SecurityFocus Newsletter #203

SecurityFocus Newsletter #203

This Issue is Sponsored by: Tenable

Tenable Network Security offers a Vulnerability Management Product.
"Lightning 1.1 is a next-generation security software solution that
thoughtfully combines relevant security data from vulnerability scans and intrusion detection devices to help enterprises reduce network exposure. Its design is definitely unique and highly scalable when compared to others in our industry," says Ron Gula, President and CTO of Tenable.

Please visit: http://www.securityfocus.com/TenableSecurity-sf-news

I. FRONT AND CENTER

1. IDS Correlation of VA Data and IDS Alerts
2. RFID Chips Are Here
3. The SecurityFocus 4th Anniversary Contest II. BUGTRAQ SUMMARY
4. WebFS Request-URI Buffer Overflow Vulnerability
5. osh Environment Variable Buffer Overflow Vulnerability
6. osh File Redirection Buffer Overflow Vulnerability
7. WebJeff Filemanager File Disclosure Vulnerability
8. WebJeff Filemanager Plain Text Password Storage Vulnerability
9. Traceroute-Nanog Integer Overflow Memory Corruption Vulnerability
10. Progress 4GL Compiler Datatype Buffer Overflow Vulnerability
11. Zope Empty Upload Information DisclosureVulnerability
12. Zope addItems Script Information Disclosure Vulnerability
13. Zope Invalid Query Information Disclosure Vulnerability
14. Zope ExampledbBrowseReport Description Field HMTL Injection...
15. Linux /proc Filesystem Potential Information Disclosure...
16. GNU GNATS PR-Edit Command Line Option Heap Corruption...
17. GNU GNATS PR-Edit Lock File Buffer Overflow Vulnerability
18. GNU GNATS Environment Variable Buffer Overflow Vulnerability
19. IndigoSTAR Software PerlEdit Denial Of Service Vulnerability
20. QNX Demo Web Server Directory Traversal Vulnerability
21. Symantec Security Check RuFSI ActiveX Control Buffer Overflow...
22. MyServer Remote Denial Of Service Vulnerability
23. Compaq Web-Based Management Agent Multiple Remote Vulnerabilities
24. Tutos File_Select.PHP Cross-Site Scripting Vulnerability
25. XMB Forum Multiple Cross-Site Scripting And HTML Injection...
26. Tutos File_New Arbitrary File Upload Vulnerability
27. Compaq Web-Based Management Agent Remote Stack Overflow Denial...
28. Compaq Web-Based Management Agent Access Violation Denial of...
29. Microsoft Internet Explorer HR Align Buffer Overflow...
30. Armida Databased Web Server Remote GET Request Denial Of...
31. VisNetic WebMail Information Disclosure Vulnerability
32. Compaq Web-Based Management Agent Remote File Verification...
33. tcptraceroute Failure To Relinquish Root Privileges Weakness
34. LBreakOut2 Login Remote Format String Vulnerability
35. Gkrellmd Remote Buffer Overflow Vulnerability
36. Alt-N WebAdmin USER Parameter Buffer Overflow Vulnerability
37. Multiple GuestBookHost HTML Injection Vulnerabilities
38. Sharp Zaurus Samba Server Unauthorized Remote Filesystem...
39. SGI IRIX IPV6 InetD Port Scan Denial Of Service Vulnerability
40. SGI IRIX Snoop Unspecified Vulnerability III. SECURITYFOCUS NEWS ARTICLES
41. AT&T lets phone fraud victims off the hook
42. I am not the Spammer you think I am
43. Techno cops needed to catch cyber criminals - Blunkett IV. SECURITYFOCUS TOP 6 TOOLS
44. SURVIVOR v0.9.2b
45. MIMEDefang v2.34
46. heartbeat v0.2
47. DSPAM v2.6.1
48. Python milter v0.5.5
49. Traffic tool Troll v1.0
50. SECURITYJOBS LIST SUMMARY
51. Expert in Security Event Management (as well as other things)...
52. Professional Services Opportunities in E-Commerce Security...
53. Incident Analyst Position, Dublin Ireland (Thread)
54. Expert in Firewall,VPN and IDS (Thread)
55. Security Architect - Technical Architect Security - London...
56. HELP! - IMMEDIATE OPENING - Vulnerability Assessment - Reston...
57. Business Development Manager Information Security / Saudi...
58. Senior Scientist, Risk Assessments - Chicago, IL - Greythorn...
59. Security Manager vacancy (Thread)
60. IT Internship (Thread)
61. Anti-SPAM/IDS Architect needed (Thread)
62. NT Security expert (Thread)
63. IMMEDIATE OPENING - Sr. IDS Manager - Bethesda, MD (Thread)
64. Certification & Accreditation Specialist (Thread)
65. Operations / Project Manager role in Amsterdam , Holland (Thread)
66. Secure VoIP, Wireless Engineer Needed in Baltimore Area (Thread)
67. Security LAN/WAN Opportunity (BS+8, US Citizen, DC area) (Thread)
68. Information Security Administrator opportunity -- Dallas, TX...
69. Location Update: Looking for security analyst (Thread)
70. Location Upate: Looking for security analyst (Thread)
71. Looking for security analyst (Thread)
72. Intrusion Detection & Incident Response - Chicago, IL (Thread)
73. HIPPA consultant in BOSTON (Thread) VI. INCIDENTS LIST SUMMARY
74. Traffic with 55808 tcp windows size: news. (Thread)
75. strange logs -- tcp port 16166 (Thread)
76. War Dial on my PBX (Thread)
77. Questionable UDP traffic received by firewall (Thread)
78. Intrusec 55808 Trojan Analysis (Thread)
79. Scan from Philipine Center on Transnational Crime (Thread)
80. kuag2 again? (Thread)
81. chkrootkit and LKM? (Thread)
82. sdbot variant and WS 55808 activity (Thread)
83. ISS "Stumbler" advisory questions (Thread)
84. Unusual registry entries (Thread)
85. sdbot variant and port 55808 activity (Thread)
86. Spoofed TCP SYNs w/Winsize 55808 (was: Help with an odd lo... VII. VULN-DEV RESEARCH LIST SUMMARY
87. Starting on Assembly under win32 (Thread)
88. GetPC code (was: Shellcode from ASCII) (Thread)
89. Getting Base Address using the Structured Exception Handler...
90. Shellcode from ASCII (Thread)
91. Windows Shellcode Writing (Thread)
92. file hiding under Linux (Thread)
93. portmon <=1.8 buffer over flow ! (Thread)
94. remote command execution in multiple languages (Thread)
95. exploiting a binary if %edi can be overwritten? (Thread)
96. crashing explorer with file properties (Thread)
97. Java class obfuscation (Thread)
98. Myserver 0.4.1 DOS... (Thread)
99. Formatstrings on *BSD (Thread)
100. [Full-Disclosure] Java class obfuscation (Thread)
101. IE exposing URLs to msn.com and alexa.com? (Thread)
102. EXEC SHIELD - new Linux security feature (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
103. How to block users from installing other apps (Thread)
104. SP4 instalation failure (Thread)
105. Xp Home (Thread)
106. security auditing under windows 2000 server (Thread)
107. Windows NLB (Thread)
108. AW: Question about windows service (Thread)
109. Question about windows service (Thread)
110. Please read. Post containing BugBear.B (Thread)
111. Search for files and folders fails (Thread)
112. additional Windows 2000 password policy questions (Thread)
113. Windows 2000 password policy (Thread)
114. Managing Windows Event Logs (Thread)
115. Filtering DHCP Assignments by MAC Address (Thread)
116. Microsoft Baseline Security Analyzer (Thread)
117. SecurityFocus Microsoft Newsletter #142 (Thread)
118. adding new service to system services list (Thread)
119. Netreg for Windows (Thread)
120. Windows Event Logs (Thread) IX. SUN FOCUS LIST SUMMARY
121. SPARC assembly - a beginner's question... (Thread)
122. Administrivia (X-Post) (Thread)
123. LINUX FOCUS LIST SUMMARY
124. Administrivia (X-Post) (Thread)
125. Linux firewall/IDS/NAT ** IMPORTANT ** (Thread) XI. SPONSOR INFORMATION
126. FRONT AND CENTER

     ---

127. IDS Correlation of VA Data and IDS Alerts By Neil Desai

This article discusses the correlation of VA data and IDS alerts to help prioritize events and reduce the time it takes to sift through events.

http://wwwdev.securityfocus.com/infocus/1708

2. RFID Chips Are Here
By Scott Granneman

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake.

http://www.securityfocus.com/columnists/169

3. The SecurityFocus 4th Anniversary Contest

Enter to win two passes to the Black Hat Briefings. Please visit the contest page here:

http://www.securityfocus.com/contest

II. BUGTRAQ SUMMARY

1. WebFS Request-URI Buffer Overflow Vulnerability BugTraq ID: 7990 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7990 Summary:

WebFS is a simple web server that serves static content. It is available for Linux and Unix variant operating environments.

A buffer overflow vulnerability has been reported for WebFS that may result in the execution of attacker-supplied code. The vulnerability exists in the parse_request() function of the request.c source file and is due to insufficient bounds checking on an overly long Request-URI HTTP request.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation of this vulnerability will result in the corruption of sensitive memory with attacker-supplied values and the execution of code.

This vulnerability affects WebFS 1.1.8 and earlier.

2. osh Environment Variable Buffer Overflow Vulnerability BugTraq ID: 7992
Remote: No
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7992
Summary:

osh Operator Shell is a security enhanced, restricted shell. It allows a system administrator to restrict access to special commands and files to certain users. The osh shell is a setuid root shell.

A buffer overflow vulnerability has been reported for osh when processing environment variables. The problem likely occurs due to insufficient bounds checking when copying environment data into an internal memory buffer. As a result, it may be possible for a malicious local user to corrupt osh process memory in such a way as to redirect execution flow.

Although unconfirmed, this buffer overflow may be exploited to execute arbitrary code with superuser privileges.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

This vulnerability was reported to affect osh 1.7.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. osh File Redirection Buffer Overflow Vulnerability BugTraq ID: 7993
Remote: No
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7993
Summary:

osh Operator Shell is a security enhanced, restricted shell. It allows a system administrator to restrict access to special commands and files to certain users. The osh shell is a setuid root shell.

A buffer overflow vulnerability has been reported for osh when processing file redirection commands. The problem likely occurs due to insufficient bounds checking when copying environment data into an internal memory buffer. As a result, it may be possible for a malicious local user to corrupt osh process memory in such a way as to redirect execution flow.

Although unconfirmed, this buffer overflow may be exploited to execute arbitrary code with superuser privileges.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

This vulnerability was reported to affect osh 1.7.

4. WebJeff Filemanager File Disclosure Vulnerability BugTraq ID: 7995
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7995
Summary:

WebJeff Filemanager is a file management system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. Specifically, the 'ficher' URI parameter of the index.php3 script file is not properly sanitized.

A malicious attacker can specify arbitrary absolute paths as the value of the 'ficher' URI parameter. This will result in the requested file being disclosed to the attacker.

This vulnerability affects Filemanager 1.6.

5. WebJeff Filemanager Plain Text Password Storage Vulnerability BugTraq ID: 7996
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7996
Summary:

WebJeff Filemanager is a file management system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

A vulnerability has been reported for Filemanager that may result in an attacker obtaining authentication credentials. The vulnerability exists due to the way usernames and passwords are stored. Specifically, authentication credentials are stored in plain text format in the 'prive/users.txt' file.

An attacker can exploit this vulnerability by making a request for the desired resource.

Any information obtained in this manner may be used to launch further attacks against a vulnerable system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for Filemanager 1.6.

6. Traceroute-Nanog Integer Overflow Memory Corruption Vulnerability BugTraq ID: 7994
Remote: No
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7994
Summary:

Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. Tracroute-Nanog is installed setuid root on most systems, as it requires the use of raw sockets.

An integer overflow vulnerability has been reported for Traceroute-Nanog. It has been reported that when processing certain user-supplied max_ttl and nprobes values from a traceroute invocation, some functions or utilities may fail to sufficiently handle integer wrapping.

Specifically, the issue presents itself when a large value is passed to the affected application via the '-q' (nprobes) and '-m' (max_ttl) command line arguments. If values of sufficient size are passed, when it is used in subsequent boundary calculations (nprobes (-q) * max_ttl (-m)) the integer value may wrap, causing it to be interpreted as a negative value and thus bypassing boundary checks. This may result in excessive data being copied into an insufficient memory space, effectively corrupting adjacent heap based memory management structures.

Because the attacker can control arbitrary memory corruption, although conjectured and unconfirmed, the attacker might exploit this condition to execute arbitrary instructions with elevated privileges.

It should be noted that this vulnerability might only affect the Debian implementation of Traceroute-Nanog.

7. Progress 4GL Compiler Datatype Buffer Overflow Vulnerability BugTraq ID: 7997
Remote: No
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7997
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in the Progress 4GL Compiler. The problem lies in the processing of user-defined data types when compiling .p Progress files. Specifically, due to insufficient bounds checking a buffer overrun may occur when calling the memmove() function.

 A user may define a data type using 'def var VarName as Value'. A defined data type of excessive size, approximately 364 bytes, may trigger the memory corruption within the compiler, effectively corrupting adjacent process memory.

Due to this memory corruption, it has been reported that an attacker may be capable of overwriting the saved frame pointer and return address of the affected function. This would effectively allow the attacker to seize control of the compiler's execution flow, possibly redirecting it to attacker-supplied instructions.

This vulnerability may ultimately be exploited to execute arbitrary code with the privileges of the user invoking the compiler.

It should be noted that although Progress 4GL Compiler is installed setuid root, privileges are effectively dropped before the memory corruption occurs.

8. Zope Empty Upload Information DisclosureVulnerability BugTraq ID: 7998
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7998
Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Reportedly, Zope will disclose path information if a user invokes an upload operation via the 'addFile' script when a target file does not exist as a URI parameter. An error will be triggered and traceback information containing possible sensitive path information will be returned to the browser of the attacker.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If an attacker can gain information about the details of the filesystem, this information may be useful in further attacks against the host.

9. Zope addItems Script Information Disclosure Vulnerability BugTraq ID: 7999
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7999
Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

A vulnerability has been discovered in Zope which may result in the disclosure of sensitive information to a remote attacker. The problem occurs when a value greater then 11 is passed as the records URI parameter to the addItems script. When this occurs, an exception will be triggered causing the server to return an error page containing sensitive system information.

Information disclosed may include session identification, the script installation paths, the application installation path, etc.

Access to this information could potentially aid an attacker in launching further attacks against the system.

1. Zope Invalid Query Information Disclosure Vulnerability BugTraq ID: 8000 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8000 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Reportedly, Zope will disclose path information if a user invokes an invalid query operation using Shopping cart example scripts. An error will be triggered and traceback information containing possible sensitive path information will be returned to the browser of the attacker.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If an attacker can gain information about the details of the filesystem, this information may be useful in further attacks against the host.

1. Zope ExampledbBrowseReport Description Field HMTL Injection Vulnerability BugTraq ID: 8001 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8001 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

It has been reported that Zope ExampledbBrowseReport example script suffers from an HTML injection vulnerability. The problem is said to occur due to insufficient input validation of user-supplied form data.

Specifically, it is possible to embed HTML code within the 'Description' field of the Zope ExampledbBrowseReport example script.

All script code will be interpreted by the browsers of other Zope users, who view the affected page, within the context of the site hosting the affected script.

The successful exploitation of this issue could ultimately result in the attacker obtaining cookie-based authentication credentials or other sensitive information, which, could be used to impersonate the other user.

1. Linux /proc Filesystem Potential Information Disclosure Vulnerability BugTraq ID: 8002 Remote: No Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8002 Summary:

A potential information disclosure vulnerability has been reported for the Linux /proc filesystem. The problem occurs specifically when invoking a setuid application.

The problem lies in the permissions of the /proc/PID/environ file when the file has been accessed prior to privilege elevation. It has been reported that, if the environ file has been opened by a user application, forking and invoking a setuid application will not in fact modify the ownership of the open file. As a result, an attacker may be capable of reading the environment data of a privileged process.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may pose a security risk as the application may place sensitive or privileged information within it's environment. Access to this information could theoretically aid an attacker in launching further attacks against a target system.

It has been conjectured that this issue affects the 2.2 and 2.4 Linux kernel trees. This, however has not been confirmed by Symantec. This information will be updated as further information becomes available.

1. GNU GNATS PR-Edit Command Line Option Heap Corruption Vulnerablity BugTraq ID: 8003 Remote: No Date Published: Jun 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8003 Summary:

GNU GNATS is a freely available bug tracking system. It is available for a variety of Linux and Unix variant operating environments.

The pr-edit utility is shipped as part of GNATS and is intended as an editor for problem reports. The pr-edit utility is a setuid utility typically with UID 'gnats' privileges.

A heap overflow vulnerability has been reported for the pr-edit utility. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option.

The vulnerability exists due to the improper use of the sprintf() function. Due to this a determined attacker can invoke pr-edit with a malicious '-d' commandline argument to trigger the heap corruption vulnerability.

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.

It should be noted that on some systems, the pr-edit utility may be installed with setuid 'root' privileges.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported to affect GNATS 3.002.

1. GNU GNATS PR-Edit Lock File Buffer Overflow Vulnerability BugTraq ID: 8004 Remote: No Date Published: Jun 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8004 Summary:

GNU GNATS is a freely available bug tracking system. It is available for a variety of Linux and Unix variant operating environments.

The pr-edit utility is shipped as part of GNATS and is intended as an editor for problem reports. The pr-edit utility is a setuid utility typically with UID 'gnats' privileges.

A stack overflow vulnerability has been reported for the pr-edit utility. The vulnerability occurs when pr-edit locks a file for reading. If a file is locked, pr-edit will read the file to output a message stating the user that locked the file. Due to the improper use of fscanf(), there are no bounds checks performed on the length of the user that locked the file.

An attacker can exploit this vulnerability by creating a lock file containing over 2000 bytes. This will trigger the buffer overflow condition when pr-edit attempts to read the file.

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.

It should be noted that on some systems, the pr-edit utility may be installed with setuid 'root' privileges.

This vulnerability was reported to affect GNATS 3.002.

1. GNU GNATS Environment Variable Buffer Overflow Vulnerability BugTraq ID: 8005 Remote: No Date Published: Jun 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8005 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

GNU GNATS is a freely available bug tracking system. It is available for a variety of Linux and Unix variant operating environments.

It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. Specifically, the configure() function of the config.c source file does not perform proper bounds checks on the GNATS_ROOT function.

An attacker can exploit this vulnerability by setting an overly long GNATS_ROOT environment variable, consisting of at least 5000 characters, and invoking one of several GNATS utilities. This will trigger the overflow condition and will result in the corruption of sensitive memory.

The following utilities have been reported to be affected: pr-edit, queue-pr, gen-index

The affected utilities are typically installed with setuid 'gnats' privileges however, on some systems, they may be installed with setuid 'root' privileges.

Successful exploitation may result in the execution of attacker-supplied code with elevated privileges.

This vulnerability was reported to affect GNU GNATS 3.113.1 and 3.113.

1. IndigoSTAR Software PerlEdit Denial Of Service Vulnerability BugTraq ID: 8006 Remote: Yes Date Published: Jun 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8006 Summary:

PerlEdit is a IDE (Integrated Development Environment) for developing Perl scripts. It is maintained and distributed by IndigoSTAR Software. It is available for Linux variant and Microsoft Windows operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A denial of service vulnerability has been reported for PerlEdit. The vulnerability exists when an connection is made to TCP port 1956.

When PerlEdit is executed, it will bind to TCP port 1956. If an attempt is made to connect to that port while PerlEdit is running, it will cause PerlEdit to crash.

An attacker can exploit this vulnerability to connect to a vulnerable host on port 1956. This will cause the vulnerable PerlEdit application to crash.

This vulnerability was reported to affect PerlEdit 1.07.

1. QNX Demo Web Server Directory Traversal Vulnerability BugTraq ID: 8007 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8007 Summary:

The demo disk is a QNX marketing software package distributed by QNX.

A problem with the software may make it possible to violate security policy.

The QNX demo disk comes with a web server that has been reported to be vulnerable to a directory traversal attack. It may be possible to gain unauthorized access to files on the demo system.

It should be noted that this software package is a demonstration disk distributed as a marketing tool by QNX circa 1998. It was not meant as a production deployment of the operating system.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By passing dot-dot-slash (../) directory traversal sequences to the web server distributed on the disk, it is possible to gain access to any file on the disk with the privileges of the web server process. The web server process typically runs with administrative privileges.

1. Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 8008 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8008 Summary:

RuFSI is a utility class distributed as part of the ActiveX control for the Symantec Security Check web service.

A vulnerability in the ActiveX control has been reported that may result in unauthorized access.

It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser.

This problem requires that a user with the vulnerable control installed visit a web page that invokes the control with a string of excessive length. Upon doing so, it may be possible to create an exploitable stack overflow condition that results in the overwriting of sensitive process memory.

1. MyServer Remote Denial Of Service Vulnerability BugTraq ID: 8010 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8010 Summary:

MyServer is an application and web server for Microsoft Windows and Linux operating systems.

MyServer HTTP server has been reported prone to a remote denial of service attack.

The issue presents itself, likely due to a lack of sufficient bounds checking, performed on arguments that are supplied via malicious HTTP GET requests. It has been reported that a remote attacker may invoke a HTTP GET request containing 100 '/' characters, this action will supposedly trigger a segmentation fault in the server executable and the software will fail. It has been reported that no details of this attack are logged.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Due to the nature of this vulnerability it has been conjectured that this issue may be exploited to execute arbitrary code. This however has not been confirmed.

It should be noted that although this issue has been reported to affect MyServer version 0.4.1 other versions might also be affected.

20. Compaq Web-Based Management Agent Multiple Remote Vulnerabilities BugTraq ID: 8009
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8009
Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

It may be possible for a remote attacker to gain unauthorized access to a host using the vulnerable software.

The Compaq Web-Based Management Agent may permit an attacker to create one of the following scenarios:

Numerous stack overflows are reported to exist in the management agent. By passing one of several combinations of tags to the web server for server-side command interpreting, it is possible for an attacker to crash the agent, resulting in a denial of service. It is not clear whether or not these issues may be exploited to execute code with the privileges of the web server process.

Another reported issue appears to be a boundary condition error that may be exploitable. By supplying a request with a length of at least 250 bytes to the FunctionContentType function, it is possible to cause an
"Access violation," which may be a memory corruption issue.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A final reported issue is the ability of a remote user to validate files on a system. By passing a maliciously crafted request to the DebugSearchPaths function, an attacker may be able to validate the existence of certain files on the system, potentially resulting in information disclosure.

This vulnerability alert is a preliminary analysis. These vulnerabilities will be broken into specific entries as more detailed analysis is performed.

21. Tutos File_Select.PHP Cross-Site Scripting Vulnerability BugTraq ID: 8011
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8011
Summary:

Tutos is a freely available, open source team organization software package. It is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in the software may make the execution of arbitrary code possible.

It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site.

The problem is in the rendering of arbitrary HTML and script code by Tutos. An attacker may supply code as an argument to the file_select script that, when loaded in the browser of another user, is executed in the security context of the site hosting Tutos. This could permit the theft of cookie authentication credentials, Other attacks may also be possible.

22. XMB Forum Multiple Cross-Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 8013
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8013
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

XMB Forum is a web-based discussion forum.

XMB Forum has been reported prone to multiple cross-site scripting and HTML injection vulnerabilities.

The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may supply HTML or script code as the member URI parameter passed to the member.php script or supply HTML and script code as a value for the action URI parameter passed to the buddy.php script. Additionally it has been reported that an authenticated attacker may inject malicious HTML or script code into the 'Current Mood' text box on the profiles page.

An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.

23. Tutos File_New Arbitrary File Upload Vulnerability BugTraq ID: 8012
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8012
Summary:

Tutos is a freely available, open source team organization software package. It is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in the software may make the uploading of arbitrary files possible.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that Tutos does not properly handle input to the file_new script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site.

It is not clear where the specific vulnerable component of Tutos lies. However, because of the problem, it may be possible for an attacker to upload and overwrite files with the privileges of the web server process. This could result in data corruption, or other potentially malicious activities.

24. Compaq Web-Based Management Agent Remote Stack Overflow Denial of Service Vulnerability
BugTraq ID: 8014
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8014
Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability. The problem occurs when making malformed requests to the service. Specifically, requests which contain an exclamation mark within angle brackets (<!>), optionally followed by an argument.

The following requests are reported to trigger the exception:

http://www.example.com:2301/survey/
http://www.example.com:2301/
http://www.example.com:2301/
http://www.example.com:2301/survey/
http://www.example.com:2301/
http://www.example.com:2301/

The root of this problem may be due to the agent failing to handle unexpected or unsupported protocol behavior, such as these requests. This however has not been confirmed.

The returned error from such a request reports that a stack overflow occurred, however it has not been confirmed whether this issue is exploitable to corrupt memory. The problem may in fact be the result of a NULL pointer dereference.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that this BID was previously part of BID 8009, which addressed multiple issues.

25. Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability
BugTraq ID: 8015
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8015
Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability. The problem occurs when handling malformed GET requests to the service. Specifically, requests which contain "<!.FunctionContentType=" followed by approximately 250 bytes of data and appended with a ">".

The returned error from such a request reports that an access violation. The problem likely occurs due to the program attempting to write to an invalid memory page, causing the service to crash.

It should be noted that this BID was previously part of BID 8009, which addressed multiple issues.

26. Microsoft Internet Explorer HR Align Buffer Overflow Vulnerability BugTraq ID: 8016
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8016
Summary:

Internet Explorer is reportedly prone to a boundary condition error. This problem exists due to insufficient bounds checking on the 'Align' attribute of the 'HR' (horizontal rule) HTML tag.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If the 'Align' attribute is given an unusually large value, a buffer within the iexplore process will be overrun, causing Internet Explorer to fail. It may also be possible to cause arbitrary code to be executed, though this has not been confirmed. The overflow occurs in 'HTML32.cnv', which is an HTML converter used by Internet Explorer.

This vulnerability was reported for Internet Explorer version 5 and above. Earlier versions may also be vulnerable.

27. Armida Databased Web Server Remote GET Request Denial Of Service Vulnerability
BugTraq ID: 8017
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8017
Summary:

Armida Databased Web Server is a web server available for the Microsoft Windows operating systems.

Armida Databased Web Server is reportedly prone to a remote denial of service when process malicious GET requests. The problem occurs when processing requests containing approximately 5000 bytes of data.

Exploitation of this vulnerability would result in the remote service crashing. Although unconfirmed, due to the nature of this vulnerability it may be possible to supply and execute arbitrary code.

This vulnerability has been reported to affect Armida Web Server version 1.0.

28. VisNetic WebMail Information Disclosure Vulnerability BugTraq ID: 8018
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8018
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

VisNetic WebMail is a component of MailServer that allows users to retrieve their email through a web browser.

WebMail is reportedly prone to an information disclosure vulnerability.

If a URI request is submitted to a PHP file on the WebMail server ending with a dot '.' character, the source code behind the PHP file will be revealed.

It is not known if a user must be authenticated to the WebMail server in order to exploit this vulnerability.

This vulnerability was reported to affect WebMail 5.8.6.6, however, earlier versions may also be affected.

29. Compaq Web-Based Management Agent Remote File Verification Vulnerability
BugTraq ID: 8019
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8019
Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

Compaq Web-Based Management Agent has been reported vulnerable to a remote file verification vulnerability. This information leak could be exploited by an attacker to verify the existence of sensitive files on a vulnerable system.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the handling of input when passed via the following means:

http://www.example.com:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..% 2Fboot.ini

As can be ascertained from the above URL, passing directory traversal strings in the dot-dot-slash form (../) with encoded slashes can permit the attacker to access a file on the vulnerable system. If the file exists, the Web-Based Management Agent returns a response that validates the existence of the file.

It should be noted that this BID was previously part of BID 8009, which addressed multiple issues.

30. tcptraceroute Failure To Relinquish Root Privileges Weakness BugTraq ID: 8020
Remote: No
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8020
Summary:

tcptraceroute is a traceroute implementation that uses TCP packets. It is a setuid-root program.

It has been reported that tcptraceroute does not properly drop root privileges after obtaining a file descriptor for raw packet capture. There are not currently any known exploitable conditions that exist for tcptraceroute. However, if an exploitable condition were discovered within the program, this weakness could allow local privilege escalation.

31. LBreakOut2 Login Remote Format String Vulnerability BugTraq ID: 8021
Remote: Yes
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8021
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

lbreakout2 is a freely available, open source clone of the game Arkanoid. It is available for the Unix and Linux platforms.

A problem in the software may allow unauthorized access.

It has been reported that lbreakout2 is vulnerable to a format string issue in the login component. This may result in an attacker executing arbitrary code on a vulnerable host.

The problem is in the handling of input by the login component of lbreakout2. By passing format specifiers through the initial login request, an attacker could potentially corrupt process memory and potentially execute arbitrary code.

32. Gkrellmd Remote Buffer Overflow Vulnerability BugTraq ID: 8022
Remote: Yes
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8022
Summary:

GKrellM is a suite of system monitors, designed to display a graphic representation of system performance statistics. GKrellMd is a daemon that is shipped as a part of the GKrellM software.

GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible.

The issue presents itself due to a lack of sufficient bounds checking performed on network-based data. If data exceeding the maximum reserved memory buffer size (128 bytes) is received and processed by the affected daemon, excessive data is copied beyond the boundary of the assigned buffer and will corrupt adjacent memory. It has been confirmed that a saved instruction pointer may be corrupted in this manner; a remote attacker may ultimately exploit this issue remotely to seize control of the affected daemon and execute arbitrary code in the context of the user who is running the daemon.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability has been reported to affect Gkrellm 2.1.13.

33. Alt-N WebAdmin USER Parameter Buffer Overflow Vulnerability BugTraq ID: 8024
Remote: Yes
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8024
Summary:

Alt-N WebAdmin is an optional component for MDaemon and RelayFax that allows remote administration.

It has been reported that WebAdmin is prone to a buffer overflow due to insufficient bounds checking on the USER parameter. Supplying an overly long string for the USER parameter would result in a buffer overrun and sensitive areas in memory being overwritten with arbitrary data. Code execution is reportedly possible.

By default, WebAdmin runs with SYSTEM level privileges.

34. Multiple GuestBookHost HTML Injection Vulnerabilities BugTraq ID: 8025
Remote: Yes
Date Published: Jun 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8025
Summary:

GuestBookHost is a guest book service written in PHP which implements a MySQL database backend. It allows a central web-server to provide distributed guest book service to other webmasters.

Multiple HTML injection vulnerabilities have been reported for GuestBookHost guest books. The problem has been reported to due to a lack of sufficient sanitization performed on user-supplied data. Specifically an attacker may inject arbitrary HTML code via the 'Name', 'Email' or 'Message' fields once authenticated with the GuestBookHost guest book.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools se