SecurityFocus Newsletter #204

SecurityFocus Newsletter #204

This Issue is Sponsored by: SpiDynamics

FREE White Paper: "Top Web Application Hacker Techniques!" Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation.

All undetectable by Firewalls and IDS! Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

Visit us at:
http://www.securityfocus.com/SPIDynamics-sf-news2

I. FRONT AND CENTER

1. Penetration Testing for Web Applications (Part Two)
2. IDS Correlation of VA Data and IDS Alerts
3. Antivirus Concerns in XP and .NET Environments
4. Promises, Promises
5. The SecurityFocus 4th Anniversary Contest II. BUGTRAQ SUMMARY
6. HP Tru64 KSH Resource Consumption Denial Of Service Vulnerability
7. WebBBS Guestbook HTML Injection Vulnerability
8. Sun Solaris Veritas File System Unauthorized Information Access...
9. WZDFTPD Incomplete Port Command Denial Of Service Vulnerability
10. ImageMagick Temporary File Creation Vulnerability
11. XGalaga Environment Variable Multiple Buffer Overflow...
12. Mantis Weak Configuration File Permission Vulnerability
13. CutePHP CuteNews HTML Injection Vulnerability
14. GTKSee PNG Image Loading Heap Corruption Vulnerability
15. Microsoft Commerce Server 2002 Weak Registry Key Permissions...
16. Abyss Web Server HTTP GET Heap Overrun Vulnerability
17. Abyss Web Server HTTP Header Injection Vulnerability
18. MegaBook Multiple HTML Injection Vulnerabilities
19. Multiple Opera Denial Of Service Vulnerabilities
20. PABox Password Reset Vulnerability
21. PABox Admin Control Panel PHP Code Injection Vulnerability
22. Adobe Unix Acrobat Reader WWWLaunchNetscape Buffer Overflow...
23. InterSystems Cache Insecure Default Permissions Vulnerability
24. ezbounce Format String Vulnerability III. SECURITYFOCUS NEWS ARTICLES
25. Study: Wi-Fi users still don't encrypt
26. PetCo Plugs Credit Card Leak
27. Illinois supercomputer center to head military cybersecurity...
28. Web Firms Choose Profit Over Privacy IV. SECURITYFOCUS TOP 6 TOOLS
29. IDABench v1.0
30. Secure FTP Bean v2.0.8
31. python-crack v0.4
32. Amrita VPN v0.97-2
33. DSPAM v2.6.2
34. John the Ripper v1.6.34(dev)
35. SECURITYJOBS LIST SUMMARY
36. Senior Cyber Security Consultant ? DC Area (Thread)
37. CISSP seeking Security Architect position in London, UK (Thread)
38. Uncle Sam wants you ... (Thread)
39. List is now open (Thread)
40. Entry Level Security SA Position Announcement for DC Area (Thread)
41. TORONTO - Checkpoint Firewall SME - 1 Year renewable Contract...
42. Information Assurance Manager w/ TS Clearance in Kyrgyzstan...
43. Information Security Practice Manager - New York, NY $135K -...
44. Business Development Manager (Thread)
45. Senior Email Consultant for Computer Forensics Practice - New...
46. Internet Security Architect contract position in Pittsbur...
47. Contract position in Atlanta, GA & Knoxville, TN...Intereste...
48. Looking for positions in the field of security (Thread)
49. Southern California, Chicago, Atlanta Info Security Postions...
50. Washington DC Info Security Positions (Thread)
51. List Closure till the 3rd of July (Thread)
52. Salary for DITSCAP or INFOSEC work in the Mid West (Thread)
53. Senior Security Consultant - London Financial (Thread) VI. INCIDENTS LIST SUMMARY
54. Another overflow exploit for Apache? *RESOLVED* (Thread)
55. frontpage extensions; backdoor or initial compromise? (Thread)
56. Another overflow exploit for Apache? (Thread)
57. UDP to port 500 (Thread)
58. msmsgs.exe /passportlogon /delaysync /shortpackets (Thread)
59. AW: DoS "Probing" on one of our hosts (Thread)
60. DoS "Probing" on one of our hosts (Thread)
61. New MySQL worm? increased probes/traffic detected... (Thread)
62. re: DoS "Probing" on one of our hosts (Thread)
63. Anyone else seeing a spike in SSHd scans? (Thread)
64. possible new irc worm (Thread)
65. speaking of rootkits (Thread)
66. rooted by blowkit (Thread)
67. Intrusec 55808 Trojan Analysis (Thread)
68. port 5248 (Thread)
69. strange logs -- tcp port 16166 (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
70. Minor security problem in Axis 560x web interface (Thread)
71. Red Hat 9: free tickets (Thread)
72. GetPC code (was: Shellcode from ASCII) (Thread)
73. Corrupting memory control structures under XP (Thread)
74. Starting on Assembly under win32 (Thread)
75. Windows Shellcode Writing (Thread)
76. cross-site to root scripting papers (Thread)
77. gera's encoder (Thread)
78. Radware Linkproof: SSH port DoS (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
79. SP4 installation failure (Thread)
80. Q811114 and Q815021 (Thread)
81. How to block users from installing other apps (Thread)
82. Managing Windows Event Logs (Thread)
83. Limiting the creation of new files to specific types. (Thread)
84. SP4 instalation failure (Thread)
85. SecurityFocus Microsoft Newsletter #143 (Thread)
86. SP4 installation (Thread)
87. Windows NLB (Thread)
88. Xp Home (Thread)
89. Question about windows service (Thread)
90. security auditing under windows 2000 server (Thread) IX. SUN FOCUS LIST SUMMARY
91. TCP checksum and device driver eri0 (Thread)
92. LINUX FOCUS LIST SUMMARY
93. NO NEW POSTS FOR THE WEEK ENDING 07.04.03 XI. SPONSOR INFORMATION
94. FRONT AND CENTER

    ---

95. Penetration Testing for Web Applications (Part Two) By Jody Melbourne and David Jorm

The second installment in this series expands upon issues of input validation - how developers routinely, through a lack of proper input sanity and validity checking, expose their back-end systems to server-side code-injection and SQL-injection attacks. It also explores the manner in which these issues may manifest the client-side as cross-site scripting and other content-manipulation vulnerabilities.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1709

2. IDS Correlation of VA Data and IDS Alerts By Neil Desai

This article discusses the correlation of VA data and IDS alerts to helpprioritize events and reduce the time it takes to sift through events.

http://www.securityfocus.com/infocus/1708

3. Antivirus Concerns in XP and .NET Environments by Roger A. Grimes

After Windows NT was released, it took virus writers 5 years to learn how to infect it. Windows NT 3.1 and the Win32 API were released in late 1993, but it wasn't until August 1998 that W32.Cabanas became the first NT virus by capturing coveted kernel mode access. .NET and some of Microsoft's other initiatives have not been as lucky. The purpose of this article is to discuss antivirus (AV) concerns with .NET and Microsoft Windows XP.

http://www.securityfocus.com/infocus/1707

4. Promises, Promises
By Mark Rasch

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Most online businesses promise they'll protect customer data as if it were their own. Now the government is holding them to it.

http://www.securityfocus.com/columnists/171

5. The SecurityFocus 4th Anniversary Contest

Enter before July 16th, 2003 to win two passes to the Black Hat Briefings. Please visit the contest page here:

http://www.securityfocus.com/contest

II. BUGTRAQ SUMMARY

1. HP Tru64 KSH Resource Consumption Denial Of Service Vulnerability BugTraq ID: 8051 Remote: Yes Date Published: Jun 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8051 Summary:

ksh, Korn shell is an interactive command interpreter and a command programming language implemented on some unix based systems.

ksh on Tru64 systems has been reported prone to a denial of service vulnerability under some circumstances. It has been reported that ksh does not sufficiently terminate if a remote telnet session is aborted abruptly, under some circumstances. Specifically, if a trap() call is defined in a startup script or a script that is executed within the affected shell process, the ksh process may continue to execute after the telnet session has terminated consuming CPU resources in an exponential manner until the CPU becomes resource-bound.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Although unconfirmed, a malicious unprivileged system user may exploit this issue to consume system resources in a bid to deny service to legitimate users of the affected system.

2. WebBBS Guestbook HTML Injection Vulnerability BugTraq ID: 8052
Remote: Yes
Date Published: Jun 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8052
Summary:

WebBBS Pro is a web-based BBS system designed to run in Microsoft Windows environments. WebBBS Pro is shipped with a web server component.

A HTML injection vulnerability has been reported for WebBBS. The vulnerability exists as a result of insufficient sanitization of user-supplied data.

An attacker may exploit this issue to inject malicious HTML code into WebBBS guestbook entries. The hostile code may be rendered in the user's browser when the user views the entry.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

3. Sun Solaris Veritas File System Unauthorized Information Access Vulnerability BugTraq ID: 8053
Remote: No
Date Published: Jun 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8053
Summary:

Sun Solaris systems that implement the Veritas File System (VxFS) may allow unprivileged local users to obtain access to potentially sensitive data.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability exists due to improper ACL permissions when a new VxFS filesystem is created. Due to this, there may be less restrictive access permissions on some files that reside within the vulnerable filesystem.

This vulnerability may be exploited by a local user to access potentially sensitive data.

Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.

4. WZDFTPD Incomplete Port Command Denial Of Service Vulnerability BugTraq ID: 8055
Remote: Yes
Date Published: Jun 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8055
Summary:

wzdftpd is an FTP server implementation that is available for a number of operating systems, including Unix/BSD/Linux variants.

wzdftpd is reported to be prone to a denial of service when receiving an incomplete or malformed FTP PORT command. Sending such a command to the FTP server will allegedly cause the server to crash. This could be exploited by authenticated FTP users to deny availability of FTP services to legitimate users.

5. ImageMagick Temporary File Creation Vulnerability BugTraq ID: 8057
Remote: No
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8057
Summary:

ImageMagick is an image manipulation program. It is available for a variety of platforms including Microsoft Windows and Unix and Linux variant operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ImageMagick has been reported prone to an insecure temporary file creation vulnerability. As a result, it may be possible for local attackers to corrupt files owned by the user who is invoking the ImageMagick application.

An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file, which is created. Any actions performed by ImageMagick when it is executed will be performed on the linked file.

6. XGalaga Environment Variable Multiple Buffer Overflow Vulnerabilities BugTraq ID: 8058
Remote: No
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8058
Summary:

XGalaga is a graphical game designed for use with Linux and Unix variant operating systems.

Several buffer overflow vulnerabilities have been reported for xgalaga when parsing certain environment variables. Specifically, bounds checks are not performed on the HOME environment variable.

An attacker can exploit this vulnerability by setting an overly long HOME environment variable and invoking xgalaga. This will result in the corruption of sensitive memory with attacker-supplied values to obtain elevated privileges.

xgalaga is typically installed setuid 'games'.

7. Mantis Weak Configuration File Permission Vulnerability BugTraq ID: 8059
Remote: No
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8059
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database.

A vulnerability has been reported for Mantis that may allow an attacker to obtain access to the Mantis database.

The vulnerability exists due to weak permissions on the Mantis configuration file. Specifically, the configuration file, which contains the password for the Mantis database, has world-readable permissions.

An attacker can exploit this to obtain unprivileged access to the Mantis database.

8. CutePHP CuteNews HTML Injection Vulnerability BugTraq ID: 8060
Remote: Yes
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8060
Summary:

CutePHP is a web-based bulletin board system. It is implemented in PHP and is available for a variety of platforms including Microsoft Windows and Unix and Linux variant operating environments.

CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code.

An attacker can exploit this vulnerability by adding HTML code within IFRAME tags. The hostile code may be rendered in the user's browser when the user views the entry.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

9. GTKSee PNG Image Loading Heap Corruption Vulnerability BugTraq ID: 8061
Remote: No
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8061
Summary:

GTKSee is an image viewer developed for Linux and Unix variant operating systems.

A vulnerability has been reported for GTKSee that may result in the corruption of heap memory. The vulnerability occurs when GTKSee attempts to load PNG files with a certain colour depth.

An attacker may be able to exploit this vulnerability by creating a PNG image file with a certain colour depth. When GTKSee is used to view the image, the overflow issue will be triggered and will result in the corruption of heap memory with attacker-supplied values.

Successful exploitation will result in the execution of attacker-supplied code.

The precise technical details of this vulnerability are unknown. This BID will be updated as further information becomes available.

1. Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness BugTraq ID: 8063 Remote: No Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8063 Summary:

Microsoft Commerce Server 2002 is a web server product geared towards building e-commerce websites.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Microsoft Commerce Server 2002 installs a registry key with weak default permissions when configured to authenticate via SQL Server. The following registry key is installed with read privileges for the users group:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server

Encoded database authentication credentials are stored under "ADMINDBPS".

Attackers with interactive access to a system hosting the vulnerable software could gain access to encoded database credentials by perusing the registry. Credentials could also be retrieved via Open Commerce Server Manager. This information could be exploited to compromise the database.

This issue is reported to affect Microsoft Commerce Server 2002. It is not known if Microsoft Commerce Server 2000 is similarly affected.

1. Abyss Web Server HTTP GET Heap Overrun Vulnerability BugTraq ID: 8062 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8062 Summary:

Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux.

Abyss Web Server is prone to a remotely exploitable heap overrun. This is due to insufficient bounds checking of data supplied via client HTTP GET requests which is used in a strcpy() operation. By submitting an HTTP GET request in excess of 2048 bytes, it will be possible to trigger this condition. It should be noted that the ':\' characters must be appended to the end of the request. This will permit remote attackers to corrupt adjacent regions of heap memory with attacker-supplied values.

This condition could be exploited to execute arbitrary code with the privileges of the web server.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue is reported to affect Abyss Web Server 1.1.2. Later versions, such as 1.1.4 and 1.1.5 may be similarly affected, though this has not been confirmed.

1. Abyss Web Server HTTP Header Injection Vulnerability BugTraq ID: 8064 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8064 Summary:

Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux.

Abyss Web Server is prone to a vulnerability that could permit attackers to inject malicious data into server response headers. HTTP GET requests ending with ':\' characters will cause the server to return a HTTP 302 response to the client, which includes the requested URI in the Location: header field of the server response. User input is not sufficiently sanitized from this header field in the response. An attacker could cause malicious data such as HTML and script code to be included in the server response. It will also be possible be append additional HTTP header fields to the server response.

This could be exploited to launch cross-site scripting attacks. The attacker can also append arbitrary HTTP header information to the server response, which could permit cookie values to be set or spoofed header field data.

This issue is reported to affect Abyss Web Server 1.1.2. Later versions, such as 1.1.4 and 1.1.5 may be similarly affected, though this has not been confirmed.

1. MegaBook Multiple HTML Injection Vulnerabilities BugTraq ID: 8065 Remote: Yes Date Published: Jun 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8065 Summary:

MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants.

MegaBook is prone to multiple HTML injection vulnerabilities. This is due to insufficient sanitization of HTML and script code from user-supplied input, including input supplied to the administrative login page
(admin.cgi). It is not known if this malicious input supplied to the
admin login page will be stored within the guestbook system, so the admin script may not provide an attack vector for HTML injection. However, it is possible to inject HTML and script code into 'gbook.db' file via the client HTTP User-Agent: header field.

Exploitation of these issues could permit hostile HTML or script code to be injected into the guestbook system and rendered in the browser of a legitimate guestbook user. Code would be interpreted in the context of the site hosting the software.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exploitation could allow for theft of cookie-based authentication credentials or permit an attacker to control how the guestbook site is rendered to legitimate users. Other attacks are also possible.

1. Multiple Opera Denial Of Service Vulnerabilities BugTraq ID: 8066 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8066 Summary:

Opera has been reported to be prone to five denial of service vulnerabilities. These issues can be triggered when the browser attempts to interpret a document with malformed code. If a user of the web browser visits a web page that contains malformed code designed to trigger one of these conditions, their browser could freeze up or crash outright. It should be noted that exploitation of these issues will generally not cause a prolonged or persistent denial of service as the browser includes features that allow users to gracefully recover from a crash. If the browser freezes, this could cause CPU usage to spike to 100% for that process, which could result in a more serious denial of service condition.

This issue was reported for Opera on Microsoft Windows platforms. It is not known if other releases are affected.

These issues are pending further analysis and will be assigned separate BIDs with more specific details when analysis is completed.

1. PABox Password Reset Vulnerability BugTraq ID: 8067 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8067 Summary:

paBox is a web-application that is written in PHP. It will run on Unix and Linux variants, as well as Microsoft Windows operating systems.

paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This issue is due to insufficient access validation prior to allow users to perform certain actions. This could permit unauthorized access to the administrative Control Panel, which may aid the attacker in further attacks against the underlying system.

1. PABox Admin Control Panel PHP Code Injection Vulnerability BugTraq ID: 8068 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8068 Summary:

paBox is a web-application that is written in PHP. It will run on Unix and Linux variants, as well as Microsoft Windows operating systems.

Remote users with access to the administrative Control Panel may be able to inject malicious PHP code when adding banned users. Banned user information is stored in the 'bannedusers.php' script. This code could then be executed, allowing for execution of arbitrary commands in the context of the web server hosting the software.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Unauthorized remote users may exploit other latent vulnerabilities in the software to gain access to the administrative console.

1. Adobe Unix Acrobat Reader WWWLaunchNetscape Buffer Overflow Vulnerability BugTraq ID: 8069 Remote: No Date Published: Jul 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8069 Summary:

Acrobat Reader is an application for reading, navigating, and printing PDF
(Portable Document Format) files.

An individual has reported that Adobe Acrobat Reader for Unix systems is vulnerable to a buffer overflow condition. The error is allegedly related to the processing of hyperlinks, in the function "WWWLaunchNetscape". The flaw is triggered only when Netscape is set as the browser to be used in the preferences (this is the default configuration).

According to the report, the overflow occurs when a user viewing a malicious document accesses an embedded link that is greater than 256 bytes in length. It appears that this overflow is in stack memory as the discoverer has stated that the return address is overwritten. If this is accurate, the vulnerability will allow for the execution of custom instructions on affected systems.

It should be noted that it is not confirmed that Acrobat Reader for Windows is not affected. Users of both versions should exhibit caution until there is a response from the vendor.

1. InterSystems Cache Insecure Default Permissions Vulnerability BugTraq ID: 8070 Remote: No Date Published: Jul 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8070 Summary:

Cache is a post-relational database developed by InterSystems Corporation.

It has been reported that the permissions set by default on the files and directories comprising Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root privileges.

The setuid root "wrapper" program "/cachesys/bin/cuxs" can be used to run a malicious replacement executable with root privileges. It is also possible for local attackers to overwrite server-side scripts which are run as root through the web interface.

1. ezbounce Format String Vulnerability BugTraq ID: 8071 Remote: Yes Date Published: Jul 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8071 Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ezbounce is a highly configurable IRC proxy.

It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled.

When processing client input, untrusted data is passed as the format string argument to a wrapper for a printf function. Attackers can use format specifiers such as "%n" to overwrite critical regions of memory.

To exploit this vulnerability, the attacker must have a username and password for the ezbounce service. This flaw may be of use to attackers who have proxy access but none or limited on the underlying host.

20. Pam_Timestamp_Check Privilege Escalation Weakness BugTraq ID: 8072
Remote: No
Date Published: Jul 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8072
Summary:

A weakness has been reported in the pam_timestamp_check implementation for Red Hat 9.0 and other distributions that may be derived from this version or include this functionality.

pam_timestamp_check is a tty ticketing implementation that is designed to cache credentials so that users are not constantly required to use a facility such as sudo or su to perform actions as another user. pam_timestamp_check is implemented through the pam_timestamp_check.so module and with the pam_timestamp_check setuid helper. The implementation works by fetching the pseudo-terminal name (A), current user name (B), and the user whose credentials are cached (C). The implementation then checks to see if the timestamp of /var/run/sudo/B/A:C is recent to determine whether access should be granted. The ticket contents are not sufficiently verified, allowing for ticket spoofing.

If the attacker can cause the timestamp of the file to change, it will be possible to gain elevated privileges through exploitation of this weakness. This scenario will be possible in combination with file corruption issues such as those that are the result of insecure temporary file handling and allow files in privileged directories to be corrupted.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Study: Wi-Fi users still don't encrypt By Kevin Poulsen

Sniffing the airwaves at the 802.11 Planet Expo in Boston turns up loads of passwords, and very little encryption.

http://www.securityfocus.com/news/6290

2. PetCo Plugs Credit Card Leak
By Kevin Poulsen

Pet supply site offered more than kitty litter and flea collars.

http://www.securityfocus.com/news/6194

3. Illinois supercomputer center to head military cybersecurity effort By Jim Paul, The Associated Press

Hoping to thwart hackers, the military is launching a new research effort at the University of Illinois to improve the security of battlefield computers and communications systems.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/news/6288

4. Web Firms Choose Profit Over Privacy
By Jonathan Krim, Washington Post

To parents interested in buying the popular Hooked on Phonics learn-to-read programs, the company made a firm promise on its Web site: It would never sell or rent their personal information to other marketers.

http://www.securityfocus.com/news/6281

IV. SECURITYFOCUS TOP 6 TOOLS

1. IDABench v1.0 by George Bakos Relevant URL: http://idabench.ists.dartmouth.edu Platforms: UNIX Summary:

IDABench is a Web interface to many intrusion analysis tools. By the use of simple plug-ins, it allows an analyst to twist and turn hourly packet logs through such utilities as tcpdump, ngrep, tethereal, etc. Output is textual web pages, gnuplot graphs, and downloadable composite binary dumpfiles. Based on the US Navy's SHADOW intrusion detection system, IDABench simplifies the writing of tcpdump filters, allows regularexpression  context matching, and through a simple plugin API, can be extended to include other libpcap- based analysis tools, such as Snort, p0f, etc.

2. Secure FTP Bean v2.0.8
by glub
Relevant URL:
http://www.glub.com/products/bean/
Platforms: Os Independent
Summary:

The Secure FTP Bean allows FTP connections to be made over SSL, including both implicit and explicit SSL connections, and passive and active data transfers with or without encryption.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. python-crack v0.4
by Domenico Andreoli
Relevant URL:
http://www.nongnu.org/python-crack/
Platforms: Python
Summary:

python-crack is a module that provides Python programs with the ability to evaluate password strength. It uses the well known cracklib toolkit, hence the name.

4. Amrita VPN v0.97-2
by Jayaraj
Relevant URL:
http://amvpn.sourceforge.net
Platforms: Linux, POSIX
Summary:

Amrita VPN is an easy-to-use open source VPN solution that runs on the GNU/Linux platform. The implementation is fully in userspace and requires no kernel patches or enhancements. It uses SSL for strong encryption and authentication.

5. DSPAM v2.6.2
by Jonathan A. Zdziarski
Relevant URL:
http://www.networkdweebs.com/software/dspam/ Platforms: UNIX
Summary:

DSPAM is a server-side anti-spam agent for UNIX email servers. It masquerades as the email server's local delivery agent and filters/learns SPAM using a Bayesian statistical approach which provides an administratively maintenance-free, self-learning Anti-Spam service. Each email is broken down into its most interesting tokens, each assigned a spam probability. All probabilities are then combined to produce a statistical probability of spam. This approach, applied to a mature corpus of email, has the potential to yield a 99.5% success rate with only 0.03% chance of false positives.

6. John the Ripper v1.6.34(dev)
by Solar Designer
Relevant URL:
http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT Summary:

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

V. SECURITY JOBS SUMMARY

1. Senior Cyber Security Consultant ? DC Area (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327753

2. CISSP seeking Security Architect position in London, UK (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327798

3. Uncle Sam wants you ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/327820

4. List is now open (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/327819

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. Entry Level Security SA Position Announcement for DC Area (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327771

6. TORONTO - Checkpoint Firewall SME - 1 Year renewable Contract (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327782

7. Information Assurance Manager w/ TS Clearance in Kyrgyzstan (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327745

8. Information Security Practice Manager - New York, NY $135K - $150K+ (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327737

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. Business Development Manager (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327738

1. Senior Email Consultant for Computer Forensics Practice - New York , NY - $80- $100K (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327705

1. Internet Security Architect contract position in Pittsburgh PA (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327531

1. Contract position in Atlanta, GA & Knoxville, TN...Interested? (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327530

1. Looking for positions in the field of security (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327529

1. Southern California, Chicago, Atlanta Info Security Postions (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327528

1. Washington DC Info Security Positions (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327527

1. List Closure till the 3rd of July (Thread) Relevant URL:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/77/327120

1. Salary for DITSCAP or INFOSEC work in the Mid West (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327097

1. Senior Security Consultant - London Financial (Thread) Relevant URL:

http://www.securityfocus.com/archive/77/327073

VI. INCIDENTS LIST SUMMARY

1. Another overflow exploit for Apache? *RESOLVED* (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327660

2. frontpage extensions; backdoor or initial compromise? (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327661

3. Another overflow exploit for Apache? (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/75/327593

4. UDP to port 500 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/327563

5. msmsgs.exe /passportlogon /delaysync /shortpackets (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327548

6. AW: DoS "Probing" on one of our hosts (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327549

7. DoS "Probing" on one of our hosts (Thread) Relevant URL:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/75/327412

8. New MySQL worm? increased probes/traffic detected... (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327378

9. re: DoS "Probing" on one of our hosts (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327183

1. Anyone else seeing a spike in SSHd scans? (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327161

1. possible new irc worm (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327153

1. speaking of rootkits (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327141

1. rooted by blowkit (Thread) Relevant URL:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/75/327139

1. Intrusec 55808 Trojan Analysis (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327129

1. port 5248 (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327128

1. strange logs -- tcp port 16166 (Thread) Relevant URL:

http://www.securityfocus.com/archive/75/327126

VII. VULN-DEV RESEARCH LIST SUMMARY

1. Minor security problem in Axis 560x web interface (Thread) Relevant URL:

http://www.securityfocus.com/archive/82/327558

2. Red Hat 9: free tickets (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/327361

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. GetPC code (was: Shellcode from ASCII) (Thread) Relevant URL:

http://www.securityfocus.com/archive/82/327348

4. Corrupting memory control structures under XP (Thread) Relevant URL:

http://www.securityfocus.com/archive/82/327272

5. Starting on Assembly under win32 (Thread) Relevant URL:

http://www.securityfocus.com/archive/82/327268

6. Windows Shellcode Writing (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/327157

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. cross-site to root scripting papers (Thread) Relevant URL:

http://www.securityfocus.com/archive/82/327026

8. gera's encoder (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/327028

9. Radware Linkproof: SSH port DoS (Thread) Relevant URL:

http://www.securityfocus.com/archive/82/327024

VIII. MICROSOFT FOCUS LIST SUMMARY

1. SP4 installation failure (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/327789

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Q811114 and Q815021 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/327788

3. How to block users from installing other apps (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/327673

4. Managing Windows Event Logs (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/327532

5. Limiting the creation of new files to specific types. (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/327363

Don't know where to look next?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings