QODS ec

Tuesday, June 29, 2004

SEC: SecurityFocus Newsletter #255

SecurityFocus Newsletter #255
------------------------------

This issue sponsored by: FaceTime

Free Webinar! Enterprise IM: How IT Managers Can Survive.

Featured Speaker: Nate Root, Senior Analyst, Forrester Research. IT
directors and security managers will gain new insights to balance
compliance and security risks. Highlights an integrated solution from
FaceTime Communications and MSN Messenger Connect for Enterprises. Ideal
for financial services, healthcare, energy companies and other regulated
organizations.

View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_sf-news_040629

------------------------------------------------------------------------
I. FRONT AND CENTER
1. Packet Crafting for Firewall & IDS Audits (Part 1 of 2)
2. When Spyware Crosses the Line
3. Redmond's Butterfly Effect
II. BUGTRAQ SUMMARY
1. Sup Remote Syslog Format String Vulnerability
2. Multiple ircd Socket Dequeuing Denial of Service Vulnerabili...
3. Infoblox DNS One Script Injection Vulnerability
4. RSSH Information Disclosure Vulnerability
5. Super Local Format String Vulnerability
6. Novell iChain SNMP Default Community String Vulnerability
7. WWW-SQL Include Command Buffer Overflow Vulnerability
8. Rlpr msg() Function Multiple Vulnerabilities
9. Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass...
10. Sun Enterprise Storage Manager Local Unspecified Privilege E...
11. TildeSlash Monit Authentication Handling Buffer Overflow Vul...
12. GNU Radius SNMP OID Remote Denial Of Service Vulnerability
13. nCipher netHSM Logged Passphrase Information Disclosure Vuln...
14. Multiple Vendor Broadband Router Web-Based Administration De...
15. OSTicket New Ticket Attachment Remote Command Execution Vuln...
16. D-Link AirPlus DI-614+ DHCP Log HTML Injection Vulnerability
17. SqWebMail Email Header HTML Injection Vulnerability
18. BT Voyager 2000 Wireless ADSL Router SNMP Community String ...
19. ISC DHCPD Hostname Options Logging Buffer Overflow Vulnerabi...
20. ISC DHCPD VSPRINTF Buffer Overflow Vulnerability
21. ArbitroWeb PHP Proxy Cross-Site Scripting Vulnerability
22. Linux Kernel IEEE 1394 Integer Overflow Vulnerability
23. Sun Solaris Basic Security Module Auditing Denial Of Service...
24. PHP-Nuke Multiple Vulnerabilities
25. FreeBSD execve() Unaligned Memory Access Denial Of Service V...
26. CPlay Insecure Temporary File Handling Symbolic Link Vulnera...
27. php-exec-dir Patch Command Access Restriction Bypass Vulnera...
28. Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow...
29. IBM Lotus Notes URI Handler Remote Code Execution Vulnerabil...
30. 3Com SuperStack Switch Web Interface Denial Of Service Vulne...
31. VBulletin Multiple Module HTML Injection Vulnerability
32. GNU gzexe Temporary File Command Execution Vulnerability
33. giFT-FastTrack HTTP Header Parser Remote Denial Of Service V...
34. ZaireWeb Solutions Newsletter ZWS Administrative Interface A...
35. Sun Solaris Patches 112908-12 And 115168-03 Clear Text Passw...
36. SWSoft Confixx Backup Script Information Disclosure Vulnerab...
37. Dr.Cat Drcatd Multiple Local Buffer Overflow Vulnerabilities
38. GNU GNATS Syslog() Format String Vulnerability
39. Sysstat Multiple Local Buffer Overflow Vulnerabilities
40. FreeS/WAN X.509 Patch Certificate Verification Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Gates Defends Microsoft Patch Efforts
2. Wi-fi hopper guilty of cyber-extortion
3. Feds urge secrecy over network outages
4. CERT recommends anything but IE
5. Web infection may be aimed at stealing financial data
6. Infectious Web sites attack through Microsoft browser
IV. SECURITYFOCUS TOP 6 TOOLS
1. DumpSIS.pl 0.81
2. CifsPwScanner 1.0.3
3. Wasabi 0.2
4. Athena 1.0
5. SnortNotify 1.02
6. CryptoHeaven v2.4.0
V. SECURITYJOBS LIST SUMMARY
1. Large e-commerce company seeks Manager, Information ... (Thread)
2. Senior Security Architect - Atlanta, GA (Thread)
3. Applications Security Specialist - NYC (Thread)
4. QA Test Engineer Silicon Valley (Thread)
5. Senior RACF Security Analyst - Indianapolis (Thread)
6. Applications Security Developer - NYC (Thread)
7. Identity / Access Management Consultants - NY, IL, D... (Thread)
8. Channel Sales Executive Need (Thread)
9. Director Quality Assurance Silicon Valley (Thread)
10. Sales Engineer / Trainer Need - Channels (Thread)
11. Information Security Engineer Needed Immediately!!! ... (Thread)
12. SALES ENGINEER - New Jersey (Thread)
13. Seeking Summer Internship - Long Island, NY (Thread)
14. Application Security Consultant, Financial Services ... (Thread)
15. TOP UK SECURITY MOD ROLE - CONTRACT AND PERM! GREAT ... (Thread)
16. (Federal) Sales Engineer - D.C. Metro Area (Thread)
17. Marketing Program Manager - San Francisco (Thread)
18. Technical IT Security Consultants, Houston, TX (Thread)
19. (job offered) Security Technology Implementation Con... (Thread)
20. Security Consultant (Chicago and DC) (Thread)
21. Vice President Sales (Thread)
22. (job offered) Sr. SMS Consultants with security expe... (Thread)
23. CISSP ISO 17799 Auditors Needed (Thread)
24. Inside Sales Represenatives (Thread)
25. sales engineer with development/programming experien... (Thread)
26. IT Security Administrator, London, UK (Thread)
27. Security Marketing Consultant (Thread)
28. security analyst-Virginia (Thread)
29. Senior Security Architect/Consultant contract positi... (Thread)
30. IDS Engineers - Immediate Need (Thread)
31. Technical SE - DC Area (Thread)
32. Operations Security Analyst vacnacy based in London ... (Thread)
33. Information Security Manger vacancy (3 month contrac... (Thread)
34. Consulting and training opportunities at @stake (Thread)
35. VOIP Security Research & Development - Austin TX (Thread)
36. Operations Security Manager vacancy London UK (Thread)
37. Spammers @ Igxglobal.com (Thread)
38. SE - Metro DC Area (Thread)
39. Compliance Manager (Thread)
VI. INCIDENTS LIST SUMMARY
1. Scob infection statistics, etc.. (Thread)
2. Symantec DeepSight Threat Management System Analysis... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-06-22 to 2004-06-29.
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Consumer Security Web Site (Thread)
2. Article Announcement: Redmond's Butterfly Effect (Thread)
3. [news] Consumer Security Web Site (Thread)
4. Problem with patches after import the Windows 2003 b... (Thread)
5. SecurityFocus Microsoft Newsletter #194 (Thread)
IX. SUN FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-06-22 to 2004-06-29.
X. LINUX FOCUS LIST SUMMARY
1. Error installing Clamav? (Thread)
2. Counting p2p traffic. (Thread)
3. just running tcpdump makes promisc mode? (Thread)
4. Close ports 137 and 138 samba server? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Packet Crafting for Firewall & IDS Audits (Part 1 of 2)
By Don Parker

This article is the first of a two-part series that will discuss various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques.

http://www.securityfocus.com/infocus/1787

2. When Spyware Crosses the Line
By Kelly Martin

"Spyware" isn't harmless software when it starts hijacking your browser,
downloading updates, and displaying adult porn images to small children.

http://www.securityfocus.com/columnists/250

3. Redmond's Butterfly Effect
By Tim Mullen

Criminals are benefiting from an Internet Explorer that's so complex even
Microsoft can't predict its behavior.

http://www.securityfocus.com/columnists/251

II. BUGTRAQ SUMMARY
-------------------
1. Sup Remote Syslog Format String Vulnerability
BugTraq ID: 10571
Remote: Yes
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10571
Summary:
sup is prone to a remotely exploitable format string vulnerability. This issue could be exploited to execute arbitrary code in the context of the supfilesrv process.

2. Multiple ircd Socket Dequeuing Denial of Service Vulnerabili...
BugTraq ID: 10572
Remote: Yes
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10572
Summary:
A denial of service vulnerability exists in multiple ircd implementations. This exists because of an issue with the deallocation of buffers used by rate limiting mecahnisms in the ircd. This could result in exhaustion of memory resources on the system running the ircd.

This issue was reported to exist in ircd-hybrid version 7.0.1 and earlier, ircd-ratbox 1.5.1 and earlier, and ircd-ratbox 2.0rc6 and earlier.

3. Infoblox DNS One Script Injection Vulnerability
BugTraq ID: 10573
Remote: Yes
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10573
Summary:
The Infoblox DNS One appliance has been reported prone to a script injection vulnerability. A remote attacker could potentially gain access to the vulnerable device or potentially execute script on the computer used to access the device. The issue is only present if the device is being used for DHCP.

4. RSSH Information Disclosure Vulnerability
BugTraq ID: 10574
Remote: Yes
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10574
Summary:
rssh contains a vulnerability that could allow users within a chroot jail to determine the existence of files outside the chroot jail. Information gathered in this manner can be used to launch further attacks against the system.

This vulnerability is reported to exist in rssh versions 2.0 to 2.1.x.

5. Super Local Format String Vulnerability
BugTraq ID: 10575
Remote: No
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10575
Summary:
super is prone to a locally exploitable format string vulnerability. The problem occurs due to the incorrect usage of programming functions designed to take formatted arguments.

Because of this, attacker supplied format specifiers will be interpreted literally by the vulnerable program. This vulnerability may provide a conduit for an attacker to influence arbitrary writes into process memory space. Ultimately this vulnerability may be exploited in order to have arbitrary code executed with superuser privileges.

**Update: This issue was originally believed to be a duplicate of BID 5367, however further reports indicate that this is not the case. Therefore this BID is reinstated.

6. Novell iChain SNMP Default Community String Vulnerability
BugTraq ID: 10576
Remote: Yes
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10576
Summary:
It has been reported that Novell iChains uses default SNMP community names. Exploitation of this issue could allow for information disclosure.

7. WWW-SQL Include Command Buffer Overflow Vulnerability
BugTraq ID: 10577
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10577
Summary:
www-sql is reportedly vulnerable to a buffer overflow vulnerability in its include command implementation. This issue arises due to a failure of the affected application to properly handle user-supplied strings when copying them into finite stack-based buffers.

An attacker can leverage this issue to manipulate process memory; by supplying program code as well as a specially selected memory address an attacker gain control of the processes execution flow allowing for arbitrary code execution.

8. Rlpr msg() Function Multiple Vulnerabilities
BugTraq ID: 10578
Remote: Yes
Date Published: Jun 19 2004
Relevant URL: http://www.securityfocus.com/bid/10578
Summary:
It is reported that rlpr is prone to multiple vulnerabilities. These vulnerabilities can allow a remote attacker to execute arbitrary code in order to gain unauthorized access.

The application is affected by a format string vulnerability. This vulnerability presents itself due to insufficient sanitization of user-supplied data through the 'msg()' function.

The 'msg()' function is also affected by a buffer overflow vulnerability. This issue occurs due to insufficient boundary checking and may also be exploited to gain unauthorized access to a vulnerable computer.

rlpr versions 2.04 and prior are affected by these issues.

9. Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass...
BugTraq ID: 10579
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10579
Summary:
Microsoft Internet Explorer is prone to a zone bypass vulnerability. A remote attacker may execute code in the Intranet zone. An attacker can exploit this issue by using a non-FQDN URI.

Successful exploitation of this vulnerability could lead to the execution of malicious script or ActiveX controls in the Intranet zone.

Update: It is reported that this issue can also be exploited to bypass to other zones. For example, by using a trusted URI, an attacker can access the Trusted zone.

This issue seems to be related to BID 10517 (Multiple Browser URI Obfuscation Weakness).

10. Sun Enterprise Storage Manager Local Unspecified Privilege E...
BugTraq ID: 10580
Remote: No
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10580
Summary:
Sun Enterprise Storage Manager is affected by a local unspecified privilege escalation vulnerability. The Enterprise Storage Manager is bundled with the StorEdge Enterprise Storage Management Suite.

This issue would allow an attacker to gain superuser privileges on the affected computer.

11. TildeSlash Monit Authentication Handling Buffer Overflow Vul...
BugTraq ID: 10581
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10581
Summary:
It is reported that TildeSlash Monit is vulnerable to a buffer overflow vulnerability during authentication handling. This issue arises due to a failure of the affected application to properly handle user-supplied strings when copying them into finite stack-based buffers.

Successful exploitation of this issue allows an attacker to execute arbitrary code as the superuser; facilitating unauthorized access and privilege escalation.

12. GNU Radius SNMP OID Remote Denial Of Service Vulnerability
BugTraq ID: 10582
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10582
Summary:
GNU Radius is reported prone to a remote denial of service vulnerability. The issue is reported to present itself when GNU Radius handles SNMP messages that contain invalid Object ID data. It is reported that this vulnerability will exist only when the affected Radius server is compiled with the '-enable-snmp' option.

13. nCipher netHSM Logged Passphrase Information Disclosure Vuln...
BugTraq ID: 10583
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10583
Summary:
It is reported that nCipher's netHSM improperly logs passphrases entered via the netHSM front panel.

Passphrases are improperly logged when entered on the front panel of the netHSM device, either through the built-in thumbwheel or a directly attached keyboard. Under certain configurations, these passphrases are also sent to a remote filesystem.

If an attacker has access to the passphrases, it may aid them in further attacks. Exploitation of the netHSM infrastructure requires physical access to a hardware smartcard, the netHSM device, an acquired passphrase, and access to host data.

If the passphrase is reused in a different context, an attacker may be able to launch further attacks.

A firmware upgrade is available resolving this issue.

14. Multiple Vendor Broadband Router Web-Based Administration De...
BugTraq ID: 10585
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10585
Summary:
Multiple broadband routers from several different vendors, used for home and small office Internet sharing and routing are reported affected by a denial of service vulnerability in their web-based administration interfaces.

The embedded web server is reportedly unable to maintain more than a small number of simultaneous TCP connections. An attacker who maintains a number of connections to port 80 of an affected device will block access to the web administration application for legitimate users.

An attacker could block access to the administration interface as long as they can maintain the TCP connections.

Netgear FVS318, Linksys BEFSR41, and Microsoft MN-500 devices are reported to be susceptible.

15. OSTicket New Ticket Attachment Remote Command Execution Vuln...
BugTraq ID: 10586
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10586
Summary:
osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable name in a known web accessible location.

16. D-Link AirPlus DI-614+ DHCP Log HTML Injection Vulnerability
BugTraq ID: 10587
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10587
Summary:
It is reported that the DI-614+ is susceptible to an HTML injection vulnerability in its DHCP log.

An attacker who has access to the wireless segment of the router can craft malicious DHCP hostnames, that when sent to the router, will be logged for later viewing by the administrator of the device.

The injected HTML can be used to cause the administrator to make unintended changes to the configuration of the router. Other attacks may be possible.

Although only the DI-614+ is reported vulnerable, code reuse across devices is common and other products may also be affected.

17. SqWebMail Email Header HTML Injection Vulnerability
BugTraq ID: 10588
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10588
Summary:
SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings.

The problem presents itself when an unsuspecting user views an email message containing malicious HTML and script code in the email header.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials.

18. BT Voyager 2000 Wireless ADSL Router SNMP Community String ...
BugTraq ID: 10589
Remote: Yes
Date Published: Jun 22 2004
Relevant URL: http://www.securityfocus.com/bid/10589
Summary:
BT Voyager 2000 Wireless ADSL Router is reported prone to a sensitive information disclosure vulnerability.

It is reported that 'public' SNMP MIB community strings which, are world readable by default contain sensitive information pertaining to the internal protected network.

Data collected by exploiting this vulnerability may be used in further attacks against the victim network.

19. ISC DHCPD Hostname Options Logging Buffer Overflow Vulnerabi...
BugTraq ID: 10590
Remote: Yes
Date Published: Jun 22 2004
Relevant URL: http://www.securityfocus.com/bid/10590
Summary:
ISC DHCPD is prone to a remotely exploitable buffer overflow vulnerability. This issue exists in routines responsible for logging hostname options provided by DHCP clients. Successful exploitation could result in execution of arbitrary code in the context of the DHCPD server.

This issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13. The vulnerable code exists in previous versions of ISC DHCPD 3, but is only believed to be exploitable in these two releases.

20. ISC DHCPD VSPRINTF Buffer Overflow Vulnerability
BugTraq ID: 10591
Remote: Yes
Date Published: Jun 22 2004
Relevant URL: http://www.securityfocus.com/bid/10591
Summary:
ISC DHCPD is reported likely vulnerable to remotely exploitable buffer overflow vulnerabilities on systems which lack a vsnprintf() library function.

On systems which lack the vsnprintf() library call, ISC DHCPD defines vsnprintf as:
#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)

This definition discards the size argument to the function, potentially allowing any occurrence of vsnprintf() to be exploitable, by overflowing whatever intended buffer is passed to the library call.

Other locations in DHCPD utilizing this function may be exploitable. Successfully exploiting this issue may lead to a denial of service condition, or remote code execution in the context of the DHCPD server.

This issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13.

21. ArbitroWeb PHP Proxy Cross-Site Scripting Vulnerability
BugTraq ID: 10592
Remote: Yes
Date Published: Jun 22 2004
Relevant URL: http://www.securityfocus.com/bid/10592
Summary:
It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter.

The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter is improperly sanitized, and may be used in a cross-site scripting attack.

An attacker may craft a URI that contains malicious HTML or script code. If a victim user follows this link, the HTML contained in the affected URI parameter will be executed in the context of the vulnerable site.

The attacker could use this vulnerability to steal cookie-based authentication credentials, or perform other types of attacks.

22. Linux Kernel IEEE 1394 Integer Overflow Vulnerability
BugTraq ID: 10593
Remote: No
Date Published: Jun 22 2004
Relevant URL: http://www.securityfocus.com/bid/10593
Summary:
The driver for IEEE 1394 in the Linux kernel is reported to contain an integer overflow vulnerability.

The driver contains a function called alloc_hpsb_packet(). This function takes an unsigned integer argument and uses it to allocate kernel memory. When allocating memory, the value is incremented, potentially overflowing the integer.

There are multiple code paths leading to the vulnerable alloc_hpsb_packet() function, with multiple possible methods of exploiting this vulnerability.

Successful exploitation could lead to system crash, or possible code execution.

23. Sun Solaris Basic Security Module Auditing Denial Of Service...
BugTraq ID: 10594
Remote: No
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10594
Summary:
Sun Solaris Basic Security Module is reportedly affected by a denial of service vulnerability.

This issue will allow an attacker to cause the affected kernel to panic, requiring a reboot of the system, and denying service to legitimate users.

24. PHP-Nuke Multiple Vulnerabilities
BugTraq ID: 10595
Remote: Yes
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10595
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting, HTML injection, and SQL injection attacks.

Although unconfirmed, all versions of PHP-Nuke are considered to be vulnerable at this point. This BID will be updated as more information becomes available.

25. FreeBSD execve() Unaligned Memory Access Denial Of Service V...
BugTraq ID: 10596
Remote: No
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10596
Summary:
It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call.

An attacker with local interactive user-level access on an affected machine is reportedly able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.

FreeBSD 5.1-RELEASE/Alpha is reported vulnerable, other architectures with strict memory alignment requirements are also likely vulnerable. IA32 is reported immune. Versions other than 5.1-RELEASE are likely affected as well.

26. CPlay Insecure Temporary File Handling Symbolic Link Vulnera...
BugTraq ID: 10597
Remote: No
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10597
Summary:
It is reported that cplay is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the application to insecurely write to a temporary file that is created with a predictable file name. The cplay utility will write to this file before verifying its existence; this would facilitate a symbolic link attack.

27. php-exec-dir Patch Command Access Restriction Bypass Vulnera...
BugTraq ID: 10598
Remote: Yes
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10598
Summary:
Reportedly php-exec-dir patch is vulnerable to a command access restriction bypass vulnerability. This issue arises due to an input validation error that allow a user to execute files outside of the specified directory.

Successful exploitation of this issue will allow an attacker that has control of input to a command execution function to execute files that are outside of the specified directory. Administrators might have a false sense of security due to this issue.

28. Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow...
BugTraq ID: 10599
Remote: No
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10599
Summary:
It is reported that the bcm5820 Linux kernel driver contains an integer overflow vulnerability.

The driver contains a function ubsec_ioctl() which is used to setup operating parameters for the driver. This function takes user-supplied data and copies it into kernel-space. When copying this data, a user-supplied length value is used in a calculation. This calculation could cause an integer overflow when allocating buffer space.

This vulnerability could lead to a system crash, or possible code execution in the context of the kernel.

This driver is not present in the vanilla Linux kernel, nor is it standard in most distributions of Linux. Redhat 8, with Linux kernel 2.4.20 is confirmed to include the vulnerable driver, but others are also potentially vulnerable.

29. IBM Lotus Notes URI Handler Remote Code Execution Vulnerabil...
BugTraq ID: 10600
Remote: Yes
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10600
Summary:
A vulnerability is reported to affect the way Lotus Notes URIs are handled. The vulnerability exists due to a lack of sufficient input validation performed on Lotus Notes URIs.

By controlling influencing notes.ini content, it is possible for a remote attacker to execute arbitrary code.

Code execution will occur in the context of the user who is running the vulnerable instance of Lotus Notes.

30. 3Com SuperStack Switch Web Interface Denial Of Service Vulne...
BugTraq ID: 10601
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10601
Summary:
It has been reported that 3Com SuperStack switches are affected by a denial of service vulnerability. This issue arises due to a failure of the device to handle exceptional input.

This issue will allow an attacker to cause the affected device to reset, denying service to legitimate users.

31. VBulletin Multiple Module HTML Injection Vulnerability
BugTraq ID: 10602
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10602
Summary:
VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts.

An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by other users, potentially allowing for theft of cookie-based authentication credentials and other attacks.

This issue is reported to affect VBulletin version 3.0.1, however, it is likely that other versions are affected as well.

32. GNU gzexe Temporary File Command Execution Vulnerability
BugTraq ID: 10603
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10603
Summary:
Reportedly gzexe is affected by a temporary file command execution vulnerability. This issue is due to a failure of the application properly handle exceptional condition when attempting to create temporary files.

This issue may allow an attacker to execute an arbitrary file in the context of an unsuspecting user; this may potentially lead to privilege escalation or unauthorized access.

33. giFT-FastTrack HTTP Header Parser Remote Denial Of Service V...
BugTraq ID: 10604
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10604
Summary:
It is reported that the giFT-FastTrack module is prone to a denial of service vulnerability in its HTTP header parser.

A remote attacker who sends malformed HTTP requests to an affected giFT server can crash the server.

The vendor has released version 0.8.7, addressing this issue. All prior versions are reported affected by this vulnerability.

34. ZaireWeb Solutions Newsletter ZWS Administrative Interface A...
BugTraq ID: 10605
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10605
Summary:
Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the implementation of the authentication system for the interface. The flaw allows a user to set their privileges through a URI parameter passed to the 'admin.php' script.

35. Sun Solaris Patches 112908-12 And 115168-03 Clear Text Passw...
BugTraq ID: 10606
Remote: No
Date Published: Jun 25 2004
Relevant URL: http://www.securityfocus.com/bid/10606
Summary:
Sun Solaris patches 112908-12 and 115168-03 are affected by a clear text password logging vulnerability. This issue is due to a design error that fails to secure sensitive information while logging activity.

This issue may allow a local attacker to harvest passwords for users of the affected computer; it is currently not known whether the attacker must have privileged access to the affected computer to view the offending files.

36. SWSoft Confixx Backup Script Information Disclosure Vulnerab...
BugTraq ID: 10607
Remote: Yes
Date Published: Jun 25 2004
Relevant URL: http://www.securityfocus.com/bid/10607
Summary:
It is reported that SWSoft Confixx contains an information disclosure vulnerability in its backup script.

A user of Confixx has the ability to backup their files from the server. Reportedly, by issuing a malicious backup request, a regular user of Confixx may cause files in /root to be backed up as well.

By issuing a malicious backup request, an attacker can download potentially sensitive information from the server. This information may aid the attacker in further attacks.

Specific information about this vulnerability is unknown at this time. This BID will be updated when more information is disclosed.

37. Dr.Cat Drcatd Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 10608
Remote: No
Date Published: Jun 25 2004
Relevant URL: http://www.securityfocus.com/bid/10608
Summary:
Dr.Cat is reported prone to multiple local buffer overflow vulnerabilities. These vulnerabilities exist due to insufficient boundary checks performed by certain functions of the application. These vulnerabilities may allow a local attacker to gain uanuthorized access and/or elevated privileges on a vulnerable computer.

An attacker may also be able to exploit this issue remotely, however, this cannot be confirmed at the moment.

All versions of the application are considered to be vulnerable at this moment.

38. GNU GNATS Syslog() Format String Vulnerability
BugTraq ID: 10609
Remote: Yes
Date Published: Jun 25 2004
Relevant URL: http://www.securityfocus.com/bid/10609
Summary:
It is reported that GNU GNATS contains a format string vulnerability in its logging function.

GNATS has the ability to log to various files: stderr, syslog() or a file.

If an attacker devises a method of controlling the arguments to the logging function, they would be able to read or write arbitrary locations in memory. Code execution could be possible.

GNU GNATS version 4.0 is reported vulnerable. Other version may also be affected.

39. Sysstat Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 10610
Remote: No
Date Published: Jun 25 2004
Relevant URL: http://www.securityfocus.com/bid/10610
Summary:
Sysstat is reported prone to multiple local buffer overflow vulnerabilities. It is reported that these vulnerabilities are not exploitable to execute arbitrary code.

However, although unconfirmed, due to the nature of these vulnerabilities, the issue may be exploitable in order to execute arbitrary code on certain platforms or when certain compilers are used.

40. FreeS/WAN X.509 Patch Certificate Verification Vulnerability
BugTraq ID: 10611
Remote: Yes
Date Published: Jun 25 2004
Relevant URL: http://www.securityfocus.com/bid/10611
Summary:
FreeS/WAN X.509 patch is reported susceptible to a certificate verification vulnerability.

When the vulnerable implementation is negotiating an IPSec connection using PKCS#7 wrapped X.509 certificates, it can be fooled into authenticating fake certificates.

If an attacker crafts a Certificate Authority (CA) certificate and a user certificate with identical subjects, they can reportedly be improperly authenticated by FreeS/WAN.

Using this vulnerability, an attacker could potentially successfully authenticate to a FreeS/WAN VPN server. Further attacks on machines now accessible to the attacker are likely possible.

**Update: This vulnerability was previously thought to exist in the FreeS/WAN application, however, new information suggests that the issue is present in the X.509 patch for the application.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Gates Defends Microsoft Patch Efforts
By: Patrick Gray

Microsoft chairman downplays the role that unpatched vulnerabilities played in last week's Russian hack attacks.
http://www.securityfocus.com/news/9004

2. Wi-fi hopper guilty of cyber-extortion
By: Kevin Poulsen

FBI agents initially traced threats to a suburban dentist's office, and other spots with unsecured wireless networks.

http://www.securityfocus.com/news/8991

3. Feds urge secrecy over network outages
By: Kevin Poulsen

The Department of Homeland Security wants details of major service outages kept out of the public eye.
http://www.securityfocus.com/news/8966

4. CERT recommends anything but IE
By: John Oates, The Register

US CERT (the US Computer Emergency Readiness Team), is advising people to ditch Internet Explorer and use a different browser after the latest security vulnerability in the software was exposed.

http://www.securityfocus.com/news/8998

5. Web infection may be aimed at stealing financial data
By: Anick Jesdanun, The Associated Press

http://www.securityfocus.com/news/8983

6. Infectious Web sites attack through Microsoft browser
By: Ted Bridis, The Associated Press

http://www.securityfocus.com/news/8982

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. DumpSIS.pl 0.81
By: Jimmy Shah
Relevant URL: http://www.geocities.com/jfldars/DumpSIS.zip
Platforms: Perl (any system supporting perl)
Summary:

Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files.

It has been field tested by various Antivirus researchers, who used it to help analyze the the recent Symbian Carib Worm.

2. CifsPwScanner 1.0.3
By: Patrik Karlsson
Relevant URL: http://www.cqure.net/tools/cifspwscan-bin-1_0_3.tar.gz
Platforms: Java
Summary:

A CIFS/SMB password scanner based on the jcifs implementation. The scanner and jcifs are both 100% pure java, making it possible to run the scanner on a few different platforms.

3. Wasabi 0.2
By: Andrea Barisani
Relevant URL: http://www.gentoo.org/proj/en/infrastructure/wasabi
Platforms: Perl (any system supporting perl)
Summary:

Wasabi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients.

Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Additionally, uninteresting fields in the log lines (such as PID numbers) can be masked with the standard regular ex

4. Athena 1.0
By: Steve Lord
Relevant URL: http://www.buyukada.co.uk/projects/athena/
Platforms: Windows 2000, Windows XP
Summary:

Athena is a search engine query tool designed to help find information leakage vulnerabilties using 'googledork' strings. Athena uses an extensible configuration format that supports multiple search engines (Yahoo and Google included). Athena is designed with ease of use in mind and a full illustrated manual is included featuring a full walkthrough.

5. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:

Running from cron at a specified interval SnortNotify will search a snort database for new alerts. If new alerts match a pre configured priority level, an email will be sent to the contact. The email will include Sensor name, the signaturename, and the timestamp.

6. CryptoHeaven v2.4.0
By: Marcin Kurzawa
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.

V. SECURITYJOBS LIST SUMMARY
----------------------------
1. Large e-commerce company seeks Manager, Information ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367356

2. Senior Security Architect - Atlanta, GA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367327

3. Applications Security Specialist - NYC (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367242

4. QA Test Engineer Silicon Valley (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367240

5. Senior RACF Security Analyst - Indianapolis (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367236

6. Applications Security Developer - NYC (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367232

7. Identity / Access Management Consultants - NY, IL, D... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367231

8. Channel Sales Executive Need (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367230

9. Director Quality Assurance Silicon Valley (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367228

10. Sales Engineer / Trainer Need - Channels (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367227

11. Information Security Engineer Needed Immediately!!! ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367226

12. SALES ENGINEER - New Jersey (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367222

13. Seeking Summer Internship - Long Island, NY (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367221

14. Application Security Consultant, Financial Services ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367220

15. TOP UK SECURITY MOD ROLE - CONTRACT AND PERM! GREAT ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367218

16. (Federal) Sales Engineer - D.C. Metro Area (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367215

17. Marketing Program Manager - San Francisco (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367214

18. Technical IT Security Consultants, Houston, TX (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367211

19. (job offered) Security Technology Implementation Con... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367106

20. Security Consultant (Chicago and DC) (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367083

21. Vice President Sales (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367075

22. (job offered) Sr. SMS Consultants with security expe... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367068

23. CISSP ISO 17799 Auditors Needed (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367066

24. Inside Sales Represenatives (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367051

25. sales engineer with development/programming experien... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/367005

26. IT Security Administrator, London, UK (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366960

27. Security Marketing Consultant (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366953

28. security analyst-Virginia (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366949

29. Senior Security Architect/Consultant contract positi... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366948

30. IDS Engineers - Immediate Need (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366947

31. Technical SE - DC Area (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366942

32. Operations Security Analyst vacnacy based in London ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366939

33. Information Security Manger vacancy (3 month contrac... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366938

34. Consulting and training opportunities at @stake (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366918

35. VOIP Security Research & Development - Austin TX (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366907

36. Operations Security Manager vacancy London UK (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366902

37. Spammers @ Igxglobal.com (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366854

38. SE - Metro DC Area (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366736

39. Compliance Manager (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/366724

VI. INCIDENTS LIST SUMMARY
--------------------------
1. Scob infection statistics, etc.. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/367378

2. Symantec DeepSight Threat Management System Analysis... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/367128

VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
NO NEW POSTS FOR THE WEEK 2004-06-22 to 2004-06-29.

VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Consumer Security Web Site (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/367370

2. Article Announcement: Redmond's Butterfly Effect (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/367361

3. [news] Consumer Security Web Site (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/367326

4. Problem with patches after import the Windows 2003 b... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/366904

5. SecurityFocus Microsoft Newsletter #194 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/366852

IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2004-06-22 to 2004-06-29.

X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Error installing Clamav? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/367372

2. Counting p2p traffic. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/367366

3. just running tcpdump makes promisc mode? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/367305

4. Close ports 137 and 138 samba server? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/367161

XI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XII. SPONSOR INFORMATION
-----------------------

This issue sponsored by: FaceTime

Free Webinar! Enterprise IM: How IT Managers Can Survive.

Featured Speaker: Nate Root, Senior Analyst, Forrester Research. IT
directors and security managers will gain new insights to balance
compliance and security risks. Highlights an integrated solution from
FaceTime Communications and MSN Messenger Connect for Enterprises. Ideal
for financial services, healthcare, energy companies and other regulated
organizations.

View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_sf-news_040629

------------------------------------------------------------------------

1 Comments:

  • A good deal doesn't usually mean the most affordable one. ' Most
    leasing companies have tie-ups with good garage and maintenance services and these
    benefits are passed on to the customer. If a dealer tells
    you that it is not or unwilling to do so… they are plenty of other vehicles and dealers that offer and
    will.

    my web blog: Business Car Leasing

    By Anonymous Anonymous, at March 18, 2013 at 10:27 AM  

Post a Comment

<< Home


Get Firefox!