By moving the cursor over the menu for the 122nd folder it may be possible for an unprivileged local user to crash a target system.

32. Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability BugTraq ID: 7788
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7788
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Microsoft Windows 2000/XP/2003 has been reported prone to a remote denial of service vulnerability.

Reportedly, an attacker may trigger this vulnerability, under certain configurations. Specifically IPV6 must be enabled on the target server. Under these conditions an attacker may launch an ICMP flood attack, (An ICMP flood attack, by nature, is designed to send a greater number of ICMP echo request packets than the vulnerable protocol implementation can handle.), that could effectively deny network services to valid users.

Reportedly this issue is further exaggerated by bid 7666.

33. Multiple Vendor kon2 Local Buffer Overflow Vulnerability BugTraq ID: 7790
Remote: No
Date Published: Jun 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7790
Summary:

kon2 is a Kanji emulator for the Linux console.

A buffer overflow vulnerability has been reported for the kon2 utility shipped with various Linux distributions. Exploitation of this vulnerability may result in a local attacker obtaining elevated privileges on a vulnerable system.

The vulnerability exists due to insufficient bounds checking performed on some commandline options passed to the vulnerable utility.

A local attacker can exploit this vulnerability by invoking kon2 with overly long commandline options. This will trigger the overflow condition and may result in an attacker obtaining root privileges.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for kon2 0.3.9b and earlier.

34. IRCXpro Server Settings.INI Plaintext Password Storage Vulnerability BugTraq ID: 7792
Remote: Yes
Date Published: Jun 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7792
Summary:

IRCXpro Server is a IRC server that is designed for use with Microsoft Windows operating systems.

A problem with the IRCXpro Server could make unauthorized access to credentials possible.

It has been reported that a problem exists in the method used for the storage of passwords by IRCXpro. This could lead to local users gaining unauthorized access to passwords, and potentially unauthorized access to the vulnerable IRC server.

Specifically, IRCXpro Server stores user credentials in the "settings.ini" configuration file, using plain text format by default. A local user with sufficient privileges to read this file may obtain the usernames and passwords contained within.

Information gathered in this way may be used to aid in further attacks launched against the vulnerable system.

This vulnerability was reported for IRCXpro Server 1.0.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools <