Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #290
------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Do We Need a New SPIM Law?
     2. Apache 2 with SSL/TLS: Step-by-Step, Part 3
     3. Changing the Notification Process
II. BUGTRAQ SUMMARY
     1. Thomson TCW690 Cable Modem Multiple Vulnerabilities
     2. ZeroBoard Multiple Cross-Site Scripting Vulnerabilities
     3. PMachine Pro Remote File Include Vulnerability
     4. Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
     5. Knox Arkeia Network Backup Agent Remote Unauthorized Access ...
     6. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
     7. Microsoft Internet Explorer Pop-up Window Title Bar Spoofing...
     8. Bontago Game Server Remote Nickname Buffer Overrun Vulnerabi...
     9. UIM LibUIM Environment Variables Privilege Escalation Weakne...
     10. Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnera...
     11. Xinkaa WEB Station Directory Traversal Vulnerability
     12. Invision Power Board SML Code Script Injection Vulnerability
     13. Mambo Open Source Tar.PHP Remote File Include Vulnerability
     14. SD Server Directory Traversal Vulnerability
     15. INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilit...
     16. PANews Remote PHP Script Code Execution Vulnerability
     17. Gigafast EE400-R Router Multiple Remote Vulnerabilities
     18. OpenConnect WebConnect Multiple Remote Vulnerabilities
     19. Information Resource Manager LDAP Authentication Unspecified...
     20. cURL / libcURL NTLM Authentication Buffer Overflow Vulnerabi...
     21. cURL / libcURL Kerberos Authentication Buffer Overflow Vulne...
     22. Verity Ultraseek Search Request Cross-Site Scripting Vulnera...
     23. PHPBB Multiple Remote Path Disclosure Vulnerabilities
     24. Apache Software Foundation Batik Squiggle Browser Access Val...
     25. Biz Mail Form Unauthorized Mail Relay Vulnerability
     26. PHPBB Arbitrary File Disclosure Vulnerability
     27. VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulne...
     28. PHPBB Arbitrary File Deletion Vulnerability
     29. Fallback-reboot Remote Denial of Service Vulnerability
     30. MediaWiki Multiple Unspecified Remote Vulnerabilities
     31. Mono Unicode Character Conversion Multiple Cross-Site Script...
     32. iGeneric iG Shop Multiple SQL Injection Vulnerabilities
     33. Winace UnAce ACE Archive Remote Directory Traversal Vulnerab...
     34. IBM Hardware Management Console Guided Setup Wizard Unauthor...
     35. Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vul...
     36. PBLang Bulletin Board System Search.PHP Cross-Site Scripting...
     37. ArGoSoft FTP Server Site Copy Shortcut File Upload Vulnerabi...
     38. PBLang Bulletin Board System PMPShow.PHP HTML Injection Vuln...
     39. PBLang Bulletin Board System PM.PHP HTML Injection Vulnerabi...
     40. ProZilla Initial Server Response Remote Client-Side Format S...
     41. TWiki Multiple Unspecified Remote Input Validation Vulnerabi...
     42. TWiki ImageGalleryPlugin Configuration Options Remote Arbitr...
     43. ELOG Web Logbook Attached Filename Remote Buffer Overflow Vu...
     44. ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities
     45. Microsoft Windows 2000 Group Policy Bypass Vulnerability
     46. Ginp File Disclosure Vulnerability
     47. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
     48. PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site S...
     49. PHPMyAdmin Multiple Local File Include Vulnerabilities
     50. OOApp Guestbook Multiple HTML Injection Vulnerabilities
     51. Cisco Application and Content Networking System Multiple Rem...
     52. Cyclades AlterPath Manager Multiple Remote Vulnerabilities
     53. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
     54. HP-UX FTP Server Unspecified Restricted File Access Vulnerab...
     55. PunBB Multiple Remote Input Validation Vulnerabilities
     56. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
     57. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
     58. Sun Solaris STFontServerD File Corruption Vulnerability
     59. DNA MKBold-MKItalic Remote Format String Vulnerability
     60. CubeCart Multiple Cross-Site Scripting Vulnerabilities
     61. Mozilla Suite Multiple Remote Vulnerabilities
     62. Gaim Remote Denial of Service Vulnerability
     63. BSMTPD Remote Arbitrary Command Execution Vulnerability
     64. CIS WebServer Remote Directory Traversal Vulnerability
     65. NoMachine NX Local X Server Authentication Bypass Vulnerabil...
     66. PHP4 Readfile Denial Of Service Vulnerability
     67. PBLang Bulletin Board System Remote PHP Script Injection Vul...
     68. Gaim File Download Denial of Service Vulnerability
     69. Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Feds square off with organized cyber crime
     2. WebTV 911 prankster guilty
     3. T-Mobile hacker pleads guilty
     4. Insecure indexing risk dissected
     5. Send-Safe spam tool gang evicted by MCI
     6. eBay provides a backdoor for phishers
IV. SECURITYFOCUS TOP 6 TOOLS
     1. Cisco Torch 0.1 alpha
     2. SafeLogon 2.0
     3. SafeSystem 1.5
     4. KSB - Kernel Socks Bouncer 2.6.10
     5. SQL column finder 0.1
     6. Secure Hive 1.0.0.1
V. SECURITYJOBS LIST SUMMARY
     1. [SJ-JOB] Forensics Engineer, London, GB (Thread)
     2. [SJ-JOB] Security Consultant, Riyadh, SA (Thread)
     3. [SJ-JOB] Security Engineer, Reston, US (Thread)
     4. [SJ-JOB] Manager, Information Security, Saint John, ... (Thread)
     5. [SJ-JOB] Auditor, Miami, US (Thread)
     6. [SJ-JOB] Security Engineer, Miami, US (Thread)
     7. [SJ-JOB] Security Architect, Mt. Laurel, US (Thread)
     8. [SJ-JOB] Security Engineer, Jersey City, US (Thread)
     9. [SJ-JOB] Sales Representative, Dallas, US (Thread)
     10. [SJ-JOB] Manager, Information Security, San Jose, US (Thread)
     11. [SJ-JOB] VP / Dir / Mgr engineering, San Jose, US (Thread)
     12. [SJ-JOB] Sr. Product Manager, SF, US (Thread)
     13. [SJ-JOB] Security Consultant, Roseville, US (Thread)
     14. [SJ-JOB] Application Security Engineer, Livingston, ... (Thread)
     15. [SJ-JOB] Sales Engineer, Tampa, US (Thread)
     16. [SJ-JOB] Sr. Security Engineer, Alexandria, US (Thread)
     17. [SJ-JOB] Manager, Information Security, Washington, ... (Thread)
     18. [SJ-JOB] Auditor, Stamford, US (Thread)
     19. [SJ-JOB] Security Architect, london, GB (Thread)
     20. [SJ-JOB] Developer, Los Altos, US (Thread)
     21. [SJ-JOB] Security Director, Sunnyvale, US (Thread)
     22. [SJ-JOB] Security Engineer, Mountain View, US (Thread)
     23. [SJ-JOB] Sr. Security Engineer, Dublin, IE (Thread)
     24. [SJ-JOB] Management, New York,, US (Thread)
     25. [SJ-JOB] Security Consultant, San Francisco, US (Thread)
     26. [SJ-JOB] Security Consultant, Toronto, CA (Thread)
     27. [SJ-JOB] Director of Privacy and Security, Chicago, ... (Thread)
     28. [SJ-JOB] Sr. Security Engineer, Belgium, Netherlands... (Thread)
     29. [SJ-JOB] Security Consultant, Rosh Ha'ain, IL (Thread)
     30. [SJ-JOB] Quality Assurance, Rosh Ha'ain, IL (Thread)
     31. [SJ-JOB] Sr. Security Engineer, Zurich, CH (Thread)
     32. [SJ-JOB] Developer, Rosh Ha'ain, IL (Thread)
     33. [SJ-JOB] Information Assurance Analyst, Arlington, U... (Thread)
     34. [SJ-JOB] Security Consultant, Stamford, US (Thread)
     35. [SJ-JOB] Technical Writer, Rosh Ha'ain, IL (Thread)
     36. [SJ-JOB] Developer, San Mateo, US (Thread)
     37. [SJ-JOB] Management, Chicago, US (Thread)
     38. [SJ-JOB] Compliance Officer, London, GB (Thread)
     39. [SJ-JOB] Auditor, Solihull, GB (Thread)
     40. [SJ-JOB] Application Security Engineer, Los Angeles,... (Thread)
     41. [SJ-JOB] Sales Representative, Lakewood, US (Thread)
     42. [SJ-JOB] Security Engineer, Basel, CH (Thread)
     43. [SJ-JOB] Application Security Architect, San Francis... (Thread)
     44. [SJ-JOB] Security Architect, Los Angeles, US (Thread)
     45. [SJ-JOB] Security Engineer, Gambrills, US (Thread)
     46. [SJ-JOB] Manager, Information Security, San Francisc... (Thread)
     47. [SJ-JOB] Management, Los Angeles, US (Thread)
     48. [SJ-JOB] Sales Engineer, London, GB (Thread)
     49. [SJ-JOB] Security Consultant, New York, US (Thread)
VI. INCIDENTS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2005-02-22 to 2005-03-01.
VII. VULN-DEV RESEARCH LIST SUMMARY
     1. WASC-Articles: 'The Insecure Indexing Vulnerability ... (Thread)
     2. Taking the control by abusing array index. (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
     1. Terminal Services - Domain Controller - Normal User (Thread)
     2. Computer accounts in NTFS permissions (Thread)
     3. Domain Controller Best Practice - Thanks! (Thread)
     4. Prohibit Folder Compression (Thread)
     5. Com+ permissions (Thread)
     6. Domain Controller Best Practice (Thread)
     7. SecurityFocus Microsoft Newsletter #229 (Thread)
IX. SUN FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2005-02-22 to 2005-03-01.
X. LINUX FOCUS LIST SUMMARY
     1. Samba vs NFS (Thread)
     2. RES: Samba vs NFS (Thread)
     3. [U] Re: Samba vs NFS (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Do We Need a New SPIM Law?
By Mark Rasch
Existing statutes may not be enough to crack down on Instant Messaging
spammers.
http://www.securityfocus.com/columnists/303

2. Apache 2 with SSL/TLS: Step-by-Step, Part 3
By Artur Maj
This article concludes our three part series dedicated to configuring
Apache 2.0 with SSL/TLS support, for maximum security and optimal
performance of SSL based e-commerce transactions.
http://www.securityfocus.com/infocus/1823

3. Changing the Notification Process
By Daniel Hanson
Developers have the opportunity to offer better vendor security procedures
and notifications in an open-source world.
http://www.securityfocus.com/columnists/302

II. BUGTRAQ SUMMARY
-------------------
1. Thomson TCW690 Cable Modem Multiple Vulnerabilities
BugTraq ID: 12595
Remote: Yes
Date Published: Feb 19 2005
Relevant URL: http://www.securityfocus.com/bid/12595
Summary:
Thomson TCW690 cable modem is reported prone to multiple remote vulnerabilities.
 These issues may allow an attacker to cause a denial of service condition
and/or gain unauthorized access to the device.

The following specific issues were identified:

The device is reported prone to a partial denial of service condition that
results from a boundary condition error.  Reportedly, a successful attack can
cause the device to fail to process requests for a limited period of time.  This
issue may be related to BID 9091 (Thomson Cable Modem Remote Denial Of Service
Vulnerability).

Another vulnerability affecting the modem can allow attackers to gain
unauthorized access to the device.  It is reported that the device does not
properly verify users' authentication credentials when handling an HTTP POST
request.

Thomson TCW690 with firmware version ST42.03.0a is reported vulnerable to these
issues.  It is possible that other versions are affected as well.

2. ZeroBoard Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12596
Remote: Yes
Date Published: Feb 19 2005
Relevant URL: http://www.securityfocus.com/bid/12596
Summary:
ZeroBoard is reported prone to multiple cross-site scripting vulnerabilities. 

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate theft of cookie-based
authentication credentials as well as other attacks. 

All versions of ZeroBoard are considered to be vulnerable at the moment.

3. PMachine Pro Remote File Include Vulnerability
BugTraq ID: 12597
Remote: Yes
Date Published: Feb 19 2005
Relevant URL: http://www.securityfocus.com/bid/12597
Summary:
PMachine Pro is reported prone to a remote file include vulnerability.

This issue affects the 'mail_autocheck.php' script.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This will
facilitate unauthorized access.

The latest version (2.4) of pMachine Pro is reported vulnerable.  It is possible
that other versions are affected as well.

4. Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
BugTraq ID: 12599
Remote: No
Date Published: Feb 19 2005
Relevant URL: http://www.securityfocus.com/bid/12599
Summary:
Red Hat Enterprise Linux kernel is reported prone to multiple vulnerabilities. 
These issues may allow local attackers to carry out denial of service attacks
and gain elevated privileges.

The following specific issues were identified: 

The Red Hat Enterprise Linux kernel is reported prone to two local denial of
service vulnerabilities.

Another issue affecting the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
patch can allow local attackers to read and write to arbitrary kernel memory.

These issues are reported to affect the Red Hat Enterprise Linux 4 kernel.

Due to lack of details, further information is not available at the moment. This
BID will be updated when more information becomes available.

5. Knox Arkeia Network Backup Agent Remote Unauthorized Access ...
BugTraq ID: 12600
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12600
Summary:
Knox Arkeia Network Backup is reported prone to a remote unauthorized access
vulnerability.

It is reported that an agent service is installed by both the Arkeia client and
server software.

Reports indicate that authentication is not required in order to connect to the
affected agent software. A remote attacker may connect to the affected service
to initiate backup and restore requests in order to read and write arbitrary
files.

6. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 12601
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12601
Summary:
PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow
vulnerabilities. The following individual issues are reported:

The first reported vulnerability, an integer overflow, exists in the
'fxp_readdir_recv()' function of the 'sftp.c' source file.

A remote malicious server may trigger this vulnerability in order to execute
arbitrary code in the context of the user that is running the affected client.
It should be noted that this vulnerability exists in a code path that is
executed after host key verification occurs, this may hinder exploitation.

The second issue, another integer overflow, is reported to exist in the
'sftp_pkt_getstring()' of the 'sftp.c' source file.

A remote malicious server may trigger this vulnerability in order to crash the
affected client or to potentially execute arbitrary code. It should be noted
that this vulnerability exists in a code path that is executed after host key
verification occurs, this may also hinder exploitation.

These vulnerabilities are reported to exist in versions of PSFTP and PSCP prior
to version 0.57.

7. Microsoft Internet Explorer Pop-up Window Title Bar Spoofing...
BugTraq ID: 12602
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12602
Summary:
Internet Explorer is reported prone to a pop-up window title bar spoofing
weakness. 

The weakness is reported to exist due to a flaw that manifests in
script-initiated pop-up windows.

This issue may be leveraged by an attacker to display false URI information in
the title bar of an Internet Explorer pop-up dialog window. This may facilitate
phishing style attacks; other attacks may also be possible.

8. Bontago Game Server Remote Nickname Buffer Overrun Vulnerabi...
BugTraq ID: 12603
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12603
Summary:
The Bontago game server is reported to be affected by a remote buffer overrun
vulnerability. The issue is reported to exist due to a lack of sufficient
boundary checks performed on client-supplied 'nickname' values.

It is conjectured that a remote attacker may exploit this vulnerability to
influence execution flow of a target game server and have arbitrary supplied
instructions executed in the context of the affected process.

This vulnerability is reported to exist in Bontago versions up to an including
version 1.1.

9. UIM LibUIM Environment Variables Privilege Escalation Weakne...
BugTraq ID: 12604
Remote: No
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12604
Summary:
Uim is reported prone to an privilege escalation weakness. It is reported that
the Uim library will always trust user-supplied environment variables, and that
this may be exploited in circumstances where the Uim library is linked to a
setuid/setgid application.

An attacker that has local interactive to a system that has a vulnerable
application installed may potentially exploit this weakness to escalate
privileges.

10. Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnera...
BugTraq ID: 12605
Remote: No
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12605
Summary:
An arbitrary file corruption vulnerability is reported to exist in the
kcms_configure utility. This issue is due to a design error that may allow an
attacker to specify a file to be written to by a set user ID 'root' script that
is included in the affected software.

An attacker may exploit this vulnerability to corrupt arbitrary files leading to
a denial of service or potentially an escalation of privileges.

11. Xinkaa WEB Station Directory Traversal Vulnerability
BugTraq ID: 12606
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12606
Summary:
A vulnerability has been identified in the handling of certain types of requests
by Xinkaa WEB Station.  Because of this, it is possible for an attacker to gain
access to potentially sensitive system files.

Read privileges granted to these files would be restricted by the permissions of
the web server process.

12. Invision Power Board SML Code Script Injection Vulnerability
BugTraq ID: 12607
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12607
Summary:
Invision Power Board is reported prone to a JavaScript injection vulnerability.
It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of
malicious script content. 

Since this could permit an attacker to inject hostile JavaScript into the forum
system, it is possible to steal cookie credentials or misrepresent site content.

This vulnerability is reported to affect Invision Power Board version 1.3.1;
previous versions might also be affected.

13. Mambo Open Source Tar.PHP Remote File Include Vulnerability
BugTraq ID: 12608
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12608
Summary:
It is reported that Mambo Open Source is affected by a remote PHP file include
vulnerability.  This issue is due in part to the application failing to properly
sanitize user-supplied input to the 'Tar.php' script. 

Remote attackers could potentially exploit this issue to include a remote
malicious PHP script, which will be executed in the context of the Web server
hosting the vulnerable software.

This issue reportedly affects Mambo Open Source version 4.5.2 and earlier.

14. SD Server Directory Traversal Vulnerability
BugTraq ID: 12609
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12609
Summary:
A vulnerability has been identified in the handling of certain types of requests
by SD Server.  Because of this, it is possible for an attacker to gain access to
potentially sensitive system files.

Read privileges granted to these files would be restricted by the permissions of
the web server process.

15. INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilit...
BugTraq ID: 12610
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12610
Summary:
It is reported that Ulog-php is susceptible to multiple unspecified SQL
injection vulnerabilities. These issues are due to a failure of the application
to properly sanitize user-supplied input before using it in an SQL query. 

Successful exploitation could result in compromise of the application,
disclosure or modification of data or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. 

Versions prior to 1.0 are reported to be affected.

16. PANews Remote PHP Script Code Execution Vulnerability
BugTraq ID: 12611
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12611
Summary:
PaNews is reported prone to a remote PHP script code execution vulnerability. It
is reported that PHP script code may be injected into the PaNews software
through the 'showcopy' parameter of the 'admin_setup.php' script.

Reports indicate that when malicious script code is injected, this code can then
be forced to execute in the context of the web service that is hosting the
affected software.

This vulnerability is reported to affect PaNews version 2.0b4, other versions
might also be affected.

17. Gigafast EE400-R Router Multiple Remote Vulnerabilities
BugTraq ID: 12612
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12612
Summary:
Multiple vulnerabilities are reported to affect the Gigafast EE400-R router. The
following individual vulnerabilities are reported:

An information disclosure vulnerability is reported to affect the router. It is
reported that an authentication interface exists on the appliance, but a direct
request for a backup configuration file is permitted without requiring
authentication.

Information that is harvested by exploiting this vulnerability may be used to
aid in further attacks that are launched against the target appliance.

A remote denial of service vulnerability is reported to affect the Gigafast
router. It is reported that when the certain functionality is enabled the
affected router, the router will crash when a malformed DNS query is handled.

A remote attacker may exploit this vulnerability to deny network services for
legitimate users.

18. OpenConnect WebConnect Multiple Remote Vulnerabilities
BugTraq ID: 12613
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12613
Summary:
OpenConnect WebConnect is reported prone to multiple vulnerabilities. The
following individual issues are reported:

WebConnect is reported prone to a remote denial of service vulnerability.

A remote attacker may exploit this vulnerability to crash the WebConnect
software and deny service for legitimate users.

A directory traversal vulnerability is also reported to affect WebConnect. This
issue is reported to exist due to a lack of sufficient sanitization performed on
a user-supplied URI parameter that is passed to the 'jretest.html' script.

A remote attacker may exploit this vulnerability to disclose the contents of
server readable files.

19. Information Resource Manager LDAP Authentication Unspecified...
BugTraq ID: 12614
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12614
Summary:
IRM (Information Resource Manager) is reported prone to an unspecified
vulnerability that exists in the LDAP login code of the software. The
implications of this vulnerability are not known, however the vendor advises
that a security update be applied.

20. cURL / libcURL NTLM Authentication Buffer Overflow Vulnerabi...
BugTraq ID: 12615
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12615
Summary:
It has been reported that cURL and libcURL are vulnerable to a remotely
exploitable stack-based buffer overflow vulnerability.  The cURL and libcURL
NTML response processing code fails to ensure that a buffer overflow cannot
occur when response data is decoded.

The overflow occurs in the stack region, and remote code execution is possible
if the saved instruction pointer is overwritten with a pointer to embedded
instructions.

21. cURL / libcURL Kerberos Authentication Buffer Overflow Vulne...
BugTraq ID: 12616
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12616
Summary:
It has been reported that cURL and libcURL are vulnerable to a remotely
exploitable stack-based buffer overflow vulnerability.  The cURL and libcURL
Kerberos authentication code fails to ensure that a buffer overflow cannot occur
when server response data is decoded.

The overflow occurs in the stack region, and remote code execution is possible
if the saved instruction pointer is overwritten with a pointer to embedded
instructions.

22. Verity Ultraseek Search Request Cross-Site Scripting Vulnera...
BugTraq ID: 12617
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12617
Summary:
A cross-site scripting vulnerability reportedly affects Verity Ultraseek. This
issue is due to a failure of the application to properly sanitize user-supplied
input prior to including it in dynamically generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

23. PHPBB Multiple Remote Path Disclosure Vulnerabilities
BugTraq ID: 12618
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12618
Summary:
phpBB is affected by multiple remote vulnerabilities.

The vendor has released phpBB 2.0.12 to address multiple path disclosure
vulnerabilities affecting prior versions.  These issues can allow an attacker to
disclose sensitive data that may be used to launch further attacks against a
vulnerable computer.  

Due to a lack of details, further information is not available at the moment. 
It is possible that some of these issues were previously identified in other
BIDS.  This is not confirmed at the moment.  This BID will be updated when more
information becomes available.

24. Apache Software Foundation Batik Squiggle Browser Access Val...
BugTraq ID: 12619
Remote: No
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12619
Summary:
An access validation error affects Apache Software Foundation Batik Squiggle
Browser.  This issue is due to a failure of the affected application to properly
regulate access to sensitive system resources.

An attacker may leverage this issue to gain unauthorized access to potentially
sensitive system resources such as the files system.  Other attacks may also be
possible.

25. Biz Mail Form Unauthorized Mail Relay Vulnerability
BugTraq ID: 12620
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12620
Summary:
Biz Mail Form is prone to a vulnerability that allows the application to be
abused as a mail relay.

An attacker can exploit this issue to inject arbitrary SMTP headers by using CR
and LF sequences.  

If successful, it becomes possible to abuse the application as a mail relay.
Email may be sent to arbitrary computers. This could be exploited by spammers or
other malicious parties. 

Update:  It is reported that the update to address this issue (Biz Mail Form
2.2) is vulnerable to this issue as well.  The affected version is being added
as a vulnerable package and the fixes are being removed.

26. PHPBB Arbitrary File Disclosure Vulnerability
BugTraq ID: 12621
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12621
Summary:
phpBB is affected by an arbitrary file disclosure vulnerability.  This issue
arises due to an input validation error allowing an attacker to disclose files
in the context of a Web server running the application.

This may allow the attacker to gain access to sensitive data that may be used to
carry out further attacks against a vulnerable computer.

A successful attack requires the attacker to have a user account and the
presence of some non-default settings allowing for the uploading of remote
avatars.


phpBB 2.0.11 and prior versions are affected by this issue.

27. VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulne...
BugTraq ID: 12622
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12622
Summary:
vBulletin is reported prone to an arbitrary PHP script code execution
vulnerability. The issue is reported to exist due to a lack of sufficient input
sanitization performed on user-supplied data before this data is included in a
dynamically generated script.

This vulnerability is reported to affect vBulletin board versions up to and
including 3.0.6 that are configured with 'Add Template Name in HTML Comments'
functionality enabled.

28. PHPBB Arbitrary File Deletion Vulnerability
BugTraq ID: 12623
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12623
Summary:
phpBB is affected by an arbitrary file deletion vulnerability.  This issue
arises due to an input validation error allowing an attacker to delete files in
the context of a Web server running the application

It is reported that this issue allows an attacker to influence calls to the
'unlink()' function and delete arbitrary files.  Due to a lack of input
validation, an attacker can supply directory traversal sequences followed by an
arbitrary file name through the 'avatarselect' return value to delete specific
files.

phpBB 2.0.11 and prior versions are affected by this issue.

29. Fallback-reboot Remote Denial of Service Vulnerability
BugTraq ID: 12624
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12624
Summary:
fallback-reboot is reported prone to a remote denial of service vulnerability.

A remote attacker may exploit this issue to cause the daemon to crash leading to
a denial of service condition.  This vulnerability does not affect the
underlying host computer.

fallback-reboot 0.96 and prior versions are affected by this issue.

30. MediaWiki Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 12625
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12625
Summary:
MediaWiki is reported prone to multiple remote vulnerabilities. The following
individual issues are reported:

An unspecified cross-site scripting vulnerability is reported to affect
MediaWiki.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.

An unspecified directory traversal vulnerability is reported to affect
MediaWiki. The issue is reported to exist in the site administration image
deletion functionality.

A privileged remote attacker may exploit this vulnerability to deny service for
legitimate users.

31. Mono Unicode Character Conversion Multiple Cross-Site Script...
BugTraq ID: 12626
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12626
Summary:
It is reported that Mono is prone to various cross-site scripting attacks. These
issues result from insufficient sanitization of user-supplied data and arise
when Mono converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. 

Mono 1.0.5 is reported vulnerable, however, other versions may be affected as
well.

This issue is related to BID 12574 (Microsoft ASP.NET Unicode Character
Conversion Multiple Cross-Site Scripting Vulnerabilities).

32. iGeneric iG Shop Multiple SQL Injection Vulnerabilities
BugTraq ID: 12627
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12627
Summary:
iGeneric iG Shop is reportedly affected by multiple SQL injection
vulnerabilities.  These issues exist because the application fails to properly
sanitize user-supplied input before using them in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

It is conjectured that all releases of iG Shop are affected by these
vulnerabilities; this has not been confirmed.

33. Winace UnAce ACE Archive Remote Directory Traversal Vulnerab...
BugTraq ID: 12628
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12628
Summary:
A remotely exploitable client-side directory traversal vulnerability affects
Winace UnAce.  This issue is due to a failure of the application to properly
sanitize file and directory names contained within malicious ACE format
archives.

An attacker may leverage this issue by distributing malicious ACE archives to
unsuspecting users.  This issue will allow an attacker to write files to
arbitrary locations on the file system with the privileges of an unsuspecting
user that extracts the malicious ACE archive.

34. IBM Hardware Management Console Guided Setup Wizard Unauthor...
BugTraq ID: 12629
Remote: No
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12629
Summary:
It is reported that a vulnerability affecting IBM Hardware Management Console
(HMC) allows local unauthorized users to launch the Guided Setup Wizard and
perform various tasks provided by the application.

IBM Hardware Management Console version 4.0 release 2.0 and above are considered
vulnerable to this issue.  Other versions may be affected as well.

This BID will be updated when more information becomes available.

35. Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vul...
BugTraq ID: 12630
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12630
Summary:
Multiple remotely exploitable client-side buffer overflow vulnerabilities
reportedly affect Winace UnAce. These issues are due to a failure of the
application to properly validate the length of user-supplied strings prior to
copying them into static process buffers.

An attacker may exploit these issues to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.

36. PBLang Bulletin Board System Search.PHP Cross-Site Scripting...
BugTraq ID: 12631
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12631
Summary:
PBLang is reportedly affected by a cross-site scripting vulnerability.  This
issue  exists because the application fails to properly sanitize user-supplied
input.

As a result of this vulnerability, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in the
browser of an unsuspecting user when followed. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

37. ArGoSoft FTP Server Site Copy Shortcut File Upload Vulnerabi...
BugTraq ID: 12632
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12632
Summary:
ArGoSoft FTP server is reported prone to a vulnerability that allows users to
upload shortcut (.lnk) files to the server. 

It is conjectured that this issue is related to BID 2961 (ArGoSoft FTP Server
.lnk Directory Traversal Vulnerability), which allows users with write
permission to any directory to create and upload a .lnk file that points to the
directory of their choice. 

ArGoSoft FTP server 1.4.2.7 and prior versions are reportedly affected by this
issue.

38. PBLang Bulletin Board System PMPShow.PHP HTML Injection Vuln...
BugTraq ID: 12633
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12633
Summary:
PBLang is reportedly affected by a HTML injection vulnerability.  This issue
exists because the application fails to properly sanitize user-supplied input.

The attacker-supplied HTML and script code would be able to access properties of
the site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user. Other attacks are also possible.

This issue was reported to affect PBLang 4.65; earlier versions may also be
vulnerable.

39. PBLang Bulletin Board System PM.PHP HTML Injection Vulnerabi...
BugTraq ID: 12634
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12634
Summary:
PBLang is affected by a HTML injection vulnerability.  This issue occurs because
the application fails to properly sanitize user-supplied input.

The attacker-supplied HTML and script code would be able to access properties of
the site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user, other attacks are also possible.

40. ProZilla Initial Server Response Remote Client-Side Format S...
BugTraq ID: 12635
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12635
Summary:
A remote client-side format string vulnerability is reported to exist in
ProZilla. This issue is due to a failure of the application to properly
implement a formatted string function. The format string vulnerability manifests
when the affected application is handling initial server responses that contain
format string specifiers.

An attacker may leverage this issue to execute arbitrary code on an affected
computer with the privileges of an unsuspecting user that activated the
vulnerable application.

Prozilla versions up to an including version 1.3.7.3 are reported prone to this
vulnerability.

41. TWiki Multiple Unspecified Remote Input Validation Vulnerabi...
BugTraq ID: 12637
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12637
Summary:
Multiple unspecified input validation vulnerabilities reportedly affect TWiki. 
These issues are due to a failure of the application to sanitize user-supplied
input prior to using it to carry out critical functionality.

An attacker may execute arbitrary commands, potentially facilitating a
compromise of the host computer, by leveraging these issues.  Any command
execution would take place with the privileges of the affected process.  Other
attacks may also be possible.

42. TWiki ImageGalleryPlugin Configuration Options Remote Arbitr...
BugTraq ID: 12638
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12638
Summary:
A remote command execution vulnerability affects the ImageGalleryPlugin of
Twiki.  This issue is due to a failure of the application to properly validate
user access to sensitive configuration options.

An attacker may execute arbitrary commands, potentially compromising the host
computer, by leveraging this issue.

43. ELOG Web Logbook Attached Filename Remote Buffer Overflow Vu...
BugTraq ID: 12639
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12639
Summary:
ELOG Web Logbook is prone to a remote buffer overflow vulnerability. The
vulnerability is reported to exist due to a lack of sufficient boundary checks
performed on user-supplied data.

A remote attacker that can authenticate to the affected daemon may leverage this
issue to execute arbitrary instructions in the context of the affected daemon.

This vulnerability is reported to affect ELOG versions up to and including
version 2.5.6.

44. ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities
BugTraq ID: 12640
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12640
Summary:
ELOG Web Logbook is reported prone to multiple vulnerabilities. The following
individual issues are reported:

ELOG Web Logbook is reported prone to two remote heap-based buffer overflow
vulnerabilities. It is reported that the overflows may be leveraged remotely to
have arbitrary code executed in the context of the affected daemon.

A directory traversal vulnerability is also reported to affect ELOG Web Logbook;
again, the details of this issue are not specified. It is conjectured that this
issue may be exploited by a remote attacker to disclose sensitive information.

These vulnerabilities are reported to exist in ELOG versions up to and including
version 2.5.6. Other versions might also be affected.

45. Microsoft Windows 2000 Group Policy Bypass Vulnerability
BugTraq ID: 12641
Remote: No
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12641
Summary:
A vulnerability exists in the way Microsoft Windows 2000 group policies are
enforced. It is reported that drive access restrictions may be bypassed using
applications and services that are not listed as being restricted in the drive
access group policy.

This vulnerability may be leveraged using Microsoft Office XP SP3 applications.
Additionally it is reported that Windows functionality provided to allow
browsing of Flash memory drives may also be applied to leverage this issue.

46. Ginp File Disclosure Vulnerability
BugTraq ID: 12642
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12642
Summary:
ginp is prone to a vulnerability that may permit remote attackers to gain
unauthorized access to files on the computer hosting the software.  Files that
are readable by the Web server process may be accessed through directory
traversal sequences.

This may result in sensitive information being disclosed to remote attackers.

47. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
BugTraq ID: 12643
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12643
Summary:
The Trend Micro VSAPI scan engine library is prone to a heap-based buffer
overflow vulnerability.  This vulnerability may be triggered when the library
processes a malformed ARJ archive.

The vulnerability affects multiple Trend Micro products.  It is also noted that
multiple attack vectors exist, as affected software may scan ARJ files in email
attachments, and through various file transfer protocols.

48. PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site S...
BugTraq ID: 12644
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12644
Summary:
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamically generated Web content.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

49. PHPMyAdmin Multiple Local File Include Vulnerabilities
BugTraq ID: 12645
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12645
Summary:
phpMyAdmin is affected by multiple local file include vulnerabilities. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it in a PHP 'include()', 'require()',
'require-once()', or similar function call.

An attacker may leverage these issues to execute arbitrary server-side script
code that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.

It should be noted that these issues may also be leveraged to read arbitrary
file on an affected computer with the privileges of the Web server.

50. OOApp Guestbook Multiple HTML Injection Vulnerabilities
BugTraq ID: 12647
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12647
Summary:
OOApp Guestbook is reportedly affected by multiple HTML injection
vulnerabilities.  These issues occur because the application fails to properly
sanitize user-supplied input.

The attacker-supplied HTML and script code would be able to access properties of
the site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user, other attacks are also possible.

51. Cisco Application and Content Networking System Multiple Rem...
BugTraq ID: 12648
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12648
Summary:
Multiple remote vulnerabilities affect Cisco Application and Content Networking
System (ACNS).  This issue is due to a failure of the affected software to
properly handle malformed network data.

Specifically, multiple denial of service vulnerabilities and a single default
administrator password issues were reported.

An attacker may leverage these issues to trigger a denial of service condition
in affected devices or on the network segment that they reside on.  The default
password issue may allow an unauthorized user to gain administrator access to an
affected device.

52. Cyclades AlterPath Manager Multiple Remote Vulnerabilities
BugTraq ID: 12649
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12649
Summary:
Cyclades AlterPath Manager is a network device designed to facilitate remote
administration of all network-accessible infrastructure resources.

Multiple remote vulnerabilities affect Cyclades AlterPath Manager.  These issues
are due to various design errors that affect the overall security of the
vulnerable device.

The first issue is an information disclosure issue.  The second would allow
unauthorized access to restricted console resources.  Finally the third issue
will facilitate privilege escalation.

An attacker may leverage these issues to gain unauthorized access to
network-based resources, to gain escalated privileges and to gain access to
potentially sensitive information.

53. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
BugTraq ID: 12650
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12650
Summary:
A remote denial of service vulnerability affects Raven Software Soldier Of
Fortune 2.  This issue is due to a failure of the application to handle
excessively long values derived from network data.

An attacker may leverage this issue to cause an affected server to crash,
denying service to legitimate users.

54. HP-UX FTP Server Unspecified Restricted File Access Vulnerab...
BugTraq ID: 12651
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12651
Summary:
It is reported that the FTP server included with HP-UX is prone to an
unspecified vulnerability that may be leveraged by authenticated users to access
restricted files.

A remote attacker that can authenticate to the affected service may exploit this
vulnerability to access restricted files.

55. PunBB Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 12652
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12652
Summary:
Multiple remote input validation vulnerabilities affect PunBB.  These issues are
due to a failure of the application to sanitize user-supplied input prior to
using it to carry out critical functions.

The first issue is an SQL injection issue in the 'register.php' script. The
second issue is an SQL injection issue in the 'moderate.php' script. A third SQL
injection issue exists in the 'profile.php' script.  Finally an access
validation issue affects the 'profile.php' script.  

An attacker may leverage these issues to have arbitrary SQL queries executed
against the database; this may facilitate data corruption or manipulation. 
Furthermore one of these issues may be leveraged to trigger a denial of service
condition against current user by setting their passwords to a NULL value.

56. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
BugTraq ID: 12653
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12653
Summary:
phpWebSite is reported prone to a remote arbitrary PHP file upload
vulnerability. The issue presents itself due to a lack of sanitization performed
on image files that are uploaded when submitting an announcement.

A remote attacker may exploit this condition to execute arbitrary PHP code in
the context of the hosting web server process.

This vulnerability is reported to affect phpWebSite versions up to an including
version 0.10.0.

57. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
BugTraq ID: 12655
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12655
Summary:
Reportedly a remote code execution vulnerability affects Mozilla Firefox.  This
issue is due to a failure of the application to properly restrict the access
rights of Web content.

An attacker may leverage this issue to compromise security of the affected
browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is
possible to execute arbitrary code.

It should be noted that although only version 1.0 is reported vulnerable, other
versions may be vulnerable as well.

58. Sun Solaris STFontServerD File Corruption Vulnerability
BugTraq ID: 12656
Remote: No
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12656
Summary:
Sun Solaris Standard Type Services Framework Font Server Daemon (stfontserverd)
is prone to a local vulnerability that may result in arbitrary files being
overwritten or deleted.

The vendor has stated that this could cause a denial of service condition.

The vulnerability only affects Solaris 9.0 releases.

59. DNA MKBold-MKItalic Remote Format String Vulnerability
BugTraq ID: 12657
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12657
Summary:
A remote, client-side format string vulnerability reportedly affects DNA
mkbold-mkitalic.  This issue is due to a failure of the application to securely
implement a formatted printing function.

An attacker may leverage this issue to have arbitrary code executed with the
privileges of an unsuspecting user that processes a malicious BDF format font
file.

60. CubeCart Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12658
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12658
Summary:
CubeCart is affected by multiple cross-site scripting vulnerabilities; an
upgrade is available.  

These issues exist because the application fails to properly sanitize
user-supplied input.

As a result of these vulnerabilities, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in the
browser of an unsuspecting user when followed. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

61. Mozilla Suite Multiple Remote Vulnerabilities
BugTraq ID: 12659
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12659
Summary:
Multiple remote vulnerabilities affect Mozilla Suite, Firefox, and Thunderbird. 
The following text outlines the issues that have been disclosed.

Mozilla Foundation Security Advisory 2005-28 reports an insecure temporary
directory creation vulnerability affecting the plugin functionality. A dialog
box spoofing vulnerability is disclosed in Mozilla Foundation Security Advisory
2005-22. A '.lnk' link file arbitrary file overwrite vulnerability is reported
in Mozilla Foundation Security Advisory 2005-21. Mozilla Foundation Security
Advisory 2005-20 outlines an XSLT stylesheet information disclosure
vulnerability. Mozilla Foundation Security Advisory 2005-19 outlines an
information disclosure issue affecting the form auto-complete functionality. A
buffer overflow vulnerability is disclosed in Mozilla Foundation Security
Advisory 2005-18. Mozilla Foundation Security Advisory 2005-17 outlines an
installation confirmation dialog box spoofing vulnerability. A heap overflow
vulnerability in UTF8 encoding is outlined in Mozilla Foundation Security
Advisory 2005-15.  Finally multiple SSL 'secure site' lock icon indicator
spoofing vulnerabilities are outlined in Mozilla Foundation Security Advisory
2005-15. 

An attacker may leverage these issues to spoof dialog boxes, SSL 'secure site'
icons, carry out symbolic link attacks, execute arbitrary code, and disclose
potentially sensitive information.

Please note that this BID will be separated into individual BIDs as soon as
further research into each of the vulnerabilities is completed. At that time
this BID will be retired.

62. Gaim Remote Denial of Service Vulnerability
BugTraq ID: 12660
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12660
Summary:
Gaim is affected by a remote denial of service vulnerability.  This issue can
allow remote attackers to crash an affected client.

A vulnerability in the client arises during the parsing of malformed HTML data. 
This issue is nearly identical to that reported in BID 12589 but is a separate
issue.

Gaim versions prior to 1.1.4 are affected by this issue.

63. BSMTPD Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 12661
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12661
Summary:
The bsmtpd daemon is reported prone to a remote arbitrary command execution
vulnerability.

A remote attacker may exploit his condition to execute arbitrary shell commands
in the context of the affected bsmtpd daemon.

64. CIS WebServer Remote Directory Traversal Vulnerability
BugTraq ID: 12662
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12662
Summary:
A vulnerability has been identified in the handling of certain types of requests
by CIS WebServer.  Because of this, it is possible for an attacker to gain
access to potentially sensitive system files.

The problem is in the handling of directory traversal strings.  This issue could
be exploited to gain read access to files on a host using the vulnerable
software.

65. NoMachine NX Local X Server Authentication Bypass Vulnerabil...
BugTraq ID: 12663
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12663
Summary:
NoMachine NX is prone to a vulnerability that may local users to bypass X server
authentication.  The vulnerability presents itself when the XAUTHORITY
environment variable is not set.

This issue has been reported to affect NoMachine NX Server and derivatives
including FreeNX Server.

66. PHP4 Readfile Denial Of Service Vulnerability
BugTraq ID: 12665
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12665
Summary:
PHP4 is reported prone to a denial of service vulnerability. It is reported that
the PHP 'readfile()' function may be utilized to trigger this issue.

An attacker that has access to a PHP enabled web host may exploit this
vulnerability to crash the HTTP server that is incorporating the vulnerable PHP
module.

67. PBLang Bulletin Board System Remote PHP Script Injection Vul...
BugTraq ID: 12666
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12666
Summary:
A remote PHP script injection vulnerability affects PBLang. This issue is due to
a failure of the application to sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary PHP script code in the
context of an affected Web server.  This will facilitate a compromise of the
host computer.

68. Gaim File Download Denial of Service Vulnerability
BugTraq ID: 12667
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12667
Summary:
Gaim is affected by a denial of service vulnerability during the download of a
file.  This issue can allow remote attackers to cause an affected client to
fail.

A vulnerablity in the client arises when it tries to download a file with
bracket characters '(' ')' in the file name.

Gaim version 1.1.3 is reported to be affected by this vulnerability; other
versions may also be vulnerable.

69. Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
BugTraq ID: 12668
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12668
Summary:
cmd5checkpw is reported prone to a vulnerability that can result in the
disclosure of the '/etc/poppasswd' file.

A local user that has knowledge of one of the username/password combinations
stored in the '/etc/poppasswd' file may exploit this vulnerability to disclose
the contents of the 'poppasswd' file.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Feds square off with organized cyber crime
By: Kevin Poulsen

Law enforcement sees undercover operations as a key to unraveling sophisticated
alliances between computer intruders and fraud artists.
http://www.securityfocus.com/news/10525

2. WebTV 911 prankster guilty
By: Kevin Poulsen

Louisiana man cops to endangering public safety by sending out a malicious
script that made set-top boxes call the police.

http://www.securityfocus.com/news/10523

3. T-Mobile hacker pleads guilty
By: Kevin Poulsen

The wireless company says it's still investigating an intrusion that compromised
customer records, e-mail and stored files over the course of a year.

http://www.securityfocus.com/news/10516

4. Insecure indexing risk dissected
By: John Leyden, The Register

It's embarrassing when future PR items, upcoming security advisories or
boilerplates for obituaries that are not meant to be visible to external users
drift into the public domain.
http://www.securityfocus.com/news/10577

5. Send-Safe spam tool gang evicted by MCI
By: John Leyden, The Register

US telco MCI Worldcom has caved in to mounting pressure and booted a site that
sells spamming software off its network.
http://www.securityfocus.com/news/10576

6. eBay provides a backdoor for phishers
By: John Leyden, The Register

Phishers are exploiting a redirection script on eBay's site to make fraudulent
emails look more convincing.
http://www.securityfocus.com/news/10569

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Cisco Torch 0.1 alpha
By: Arhont Team
Relevant URL: http://www.arhont.com/cisco-torch.tar.bz2
Platforms: Perl (any system supporting perl)
Summary: 

A fast mass scanning and application layer fingerprinting tool for Cisco devices
written while working on "Hacking Exposed: Cisco Networks" book. Supports telnet
and SSH bruteforcing as well as Cisco management webserver exploitation. More
features would be added soon - see TODO.

2. SafeLogon 2.0
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/slogon/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary: 

SafeLogon is a multi-user and password-based access control utility that
enhances and complements the Windows built-in logon and authentication system.
In other words, SafeLogon allows you to protect your system at home and office
from unauthorized access.

SafeLogon is fully configurable and allows its Administrator to:

- Restrict access to Windows to certain users, optionally controlling the days
of the week and the time of the day the user is allowed to log on and

3. SafeSystem 1.5
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/safesystem/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary: 

SafeSystem is a security program that allows you to prevent access to your
personal and important files and folders, as well as protect and guarantee the
integrity and well functioning of your system. SafeSystem can make your files
and folders completely invisible, inaccessible or simply read-only. Furthermore,
SafeSystem can prevent the change of configuration and the accidental (or even
intentional) system files deletion or alteration, so your PC will be healthy

4. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary: 

KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp
connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character
device to pass socks5 and target ips to the Linux Kernel. I have choosen to
write in kernel space to enjoy myself [I know that there are easier and safer
ways to write this in userspace].

5. SQL column finder 0.1
By: Rafal Bielecki
Relevant URL: http://sqlcfind.netro.pl/sqlcfind.exe
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary: 

Helps you to find exact columns number when using union select query

6. Secure Hive 1.0.0.1
By: Secure Hive
Relevant URL: http://www.securehive.com/Secure%20Hive.htm
Platforms: Windows 2000, Windows NT, Windows XP
Summary: 

What Does Secure Hive Enterprise Offer?

 Encryption of part, or entire, Word documents, Excel worksheets or PowerPoint
presentations through Secure Hive's integration with Microsoft Office.
 
 Encryption of part, or entire, content of common documents (such as Notepad,
WordPad), email messages and instant messages, including mixed text and
graphics, with Secure Hive's Clipboard Encryption feature.

V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Forensics Engineer, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391735

2. [SJ-JOB] Security Consultant, Riyadh, SA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391734

3. [SJ-JOB] Security Engineer, Reston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391732

4. [SJ-JOB] Manager, Information Security, Saint John, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391731

5. [SJ-JOB] Auditor, Miami, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391730

6. [SJ-JOB] Security Engineer, Miami, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391729

7. [SJ-JOB] Security Architect, Mt. Laurel, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391728

8. [SJ-JOB] Security Engineer, Jersey City, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391727

9. [SJ-JOB] Sales Representative, Dallas, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391575

10. [SJ-JOB] Manager, Information Security, San Jose, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391570

11. [SJ-JOB] VP / Dir / Mgr engineering, San Jose, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391569

12. [SJ-JOB] Sr. Product Manager, SF, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391568

13. [SJ-JOB] Security Consultant, Roseville, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391567

14. [SJ-JOB] Application Security Engineer, Livingston, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391566

15. [SJ-JOB] Sales Engineer, Tampa, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391565

16. [SJ-JOB] Sr. Security Engineer, Alexandria, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391564

17. [SJ-JOB] Manager, Information Security, Washington, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391562

18. [SJ-JOB] Auditor, Stamford, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391415

19. [SJ-JOB] Security Architect, london, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391414

20. [SJ-JOB] Developer, Los Altos, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391413

21. [SJ-JOB] Security Director, Sunnyvale, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391412

22. [SJ-JOB] Security Engineer, Mountain View, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391411

23. [SJ-JOB] Sr. Security Engineer, Dublin, IE (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391409

24. [SJ-JOB] Management, New York,, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391408

25. [SJ-JOB] Security Consultant, San Francisco, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391407

26. [SJ-JOB] Security Consultant, Toronto, CA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391406

27. [SJ-JOB] Director of Privacy and Security, Chicago, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391405

28. [SJ-JOB] Sr. Security Engineer, Belgium, Netherlands... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391404

29. [SJ-JOB] Security Consultant, Rosh Ha'ain, IL (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391403

30. [SJ-JOB] Quality Assurance, Rosh Ha'ain, IL (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391402

31. [SJ-JOB] Sr. Security Engineer, Zurich, CH (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391401

32. [SJ-JOB] Developer, Rosh Ha'ain, IL (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391400

33. [SJ-JOB] Information Assurance Analyst, Arlington, U... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391399

34. [SJ-JOB] Security Consultant, Stamford, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391398

35. [SJ-JOB] Technical Writer, Rosh Ha'ain, IL (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391397

36. [SJ-JOB] Developer, San Mateo, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391394

37. [SJ-JOB] Management, Chicago, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391393

38. [SJ-JOB] Compliance Officer, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391248

39. [SJ-JOB] Auditor, Solihull, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391247

40. [SJ-JOB] Application Security Engineer, Los Angeles,... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391246

41. [SJ-JOB] Sales Representative, Lakewood, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391244

42. [SJ-JOB] Security Engineer, Basel, CH (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391241

43. [SJ-JOB] Application Security Architect, San Francis... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391238

44. [SJ-JOB] Security Architect, Los Angeles, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391235

45. [SJ-JOB] Security Engineer, Gambrills, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391234

46. [SJ-JOB] Manager, Information Security, San Francisc... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391233

47. [SJ-JOB] Management, Los Angeles, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391232

48. [SJ-JOB] Sales Engineer, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391231

49. [SJ-JOB] Security Consultant, New York, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/391230

VI. INCIDENTS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-02-22 to 2005-03-01.

VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. WASC-Articles: 'The Insecure Indexing Vulnerability ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/391808

2. Taking the control by abusing array index. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/391259

VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Terminal Services - Domain Controller - Normal User (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391578

2. Computer accounts in NTFS permissions (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391574

3. Domain Controller Best Practice - Thanks! (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391573

4. Prohibit Folder Compression (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391468

5. Com+ permissions (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391464

6. Domain Controller Best Practice (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391387

7. SecurityFocus Microsoft Newsletter #229 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/391291

IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-02-22 to 2005-03-01.

X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Samba vs NFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/391832

2. RES: Samba vs NFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/391299

3. [U] Re: Samba vs NFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/391283
[ terug ]