SecurityFocus Newsletter #206

SecurityFocus Newsletter #206

This Issue Sponsored by: BigFix

Free White Paper: "Security Patch Management: Antidote to Network Vulnerabilities." Learn what challenges exist in maintaining a secure enterprise network. Read what best practices are recommended by security and IT experts to detect, assess and repair vulnerabilites. Understand how automated patch management can protect your enterprise.

Download this free white paper from BigFix, the leader in enterprise security patch management.

Visit us at: http://www.securityfocus.com/BigFix-sf-news

I. FRONT AND CENTER

1. Waiting for the Worms
2. Blogs: Another Tool in the Security Pro's Toolkit (Part One)
3. Forensic Log Parsing with Microsoft's LogParser
4. Honeytokens: The Other Honeypot
5. The SecurityFocus 4th Anniversary Contest Winners Announced
6. **ANNOUNCEMENT** II. BUGTRAQ SUMMARY
7. W-Agora Multiple Vulnerabilities
8. Invision Power Board Multiple Vulnerabilities
9. Mabry Software HTTPServer/X File Disclosure Vulnerability
10. University of Minnesota Gopherd FTP Gateway Buffer Overflow...
11. University of Minnesota Gopherd GSisText Buffer Overflow...
12. Multiple Trend Micro HouseCall ActiveX Control Remote Buffer...
13. ASP-DEV Discussion Forum Admin Directory Weak Default...
14. Polycom MGC Systems Remote Administration Denial Of Service...
15. Microsoft Internet Explorer AutoScan Method Browser Security...
16. HTMLToNuke Cross-Site Scripting Vulnerabilty
17. LookSmart Grub Clear Text Password Local Storage Vulnerability
18. Microsoft Internet Explorer window.createPopup Interface...
19. ImageMagick Display Filename Format String Vulnerability
20. NeoModus Direct Connect Infinite Request Remote Denial Of...
21. NFS-Utils Xlog Remote Buffer Overrun Vulnerability
22. Netscape Client Detection Tool Plug-In Buffer Overflow...
23. xfstt Denial Of Service Vulnerability
24. Twilight WebServer GET Request Buffer Overflow Vulnerability
25. Asus ADSL Router Information Disclosure Vulnerability
26. StarSiege Tribes Server Denial Of Service Vulnerability
27. CyberShop ASP ShopDBTest.ASP Information Disclosure Vulnerability
28. BlazeBoard Information Disclosure Vulnerability
29. EJ3 BlackBook HTML Injection Vulnerability
30. EJ3 BlackBook Plaintext Password Storage Weakness
31. EJ3 BlackBook Information Disclosure Vulnerability
32. Citadel/UX Configuration Buffer Overrun Vulnerability
33. Citadel/UX Unlimited Biography Data Denial Of Service...
34. Citadel/UX Weak Internal Program Authentication Key Vulnerability
35. Exceed Font Name Handler Buffer Overflow Vulnerability
36. QMail-SMTPD-Auth True Program Remote E-Mail Vulnerability
37. NetSuite HTTP Server Directory Traversal Vulnerability
38. Deutsche Telekom Teledat DSL Router Portscan Remote Denial Of...
39. Splatt Forum Post Icon HTML Injection Vulnerability III. SECURITYFOCUS NEWS ARTICLES
40. DirecTV dragnet snares innocent techies
41. Honeynet: Carders are Getting Bold
42. Cisco IOS DoS exploit released in the wild
43. Thawte issues doppelganger certs warning IV. SECURITYFOCUS TOP 6 TOOLS
44. Lazy Encryption Algorithm v1
45. Modular Access Control System v0.7.1-alpha
46. shellforge v0.1.14
47. aNTG v1.0
48. Remote Nmap v0.10
49. Qingy Is Not Getty v0.2
50. SECURITYJOBS LIST SUMMARY
51. Information Security Analyst vacancy (Thread)
52. Vacation Troller - Ignore (2 of 2) (Thread)
53. Vacation Troller - Ignore (1 of 2) (Thread)
54. FW: IT Security Government Business Development Manager(EMEA)...
55. Senior Network Analyst, Security Farmington Hills, MI (Thread)
56. Sr. Security Signature Engineer - Austin, TX (Thread)
57. Deloitte & Touche - Senior Consultant - Peoplesoft Security...
58. Deloitte & Touche - Identity Management - Senior Consultant...
59. Deloitte & Touche - Identity Management - Manager - Atlanta...
60. Deloitte & Touche - Peoplesoft or SAP Security Senior Manager...
61. Security professional in DC area with 11 years experience...
62. Sr Technical Auditor 80-110k NJ (Thread)
63. Symantec in Redwood City, CA is hiring a Security Analyst...
64. Seeking Job in US (Thread)
65. I'm looking for a position in Computer Forensics in Boston...
66. Looking for position (Thread)
67. Avail Now * DC metro and MN * MCSE/CSA * 5+ Yrs IT...
68. JOB OPENING: Security Engineers (Thread)
69. Network Security Technician III (Thread)
70. Computer Systems Graduate (Thread)
71. Fw: 4 new contract to hire positions in Indiana (Thread)
72. Intrusion Detection Engineer - Washington, DC (Thread)
73. Vice President, Security Services Division (Thread)
74. Lead Developer of Award Winning Security Software Relocatin...
75. FW: Unix Security Support role in Reading UK (Thread)
76. BMC Specialists (Thread)
77. Looking for NetSec Position in Nashville - 85K (Thread)
78. Experienced Toronto Area Security Specialist Available (10+...
79. Product Manager for a Managed Service Provider #798 - Myrtle...
80. R&D / Product Management/ Vulnerability Remediation - Texas...
81. Senior Information Security Consultant #802 - Puerto Rico...
82. Security Solutions Engineer - US/NY Metro (Thread) VI. INCIDENTS LIST SUMMARY
83. Cisco IOS Denial of Service that affects most Cisco IOS router...
84. Cisco IOS vulnerability (Thread)
85. Strange domain-udp signature (Thread)
86. Cisco IOS Denial of Service that affects most Cisco IOS routers...
87. Patched IIS/frontpage host compromised 7-1-2003 (Thread)
88. Strange 4 MB Emails (Thread)
89. TROJAN: Symantec: New Serious Virus found. (fwd) (Thread)
90. qmail smtp-auth bug allows open relay (Thread)
91. DNS Messages (Thread)
92. New Probes (Thread)
93. www.google.com reference in directory-traversal attack (Thread)
94. possible compromised host (Thread)
95. Fw: qmail smtp-auth bug allows open relay (Thread)
96. more info on a hopefully unsuccessful compromise (Thread)
97. ZBG Server (Thread)
98. Information Needed on Malicious Traffic dropped by...
99. Repost of query about 55808 trojan (Thread)
100. Anyone else seeing UDP 16191 scans? (Thread)
101. Information Needed on Malicious Traffic (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
102. Named Pipe Impersonation -> CreateProcessAsUser(); (Thread)
103. Help with this. (Thread)
104. Generic way to exploit an insecure /tmp file creation - Red Hat...
105. Named pipe paper (Thread)
106. Red Hat 9: free tickets (Thread)
107. UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer... VIII. MICROSOFT FOCUS LIST SUMMARY
108. Internet explorer history viewer (Thread)
109. CA-SSL in IIS (Thread)
110. AW: Internet explorer history viewer (Thread)
111. CIFS Security (Thread)
112. SecurityFocus Microsoft Newsletter #145 (Thread)
113. FW: Keyboard Locking/Invisible Screensaver (Thread)
114. investigating misuse of the internet (Thread)
115. How to generate list of patches installed? (long) (Thread) IX. SUN FOCUS LIST SUMMARY
116. Shared memory keys on Solaris 8 (Thread)
117. LINUX FOCUS LIST SUMMARY
118. New SecurityFocus Article: Linux Firewall-related /proc Entries...
119. Stealthy Linux Key Logger (Thread) XI. SPONSOR INFORMATION
120. FRONT AND CENTER

     ---

121. Waiting for the Worms By Tim Mullen

The hole's been announced, the patch has been released. Now there's nothing to do but wait for the worm to come and wreak its ugly havoc.

http://www.securityfocus.com/columnists/174

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Blogs: Another Tool in the Security Pro's Toolkit (Part One) By Scott Granneman

I'll admit, I love information. No, make that I love and need information. If you're interested in keeping up with trends and changes in security, you're probably an information addict as well. You absorb security-related information and then ponder, examine, and analyze it before reshaping it in a way that helps protect your data, your systems, and your networks.

http://www.securityfocus.com/columnists/173

3. Forensic Log Parsing with Microsoft's LogParser By Mark Burnett

The purpose of this article is to demonstrate log file forensics for IIS using SQL queries with Microsoft's LogParser tool.

http://www.securityfocus.com/infocus/1712

4. Honeytokens: The Other Honeypot
By Lance Spitzner

The purpose of this series of honeypot papers is to cover the breadth of honeypot technologies, values and issues. This article extends the capabilities even further by discussing the concept of honeytokens.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1713

5. The SecurityFocus 4th Anniversary Contest

With the contest having ended this past Wednsday July 16, 2003, and with a large volume of entries, we have chosen the winners. The Two entrants who came closest to choosing the correct day of Sept. 22, 2002 7:11 am MST have won a pair of tickets to the Black Hat Briefings in Las Vegas, NV. USA. Congratulations to Jenny H. of San Antonio, TX., and Leah E. of Tucson AZ., for their winning entries.

6. **ANNOUNCEMENT** SecurityFocus will now be masking email addresses contained within all our Mailing Lists to ensure that they can no longer be harvested. We have taken these steps with your privacy being our main concern.

II. BUGTRAQ SUMMARY

1. W-Agora Multiple Vulnerabilities BugTraq ID: 8164 Remote: Yes Date Published: Jul 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8164 Summary:

It has been reported that W-Agora is prone to a information disclosure vulnerability. Attackers may be able to gather usernames, pathnames, and version information.

By passing the string "info" to the index.php file, W-Agora may report sensitive information back to the user. This information could include usernames, pathnames and various version information. The nature of this sensitive information may be such that an attacker could use it when mounting further attacks against the software or the system hosting the software.

W-Agora may also be vulnerable to arbitrary file uploads by remote attackers. In conjunction with another reported command execution vulnerability, attacks may be able to upload malicious scripts and have them executed. This would occur with the privileges of the Web server.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It is also reported that a cross-site scripting vulnerability is present. When providing a URL to an avatar, it may be possible to insert malicious HTML or scripts, which will be executed by browsers of users viewing the forum. This would occur in the context of the site hosting the vulnerable software.

These issues will be assigned individual BIDs when further analysis is complete.

2. Invision Power Board Multiple Vulnerabilities BugTraq ID: 8165
Remote: Yes
Date Published: Jul 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8165
Summary:

Invision Board is web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems.

It has been reported that Invision Power Board in some cases fails to sufficiently sanitize user input in multiple instances, resulting in a number of exploitable vulnerabilities. This creates a possibility for SQL injection attacks, as well as HTML injection attacks.

HTML and script code are not filtered from within [FLASH][/FLASH] tags, allowing for injection of hostile client-side script code into areas of the bulletin board that allow these tags to be included. Exploitation could result in theft of cookie-based authentication credentials from other users. It will also be possible to control how the site is rendered to other users. Other attacks are also possible.

The 'ipchat.php' does not filter SQL syntax supplied via URI parameters before including it in database queries, allowing for SQL injection attacks. This could be exploited to manipulate database queries, potentially resulting in compromise of the bulletin board, information disclosure or database corruption. SQL injection attacks may also allow attackers to exploit latent vulnerabilities present in the underlying database implementation.

This BID will be separated into multiple BIDs when analysis of these issues is complete.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Mabry Software HTTPServer/X File Disclosure Vulnerability BugTraq ID: 8166
Remote: Yes
Date Published: Jul 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8166
Summary:

Mabry Software HTTPServer/X is a web server implemented as an ActiveX Control and COM Object. It is available for Microsoft Windows operating systems.

HTTPServer/X does not sufficiently sanitize directory traversal sequences from web requests. This could allow remote users to request files outside of the document root of the web server. Remote attackers could exploit this issue to gain access to sensitive files on a system hosting the web server implementation. Any files that are readable by the web server would be exposed. The web server is reported to run with system level privileges.

Successful exploitation may permit attackers to gain access to files containing sensitive information, facilitating further attempts to compromise the system.

4. University of Minnesota Gopherd FTP Gateway Buffer Overflow Vulnerability BugTraq ID: 8167
Remote: Yes
Date Published: Jul 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8167
Summary:

Gopherd is a daemon written by the University of Minnesota that provides support for the gopher protocol. By default, gopherd ships with the "FTP gateway" component enabled. The purpose of this component is to server as an FTP proxy for clients.

It is reported that the routine used by this component to process FTP LIST commands may be subject to a buffer overflow vulnerability due to a failure to perform bounds checking on filenames returned by the FTP server. Reportedly, the filenames returned are stored in a buffer residing on the stack capable of holding 256 bytes. It is possible to cause the gopherd server to read filenames up to 8 kilobytes in size, which will overrun the buffer by approximately 7500 bytes.

Attackers may be able to corrupt adjacent data stored on the stack, such as saved instruction pointers. This could result in execution of malicious attacker-supplied instructions. It should be noted that by default, gopherd restricts the process environment using a chroot() call, and as a result, the impact of successful exploitation may confine the attackers to a chroot jail.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. University of Minnesota Gopherd GSisText Buffer Overflow Vulnerability BugTraq ID: 8168
Remote: Yes
Date Published: Jul 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8168
Summary:

Gopherd is a daemon written by the University of Minnesota that provides support for the gopher protocol.

It is reported that the function used by gopherd to determine view-types associated with a given gopher object fails to perform bounds checking on user-submitted requests. The user-supplied string passed to this function is stored in a temporary buffer residing on the stack, capable of holding 64 bytes of data. It is possible to cause the gopherd server to read excessive data, potentially overflowing the buffer. This may allow attacker to corrupt adjacent data stored on the stack, such as saved instruction pointers. It should be noted that by default, gopherd restricts the process environment using a chroot() call, and as a result, the impact of successful exploitation may confine the attackers to a chroot jail.

In order to successfully exploit this vulnerability, the request must begin with one of the following characters, followed by a tab character and a string of sufficient size to overrun the buffer:

h, 0, 4, 5, 9, s, I, or g.

6. Multiple Trend Micro HouseCall ActiveX Control Remote Buffer Overflow Vulnerabilities BugTraq ID: 8170
Remote: Yes
Date Published: Jul 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8170
Summary:

HouseCall is the online virus scanning service of Trend Micro. It is available for the Microsoft Windows platform.

It has been reported that multiple buffer overflow vulnerabilities exist in Trend Micro HouseCall. Because of this, an attacker may be able to create a denial of service, or potentially gain elevated privileges on a system with the vulnerable control installed.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Specific details about the overflows are not currently available. What is known about them is that, when exploited, it is possible for an attacker to execute arbitrary instructions through the browser of the vulnerable user. Any code executed through this vulnerability would be with the privileges of the browser user.

7. ASP-DEV Discussion Forum Admin Directory Weak Default Permissions Vulnerability BugTraq ID: 8172
Remote: Yes
Date Published: Jul 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8172
Summary:

Discussion Forum is a freely available, open source message board distributed by ASP-DEV. It is available for the Microsoft Windows platform.

It has been reported that a vulnerability exists in ASP-DEV Discussion Forum that exposes potentially sensitive information. Because of this, an attacker may be able to gain access to user credentials.

The problem is in the permissions set on the admin directory. Sensitive information is stored in this directory, including usernames, passwords, and other data. This information also includes the administrative account information, which may yield administrative privileges to the attacker.

8. Polycom MGC Systems Remote Administration Denial Of Service Vulnerability BugTraq ID: 8173
Remote: Yes
Date Published: Jul 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8173
Summary:

MGC is the line of Video and Voice conferencing systems distributed and maintained by Polycom.

It has been reported that Polycom MGC systems are vulnerable to a remote denial of service in the administrative interface. A remote attacker may be able to make administration of the system impossible until the host is rebooted.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the handling of stress testing packets to the host. The initial report describes crashing the administrative service by using the Foundstone Blast stress testing software package, though it may be possible to reproduce this vulnerability with other tools.

9. Microsoft Internet Explorer AutoScan Method Browser Security Policy Violation Weakness BugTraq ID: 8169
Remote: Yes
Date Published: Jul 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8169
Summary:

A weakness has been reported in Microsoft Internet Explorer in the way the AutoScan method is implemented. This weakness may result in the violation of the browser security policy.

It is known that through the AutoScan method, it is possible to cause one browser window to navigate to a different site through another. This issue may not be limited to this specific method, and may aid in the exploitation of other browser bugs to gain elevated privileges or unauthorized access.

1. HTMLToNuke Cross-Site Scripting Vulnerabilty BugTraq ID: 8174 Remote: Yes Date Published: Jul 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8174 Summary:

htmltonuke is a freely available, open source Nuke module for converting HTML to code on a Nuke-based site.

A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable script.

The problem is in the checking of input in the filenavn field. Reports state that web code, such as script code, placed in this field are returned by the web server to create a cross-site scripting vulnerability.

This vulnerability reportedly does not exist when htmltonuke is used with PHP-Nuke.

1. LookSmart Grub Clear Text Password Local Storage Vulnerability BugTraq ID: 8175 Remote: No Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8175 Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Grub is a freely available link indexing client for the Grub project. It is available for the Microsoft Windows platform.

It has been reported that Grub does not sufficiently secure sensitive information. Because of this, an attacker may be able to gain unauthorized access to Grub user credentials.

The problem is in the storage of username and password information. This information is stored in the system registry in the key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\GrubClient\Settings. Data stored in this key is in plain text, and can be retrieved by any user with read permissions of the registry key.

1. Microsoft Internet Explorer window.createPopup Interface Spoofing Vulnerability BugTraq ID: 8176 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8176 Summary:

Microsoft Internet Explorer may permit aspects of the Windows interface to be spoofed. This could facilitate attacks a number of attacks against users of the browser, including spoofing address bars for web pages, or obscuring warning dialogs. Users may be apt to trust the spoofed content. This issue is due to the window.createPopup() function not using
'chromeless' windows. Other functions, such as createModalDialog() and
createModelessDialog(), will create 'chromeless' windows when invoked.

Windows created via window.createPopup() will have a few characteristics that may impede some types of attacks, such as the inability to focus the window and also that the window will close when the user clicks outside of it.

1. ImageMagick Display Filename Format String Vulnerability BugTraq ID: 8177 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8177 Summary:

ImageMagick is an image manipulation program. It is available for a variety of platforms including Microsoft Windows and Unix and Linux variant operating systems.

The ImageMagick display program is alleged to be prone to a format string vulnerability. Exploitation may occur when the program is invoked with a filename that includes malicious format specifiers. This issue could be exploited to corrupt arbitrary regions of memory with attacker-supplied data, potentially resulting in execution of arbitrary code in the context of the user running the program.

For this issue to be exploited, the program would need to be invoked with an untrusted filename. This could occur automatically if the program was specified as the default image viewer for an e-mail client or some other program.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue was reported for Unix/Linux platforms. It is not known if other platforms are similarly affected.

1. NeoModus Direct Connect Infinite Request Remote Denial Of Service Vulnerability BugTraq ID: 8178 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8178 Summary:

Direct Connect is a freely available file sharing client distributed by NeoModus. It is available for the Microsoft Windows and Linux platforms.

It has been reported that NeoModus Direct Connect does not sufficiently limit requests. Because of this, an attacker could potentially deny service to a legitimate user of the client.

The problem is in the limiting of connection requests by Direct Connect hubs. It is possible for a user to send an infinite amount of connection requests from one client to another through a hub. This could result in the consuming of network and system resources by the target client, making the target host unusable.

1. NFS-Utils Xlog Remote Buffer Overrun Vulnerability BugTraq ID: 8179 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8179 Summary:

nfs-utils provides various NFS tools, including a daemon for handling RPC requests. It is available for Unix and Linux variants.

A remote buffer overrun vulnerability has been reported in xlog, which is a logging facility for nfs-utils. It is possible to exploit this issue via mountd. It has been reported that exploitation of this issue will most likely result in a denial of service. There is a likelihood that this issue could be exploited to run arbitrary code in the context of mountd, which runs as root.

This vulnerability is an off-by-one boundary condition error in the xlog.c source file, which contains code for handling logging of RPC requests. In particular, the xlog() function is prone to this issue when a buffer equal to or longer than 1023 bytes is supplied, causing one byte of memory to be overrun with attacker-supplied data.

The issue could also occur in other nfs-utils components that call xlog with externally-supplied data.

1. Netscape Client Detection Tool Plug-In Buffer Overflow Vulnerability BugTraq ID: 8180 Remote: No Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8180 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Client Detection Tool plug-in is a component of the Netscape browser. It is maintained and distributed by Netscape, and available for the Microsoft Windows, Unix, and Linux platforms.

It has been reported that the Client Detection Tool plug-in is vulnerable to a buffer overflow when handling some types of files. This may result in the execution of arbitrary code with the privileges of the browser user.

The problem is in the handling of specially crafted files of the x-cdt mime type. A buffer overflow occurs when the CDT plug-in attempts to handle an argument of greater than 256 bytes. When a file name and path to a user's temporary directory total more than 256 bytes, it is possible to execute code contained in the file name.

Some limitations exist in this vulnerability. For example, some operating systems such as Microsoft Windows Server 2003 limit attachment name size to 218 bytes. Additionally, the file name cannot contain non-ASCII characters.

1. xfstt Denial Of Service Vulnerability BugTraq ID: 8182 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8182 Summary:

xfstt is an X font server designed to provide support for TrueType fonts.

It has been reported that attackers may be able to crash an xfstt server by sending it a specially malformed packet. Remote execution may also be possible.

Within the xfstt.cc source file, there exists a function called working(). In certain cases, this function may not properly perform bounds checking on incoming packets prior to parsing headers and storing information in internal buffers. Specifically, it is reported that it is possible to overflow the 'req->num_ranges' variable, causing a subsequent for loop to be miscalculated. This may allow arbitrary data to be written to adjacent memory locations, possibly resulting in a denial of service condition against the server.

It is not known whether or not this can be exploited to execute arbitrary code at this time.

1. Twilight WebServer GET Request Buffer Overflow Vulnerability BugTraq ID: 8181 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8181 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Twilight WebServer is an HTTP server designed for Microsoft Windows platforms.

It has been reported that Twilight WebServer may be remotely exploitable, due to a buffer overflow present in the function responsible for handling HTTP GET requests. If an attacker sends a string exceeding a specific length, it may be possible to crash the web server. If an attacker were to corrupt sensitive data residing in adjacent memory locations, it may be possible to execute arbitrary code.

1. Asus ADSL Router Information Disclosure Vulnerability BugTraq ID: 8183 Remote: Yes Date Published: Jul 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8183 Summary:

It has been reported that certain Asus ADSL routers make sensitive files available via a Web interface. No access control is enforced on these files, and as a result, remote users may view them without supplying any credentials. It may be possible to retrieve information such as usernames, unencrypted passwords, SNMP information and other configuration details. To exploit this ability, attackers may request the sensitive files from the root path of the web interface.

20. StarSiege Tribes Server Denial Of Service Vulnerability BugTraq ID: 8184
Remote: Yes
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8184
Summary:

StarSiege Tribes is a multiplayer game, which consists of a client and a server component.

StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability.

The issue presents itself when the affected server receives and processes a malformed UDP datagram. Reportedly when the server handles a UDP datagram containing 255 bytes of random characters, an exception will be thrown and the StarSiege Tribes Game Server will crash. Service will be denied, to current connected users of the system.

Because of the nature of this vulnerability, it has been conjectured that it may be further exploitable to execute arbitrary instructions. This however has not been investigated or confirmed.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that the impact of this vulnerability is reduced somewhat, due to the inclusion of the vendor supplied application. InfiniteSpawn.exe, which will restart the server in the event of a crash.

21. CyberShop ASP ShopDBTest.ASP Information Disclosure Vulnerability BugTraq ID: 8186
Remote: Yes
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8186
Summary:

CyberShop ASP is e-commerce software that is implemented in ASP.

CyberShop ASP may not adequately protect debugging scripts in a default installation, this may provide for the disclosure of potentially sensitive information.

It has been reported that a remote attacker may access the CyberShop ASP
'shopdbtest.asp' script, on a default install, without requiring prior
authentication. This issue may be exploited by a malicious attacker to disclose potentially sensitive information that is contained in the database used by CyberShop ASP.

Information gathered this way might be used to aid in further attacks launched against the affected system.

It should be noted that although this vulnerability has been reported to affect CyberShop ASP 6.0 Fx, other versions might also be affected.

22. BlazeBoard Information Disclosure Vulnerability BugTraq ID: 8188
Remote: Yes
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8188
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

BlazeBoard is an online web-based portal system.

It has been alleged that BlazeBoard fails to adequately protect the contents of a directory in a default install, specifically the 'docs' directory. It is therefore possible for remote users to request files from this directory. This could expose sensitive information stored in these directories to remote attackers.

Information collected in this manner may be used to aid in further attacks launched against the vulnerable system.

This issue could be related to BlazeBoard configuration.

23. EJ3 BlackBook HTML Injection Vulnerability BugTraq ID: 8185
Remote: Yes
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8185
Summary:

BlackBook is a Web-based guestbook system written in PHP.

EJ3 BlackBook does not filter script code from many input fields used to accept guestbook signature information, making it prone to HTML injection attacks. Attacker-supplied script code may be included in fields submitted in the 'sign.php' script. The attacker-supplied script code will be executed in the browser of a web user who views guestbook entries, in the security context of the site running BlackBook.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of BlackBook. Other attacks are also possible.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that attackers must include the malicious script in fields other than the message body.

24. EJ3 BlackBook Plaintext Password Storage Weakness BugTraq ID: 8187
Remote: No
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8187
Summary:

BlackBook is a Web-based guestbook system written in php.

It has been reported that BlackBook stores usernames and passwords in plaintext locally. This information is stored in the config.php script. As a result, these credentials could be exposed to other local users who have the permissions to access and read that file.

25. EJ3 BlackBook Information Disclosure Vulnerability BugTraq ID: 8189
Remote: Yes
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8189
Summary:

BlackBook is a Web-based guestbook system written in PHP.

It has been reported that the BlackBook installation routine does not properly set filesystem permissions on the /blackbook/data/data.dat file. This file contains posts made to the guestbook, as well as associated usernames and IP addresses for each post. Users may be able to read this file and subsequently retrieve sensitive information associated with a given user.

It should be noted that even though the setup procedure indicates permissions are being set, the operation may not be successful. This would leave the files exposed to unauthorized users.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

26. EJ3 BlackBook phpinfo.php Information Disclosure Weakness BugTraq ID: 8190
Remote: Yes
Date Published: Jul 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8190
Summary:

BlackBook is a Web-based guestbook system written in PHP.

A problem with BlackBook may make it possible for a remote user to gain access to sensitive information.

It has been reported that BlackBook enables a script by default that may reveal sensitive information. The phpinfo.php script is packaged with BlackBook, and installed by default in the BlackBook directory tree. A remote user may use this script to gain information about the server, including path and environment information.

This vulnerability could lead to a more directed attack against hosts.

27. Citadel/UX Configuration Buffer Overrun Vulnerability BugTraq ID: 8191
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8191
Summary:

Citadel/UX is an open source BBS package for Linux, BSD, Solaris and other Unix systems.

Citadel/UX provides a means for clients to execute commands as an internal program and access IPC (Inter-process Communications). To use this feature, clients must supply an internal program password via the IPGM command.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Citadel/UX is prone to a buffer overrun when importing configuration data supplied by IPGM authenticated users. If excessive data is supplied during an import, it is possible to corrupt sensitive regions of stack memory with specific values. This may be exploited to execute arbitrary code in the context of the server.

28. Citadel/UX Unlimited Biography Data Denial Of Service Vulnerability BugTraq ID: 8192
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8192
Summary:

Citadel/UX is an open source BBS package for Linux, BSD, Solaris and other Unix systems.

Citadel/UX allows users to add biographical data to their profile. This is facilitated via the EBIO command.

Citadel/UX does not limit the amount of Biography data that clients can supply. This data is written to a file on the system hosting the BBS. A malicious user of the BBS could exploit this to cause a denial of service by supplying excessive data, potentially using up disk space available to the system user that the BBS is running as.

29. Citadel/UX Weak Internal Program Authentication Key Vulnerability BugTraq ID: 8193
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8193
Summary:

Citadel/UX is an open source BBS package for Linux, BSD, Solaris and other Unix systems.

Citadel/UX uses an authentication key exchange process, normally used to authenticate to the Citadel/UX as an internal trusted program (IPGM).

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for Citadel/UX, the issue presents itself in the procedure used by Citadel/UX to generate the internal program authentication key. The affected server derives the key using an srand() call, the current process ID is used as the seed for srand(). This method results in a low entropy key that can be replicated, if the current PID for the affected Citadel/UX server is known.

A remote attacker may exploit this vulnerability, by iterating through possible process IDs in a sequential manner. If successful the attacker may authenticate with the affected server as a trusted program, and consequently attain elevated privileges.

30. Exceed Font Name Handler Buffer Overflow Vulnerability BugTraq ID: 8194
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8194
Summary:

The Exceed X server is an X Windows server for Microsoft Windows systems. The server listens for connections on port 6000. Exceed client software is then used to connect to the Exceed X server.

The Exceed server and client have been reported prone to a remotely triggered buffer overflow vulnerability. An attacker may trigger this vulnerability by sending >=6001 bytes of data as a font name to the server via an XLoadQueryFont() request, or by passing a malicious font name from the server to the client in a manner sufficient to trigger the overflow. When the vulnerable software handles this request it will crash.

The issue is likely due to a lack of sufficient bounds checking performed on font name data before it is copied into a reserved memory buffer. If the supplied data exceeds the size of the reserved buffer, excessive data may overrun the bounds of the buffer and corrupt adjacent memory space. In this instance, it has been reported that adjacent memory contains a saved instruction pointer. Because the attacker has the ability to influence program execution flow, it may be possible to supply and execute arbitrary code. This however has not been confirmed.

It has been demonstrated that this vulnerability may be exploited to trigger a denial of service condition, although unconfirmed, code execution may also be possible.

31. QMail-SMTPD-Auth True Program Remote E-Mail Vulnerability BugTraq ID: 8196
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8196
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

qmail-smtpd-auth is a freely available, open source program to add support for the AUTH extension to QMail. It is available for the Unix and Linux platforms.

A vulnerability in qmail-smtpd-auth has been reported when malformed authentication requests are received. This may result in an attacker circumventing authentication to send e-mail.

The problem is in the handling of requests that do not contain all the correct parameters. By submitting a request for authentication to a qmail daemon patched with the vulnerable code, and omitting the hostname component of a request to authenticate against the server when attempting to relay e-mail through a specific server, an attacker may bypass authentication.

This problem requires the site be configured to use /bin/true as the dummy program. It should be noted that this is the default configuration.

32. NetSuite HTTP Server Directory Traversal Vulnerability BugTraq ID: 8197
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8197
Summary:

NetSuite is a simple SMTP and HTTP/CGI server for Microsoft Windows based systems.

The HTTP component of NetSuite has been reported prone to a directory traversal vulnerability.

Various combinations of encoded directory traversal sequences may be used to break out of the web root directory. Attackers may gain access to files that are readable by the web server as a result.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation may expose sensitive information to remote attackers. This information could be used to aid in further attacks that attempt to compromise the host.

33. Deutsche Telekom Teledat DSL Router Portscan Remote Denial Of Service Vulnerability BugTraq ID: 8199
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8199
Summary:

Teledat is the DSL router solution distributed and maintained by Deutsche Telekom.

A problem has been reported in the handling of portscans by Deutsche Telekom Teledat DSL routers. Because of this, an attacker may be able to deny service to legitimate users.

It has been reported that Teledat routers become unstable when portscanned. This vulnerability was originally reported as the result of running the Symantec Security Check tools against a system behind the router. It is likely that a remote attacker could reproduce this issue through one of several free, publicly available utilities.

The problem has been reported in the 530 series router, and may exist in other models.

34. Splatt Forum Post Icon HTML Injection Vulnerability BugTraq ID: 8198
Remote: Yes
Date Published: Jul 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8198
Summary:

Splatt Forum is a public message board plugin designed to be used with PHPNuke.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization performed on HTML code that may be injected as the post icon value in a new post.

An attacker may save a Splatt Forum post form offline, and modify it so that the post icon value contains arbitrary attacker supplied HTML code. As a result, a malicious user may have the ability to submit a post to the site containing embedded script code. This code would be executed by a user's browser in the context of the vulnerable site.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate user by using cookie-based authentication credentials. Other attacks are also possible.

III. SECURITYFOCUS NEWS AND COMMENTARY

1. DirecTV dragnet snares innocent techies By Kevin Poulsen

In recent months the satellite TV giant has filed nearly 9,000 federal lawsuits against people who've purchased signal piracy devices. But some of those devices have legitimate uses, and innocent computer geeks are getting caught in the crackdown.

http://www.securityfocus.com/news/6402

2. Honeynet: Carders are Getting Bold
By Kevin Poulsen

Researchers live among online credit card thieves for a month.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/news/6353

3. Cisco IOS DoS exploit released in the wild By John Leyden, The Register

The risk posed by a serious DoS vulnerability to a wide range of Cisco Systems routers and switches has been upgraded following the release of an exploit onto a full disclosure mailing list.

4. Thawte issues doppelganger certs warning By John Leyden, The Register

Digital certificate specialist Thawte has discovered that its systems have issued certificates with duplicate numbers over the last few months.

http://www.securityfocus.com/news/6420

IV. SECURITYFOCUS TOP 6 TOOLS

1. Lazy Encryption Algorithm v1 by Eduardo Ruiz Relevant URL: http://lea.research.kelsisiler.com Platforms: Linux Summary:

LEA is a simple algorithm for file encryption that uses boolean algebra and modular arithmetic to test the stream and generate numbers with a logical order. Using bytes as increments and decrements users can choose between normal encryption without a pseudo- random data generator or steganography with or without random data.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Modular Access Control System v0.7.1-alpha by Mario D. Santana
Relevant URL:
http://macs.sf.net/
Platforms: Os Independent
Summary:

Modular Access Control System (MACS) is a system for global authentication, authorization, user/group/resource management, and application services.

3. shellforge v0.1.14
by Philippe Biondi biondi@cartel-securite.fr Relevant URL:
http://www.cartel-info.fr/pbiondi/shellforge.html Platforms: Linux, POSIX
Summary:

shellforge enables you to write shellcode programs in C. It transforms C program code into shellcode that will run on a Linux/x86 system. It provides macros to substitute libc calls with direct system calls and a Python script to automate compilation, extraction, encoding, and tests.

4. aNTG v1.0
by Lucas
Relevant URL:
http://www.thebobo.com/antg.php
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

aNTG (another Network Traffic Grapher) is a PHP program that collects and graphs network traffic statistics on a Linux machine.

5. Remote Nmap v0.10
by Tuomo Makinen, tmakinen@pp.htv.fi
Relevant URL:
http://rnmap.sourceforge.net
Platforms: UNIX
Summary:

Remote nmap (Rnmap) is a pair of client and server programs which allow for various authorised clients to run their port scans from a centralised server.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. Qingy Is Not Getty v0.2
by Noberasco
Relevant URL:
http://qingy.sourceforge.net/
Platforms: Linux, POSIX
Summary:

qingy is a replacement for getty. It uses DirectFB to provide a fast, nice GUI without the overhead of the X Windows System. It allows the user to log in and start the session of his choice (text console, GNOME, KDE, wmaker, etc.).

V. SECURITY JOBS SUMMARY

1. Information Security Analyst vacancy (Thread) Relevant URL: