Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #304
----------------------------------------

This Issue is Sponsored By: Black Hat

Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las 
Vegas. World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 29 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,000 delegates from 30+ nations. 

http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Interview with Marcus Ranum
       2. Your fingerprints are everywhere
       3. Software Firewalls: Made of Straw? Part 2 of 2
II.   BUGTRAQ SUMMARY
       1. Pico Server File Access Vulnerability
       2. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
       3. JamMail Jammail.pl Remote Arbitrary Command Execution Vulnerability
       4. Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
       5. FusionBB Multiple Input Validation Vulnerabilities
       6. Multiple Vendor Telnet Client Remote Information Disclosure
Vulnerability
       7. Microsoft Internet Explorer PNG Image Rendering Buffer Overflow
Vulnerability
       8. Microsoft Incoming SMB Packet Validation Remote Buffer Overflow
Vulnerability
       9. Microsoft Internet Explorer XML Redirect Information Disclosure
Vulnerability
       10. Microsoft Step-By-Step Interactive Training Bookmark Link Buffer
Overflow Vulnerability
       11. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
       12. Microsoft Internet Explorer Unspecified DigWebX ActiveX Control
Vulnerability
       13. Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service
Vulnerability
       14. Microsoft Agent Trusted Content Spoofing Vulnerability
       15. MAST RunAs Professional Local Privilege Escalation Vulnerability
       16. Microsoft Windows Web Client Service Remote Code Execution
Vulnerability
       17. Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Vulnerability
       18. Microsoft Exchange Server Outlook Web Access HTML Injection
Vulnerability
       19. Microsoft Windows HTML Help Remote Code Execution Vulnerability
       20. Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass
Vulnerability
       21. Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information
Disclosure Vulnerability
       22. Microsoft ISA Server HTTP Request Smuggling Vulnerability
       23. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
       24. Sun Java Runtime Environment Unspecified Privilege Escalation
Vulnerability
       25. Finjan SurfinGate ASCII File Extension File Filter Circumvention
Vulnerability
       26. Annuaire 1Two Commentaires.PHP Multiple HTML Injection
Vulnerabilities
       27. Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
       28. Adobe Acrobat/Adobe Reader File Existence Disclosure Vulnerability
       29. McGallery Lang Argument File Disclosure Vulnerability
       30. ViRobot Linux Server Remote Buffer Overflow Vulnerability
       31. Bitrix Site Manager Remote File Include Vulnerability
       32. Mambo Open Source Com_Contents SQL Injection Vulnerability
       33. PAFileDB Multiple Input Validation Vulnerabilities
       34. Sun LPAdmin Unspecified Arbitrary Local File Overwrite Vulnerability
       35. Opera Web Browser Cross-Site Scripting Local File Disclosure
Vulnerability
       36. Opera Web Browser XMLHttpRequest Object Cross-Domain Access
Vulnerability
       37. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
       38. ATutor Multiple Cross-Site Scripting Vulnerabilities
       39. SquirrelMail Multiple Unspecified Cross-Site Scripting
Vulnerabilities
       40. e107 Website System Multiple Input Validation and Information
Disclosure Vulnerabilities
       41. Ultimate PHP Board Weak Password Encryption Vulnerability
       42. Cool Cafe Chat LOGIN.ASP SQL Injection Vulnerability
       43. OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
       44. SpamAssassin Malformed Email Header Remote Denial Of Service
Vulnerability
       45. osCommerce Multiple HTTP Response Splitting Vulnerabilities
       46. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
       47. Yaws Remote Source Code Disclosure Vulnerability
       48. XAMMP Lang.PHP HTML Injection Vulnerability
       49. XAMMP Lang.PHP Directory Traversal Vulnerability
       50. Vipul Razor-agents Multiple Unspecified Denial Of Service
Vulnerability
       51. JBoss Malformed HTTP Request Remote Information Disclosure
Vulnerability
       52. Ajax-Spell HTML Tag Script Injection Vulnerability
       53. Contelligent Preview Privilege Escalation Vulnerability
III.  SECURITYFOCUS NEWS
       1. MasterCard warns of massive credit-card breach
       2. Phishers look to net small fry
       3. Stealthy Trojan horses, modular bot software dodging defenses
       4. Latest Bluetooth attack makes short work of weak passwords
       5. Microsoft sues German spammer
       6. Adware makers exploit BitTorrent
       7. UK trojan siege has been running over a year
       8. Ssshhh! Opera slips out security update
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Sales Engineer, Dallas
       2. [SJ-JOB] Sr. Security Analyst, PALO ALTO
       3. [SJ-JOB] Security Engineer, New York
       4. [SJ-JOB] Auditor, Miami
       5. [SJ-JOB] Sales Engineer, Boston
       6. [SJ-JOB] Security Consultant, New York
       7. [SJ-JOB] Security Consultant, Chicago
       8. [SJ-JOB] Information Assurance Engineer, Dulles/Falls   
Church/Washington D.C.
       9. [SJ-JOB] Technology Risk Consultant, Portsmouth
       10. [SJ-JOB] Security Auditor, McLean
       11. [SJ-JOB] Application Security Engineer, West Coast
       12. [SJ-JOB] Sales Engineer, NYC, and Los Angeles
       13. [SJ-JOB] Sr. Security Engineer, Dallas
       14. [SJ-JOB] Information Assurance Analyst, Arlington
       15. [SJ-JOB] Sales Engineer, Dallas
       16. [SJ-JOB] Information Assurance Engineer, DC
       17. [SJ-JOB] Technical Writer, DC
       18. [SJ-JOB] Developer, Boulder
       19. [SJ-JOB] Security Architect, Ft Lauderdale
       20. [SJ-JOB] Developer, Boulder
       21. [SJ-JOB] Security Engineer, Santa Barbara
       22. [SJ-JOB] Application Security Engineer, Foster City
       23. [SJ-JOB] Channel / Business Development, TBD
V.    INCIDENTS LIST SUMMARY
       1. FTimes 3.5.0 Released
       2. Digital forensics of the physical memory
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. exploiting/debuggin SetUnhandledException filter
       2. Black Hat Briefings Announcements
       3. the possibility of jumping back to code in an exploited program
       4. Exploit development in Per
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Imaging question for MS OS.
       2. Disclaimer on Active/active clustered exchange servers
       3. WSUS/Reboot
       4. IE in Kiosk mode
       5. Windows Server 2K Lockdown Baseline
       6. SecurityFocus Microsoft Newsletter #244
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Interview with Marcus Ranum
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/334

2. Your fingerprints are everywhere
By Scott Granneman
How much do you trust your government? That's a question that all of us have to
ask, perhaps the more often the better.
http://www.securityfocus.com/columnists/333

3. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be circumvented
by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840


II.  BUGTRAQ SUMMARY
--------------------
1. Pico Server File Access Vulnerability
BugTraq ID: 13935
Remote: Yes
Date Published: 2005-06-11
Relevant URL: http://www.securityfocus.com/bid/13935
Summary:
Pico Server is a small web server written in C.

A vulnerability in Pico Server may allow for remote attackers to view file
contents or execute programs outside of the web root directory.  The
vulnerability appears to be due to a design failure in a feature meant to
prevent unauthorized access outside of the web root. 

The vulnerability can be exploited to obtain the contents of files outside of
the web root directory.  It may also be exploited to run commands via the
"/cgi-bin/" virtual directory.

2. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
BugTraq ID: 13936
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13936
Summary:
Sysreport is susceptible to an information disclosure vulnerability. This issue
is due to a failure of the application to ensure that sensitive information is
not included in its generated reports.

This vulnerability may result in sending unencrypted proxy authentication
usernames and passwords to potentially malicious people. This may aid them in
further attacks.

3. JamMail Jammail.pl Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 13937
Remote: Yes
Date Published: 2005-06-12
Relevant URL: http://www.securityfocus.com/bid/13937
Summary:
JamMail is prone to a remote arbitrary command execution vulnerability.

This vulnerability may allow an attacker to supply arbitrary commands through
the 'jammail.pl' script.

This can lead to various attacks including unauthorized access to an affected
computer.

JamMail 1.8 is affected by this issue.


4. Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13938
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13938
Summary:
Singapore image gallery is prone to a cross-site scripting vulnerability.  This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


5. FusionBB Multiple Input Validation Vulnerabilities
BugTraq ID: 13939
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13939
Summary:
FusionBB is affected by multiple vulnerabilities.  These issues arise due to a
failure of the application to properly sanitize user-supplied input.

The following specific vulnerabilities were identified:

The application is affected by a local file include vulnerability.  The attacker
may leverage this issue to execute arbitrary server-side script code that
resides on an affected computer with the privileges of the Web server process.
This may potentially facilitate unauthorized access.

FusionBB is prone to multiple SQL injection vulnerabilities as well.  These
vulnerabilities could result in a compromise of the application, disclosure or
modification of data, or may permit an attacker to exploit vulnerabilities in
the underlying database implementation.

6. Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability
BugTraq ID: 13940
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13940
Summary:
Telnet clients provided by multiple vendors are susceptible to a remote
information disclosure vulnerability.

Any information stored in the environment of clients utilizing the affected
telnet application is available for attackers to retrieve. The contents of the
environment variables may be sensitive in nature, allowing attackers to gain
information that may aid them in further system compromise.


7. Microsoft Internet Explorer PNG Image Rendering Buffer Overflow Vulnerability
BugTraq ID: 13941
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13941
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability.  This
issue exists in the PNG image rendering library used by the browser.
 
Successful exploitation will result in execution of arbitrary code in the
context of the currently logged in user.

This issue is present in the PNG image rendering library, so it is possible that
other applications that use the library are affected.  This is not confirmed and
Symantec is not aware of any such applications.


8. Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability
BugTraq ID: 13942
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13942
Summary:
Microsoft SMB is susceptible to a remote buffer overflow vulnerability. This
issue is due to a failure of the application to properly bounds check
user-supplied data prior to copying it to an insufficiently sized memory buffer.

Remote attackers may exploit this vulnerability to execute arbitrary machine
code in the context of the kernel containing the vulnerable code. Microsoft has
stated that other attack vectors may exist, in the form of passing malicious
parameters to the affected component, either locally or remotely.

Failed exploit attempts will likely crash the affected computer, denying service
to legitimate users.


9. Microsoft Internet Explorer XML Redirect Information Disclosure Vulnerability
BugTraq ID: 13943
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13943
Summary:
Microsoft Internet Explorer is prone to an information disclosure vulnerability.
 Specifically, it may be possible for remote users to read XML data from an
affected computer via a malicious Web page.  

This issue is a variant of BID 5560.  This variant was not addressed with the
release of MS02-047.  Microsoft has released a new security bulletin to provide
fixes for this variant.  Microsoft has stated that Windows Server 2003 with the
Enhanced Security Configuration enabled is not affected.


10. Microsoft Step-By-Step Interactive Training Bookmark Link Buffer Overflow
Vulnerability
BugTraq ID: 13944
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13944
Summary:
Microsoft Step-By-Step Interactive Training is prone to a buffer overflow
vulnerability.  This is due to a boundary condition error related to validation
of data in bookmark link files.  As bookmark link files may originate from an
external source, this issue may be remotely exploitable.

Successful exploitation will result in execution of arbitrary code in the
context of the currently logged in user.

A number of third-party providers may supply the Step-by-Step Interactive
training program as a part of their products.  There is not a conclusive list of
products that may have installed this software.


11. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13945
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13945
Summary:
Sun Java Web Start is susceptible to an unspecified privilege escalation
vulnerability.

This vulnerability allows remote, untrusted Java applications to gain elevated
privileges. This allows them to read or write local files, or to execute
arbitrary local applications. These actions are normally forbidden for untrusted
applications running in the Java virtual machine.

Further details are not available at this time. This BID will be updated as
further information is disclosed.

12. Microsoft Internet Explorer Unspecified DigWebX ActiveX Control
Vulnerability
BugTraq ID: 13946
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13946
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability in the
DigWebX ActiveX control.

The vendor has not released any further information about this vulnerability
other than to state the "kill bit" has been set on unsupported versions of the
control.


13. Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service
Vulnerability
BugTraq ID: 13947
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13947
Summary:
Microsoft Internet Explorer is prone to a denial of service vulnerability when
rendering malformed GIF and BMP images.  Malformed images for other file formats
may also cause a similar condition, though the vendor has not provided any
further information.

The vendor has not released any further information about this issue other than
to state that it is addressed by the Cumulative Security Update For Internet
Explorer.


14. Microsoft Agent Trusted Content Spoofing Vulnerability
BugTraq ID: 13948
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13948
Summary:
Microsoft Agent is prone to a vulnerability that could allow a malicious Web
site to spoof trusted content.  This could result in a user downloading and
executing malicious files thinking they are safe.

15. MAST RunAs Professional Local Privilege Escalation Vulnerability
BugTraq ID: 13949
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13949
Summary:
RunAs Professional (RunAsP.exe) is affected by a local privilege escalation
vulnerability.

This issue presents itself because the affected application fails to verify the
executable prior to running it with higher privileges.

RunAs Professional 3.5.1 is affected by this vulnerability.  Other versions may
be prone to this issue as well.


16. Microsoft Windows Web Client Service Remote Code Execution Vulnerability
BugTraq ID: 13950
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13950
Summary:
Microsoft Windows Web Client Service is affected by a remote code execution
vulnerability.  This is due to a buffer overflow in the affected component.

A remote authenticated attacker can exploit this issue by sending a malformed
message to the Web Client Service.  This can lead to arbitrary code execution
resulting in privilege escalation.

An attacker may also exploit this issue through another application that passes
data to the vulnerable component.

Web Client Service is disabled on Windows Server 2003 by default.


17. Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Vulnerability
BugTraq ID: 13951
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13951
Summary:
Microsoft Outlook Express is prone to a buffer overflow when parsing NNTP
responses.  Successful exploitation could allow arbitrary code execution in the
context of the user running the application.

18. Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
BugTraq ID: 13952
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13952
Summary:
Outlook Web Access is prone to an HTML injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the affected application of an unsuspecting user in the context of the affected
user.

This issue is reported to affect Outlook Web Access for Exchange Server 5.5.


19. Microsoft Windows HTML Help Remote Code Execution Vulnerability
BugTraq ID: 13953
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13953
Summary:
Microsoft Windows HTML Help is affected by a remote code execution
vulnerability.

The vulnerability presents itself when the application handles malformed data
through the InfoTech protocol (ms-its, its, mk:@msitstore).  

An attacker may exploit this issue from a malicious Web page or through HTML
email to execute arbitrary code with the privileges of the currently logged in
user.

This vulnerability affects any application that utilizes the Windows Help
component of Internet Explorer.

20. Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability
BugTraq ID: 13954
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13954
Summary:
Microsoft Internet Security and Acceleration (ISA) server is prone to a policy
bypass vulnerability. Reports indicate that the issue manifests when a Microsoft
ISA server is utilizing the 'NetBIOS (all)' predefined filter. 

A remote attacker may leverage this vulnerability to successfully make NetBIOS
connections to NetBIOS based services that exist on a target ISA server.


21. Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure
Vulnerability
BugTraq ID: 13955
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13955
Summary:
Microsoft Internet Security and Acceleration (ISA) server is prone to an
information disclosure vulnerability. Reports indicate that the issue manifests
when an ISA server is publishing a Web service that has Basic authentication
enabled, but the Web publishing rules that process the request are configured as
'SSL required'.

An attacker that has the ability to intercept network communications between the
ISA server and a client may leverage this issue to obtain Web site
authentication credentials. 


22. Microsoft ISA Server HTTP Request Smuggling Vulnerability
BugTraq ID: 13956
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13956
Summary:
Microsoft Internet Security and Acceleration (ISA) server is reported prone to a
HTTP request smuggling attack.

The vendor reports that Microsoft ISA server fails to correctly handle an
invalid HTTP request that contains multiple 'Content-Length' values in an
invalid HTTP header.

A remote attacker may exploit this issue to launch cache poisoning or
content-restriction bypass attacks against the affected server.


23. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 13957
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13957
Summary:
Multiple unspecified buffer overflow vulnerabilities affect Iron Bars Shell.
These issues are due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into static process
buffers.

The details currently available regarding these issues are insufficient to
provide an accurate technical description.  It can be speculated that these
issues may be leveraged by an attacker to gain escalated privileges on a local
machine.

An attacker may leverage these issues to execute instructions with the
privileges of the affected application.

24. Sun Java Runtime Environment Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13958
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13958
Summary:
Sun Java Runtime Environment is susceptible to an unspecified privilege
escalation vulnerability.

This vulnerability allows remote, untrusted Java applications to gain elevated
privileges. This allows them to read or write local files, or to execute
arbitrary local applications. These actions are normally forbidden for untrusted
applications running in the Java virtual machine.

Further details are not available at this time. This BID will be updated as
further information is disclosed.

25. Finjan SurfinGate ASCII File Extension File Filter Circumvention
Vulnerability
BugTraq ID: 13959
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13959
Summary:
SurfinGate may allow an attacker to circumvent file filters.

It has been reported that an attacker may bypass SurfinGate file filtering rules
by using ASCII encoding in the file name.

SurfinGate version 7.0 SP2 and 7.0 SP3 are reportedly vulnerable.  Other
versions may be affected as well.

26. Annuaire 1Two Commentaires.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 13960
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13960
Summary:
Annuaire 1Two is prone to multiple HTML injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

27. Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13961
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13961
Summary:
Annuaire 1Two is prone to a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

28. Adobe Acrobat/Adobe Reader File Existence Disclosure Vulnerability
BugTraq ID: 13962
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13962
Summary:
Adobe Acrobat and Adobe Reader may allow remote attackers to determine the
existence of files on a vulnerable computer.

Information gathered through the exploitation of this vulnerability may aid in
other attacks.

29. McGallery Lang Argument File Disclosure Vulnerability
BugTraq ID: 13963
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13963
Summary:
McGallery is prone to a file disclosure vulnerability.  

This could let remote attackers access files on the computer in the context of
the Web server process.

30. ViRobot Linux Server Remote Buffer Overflow Vulnerability
BugTraq ID: 13964
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13964
Summary:
ViRobot Linux Server is prone to a remote buffer overflow vulnerability
affecting the Web based management interface.  This issue presents itself
because the application fails to perform boundary checks prior to copying
user-supplied data into sensitive process buffers.

An attacker can unauthorized access to a vulnerable computer by supplying
malformed values through cookies.  This issue can lead to a complete compromise.

ViRobot Linux Server 2.0 is vulnerable to this issue.  Other versions may be
affected as well.

31. Bitrix Site Manager Remote File Include Vulnerability
BugTraq ID: 13965
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13965
Summary:
Bitrix Site Manager is prone to a remote file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

Bitrix Site Manager 4.0.5 and prior versions are considered to be vulnerable at
the moment.

32. Mambo Open Source Com_Contents SQL Injection Vulnerability
BugTraq ID: 13966
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13966
Summary:
Mambo 'com_contents' component is prone to an SQL injection vulnerability.  This
issue is due to a failure of the application to properly sanitize user-supplied
URI input.

As a result of this, a malicious user may influence database queries in order to
view or modify sensitive information, potentially compromising the software or
the database. It may be possible for an attacker to disclose the administrator
password hash by exploiting this issue.


33. PAFileDB Multiple Input Validation Vulnerabilities
BugTraq ID: 13967
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13967
Summary:
paFileDB is prone to multiple input validation vulnerabilities. The following
issues are reported:

Multiple SQL injection issues exist in paFileDB.

The impact of these issues will vary depending on features supported by the
database implementation but may be limited due to the nature of affected
queries.

Multiple cross-site scripting issues are also reported when passing
user-supplied arguments to the 'sortby', 'filelist', and 'pages' parameters of
the 'pafiledb.php' script.

Exploitation of these issues may allow for compromise of the software, session
hijacking, or attacks against the underlying database.

Finally, paFileDB is prone to a file disclosure vulnerability. The 'action'
parameter of the 'pafiledb.php' script is affected by the vulnerability.


34. Sun LPAdmin Unspecified Arbitrary Local File Overwrite Vulnerability
BugTraq ID: 13968
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13968
Summary:
Sun lpadmin is susceptible to an unspecified arbitrary local file overwrite
vulnerability.

This vulnerability allows local, unprivileged attackers to overwrite arbitrary
files. This likely allows users to crash services, or possibly the whole
computer, denying service to legitimate users. It is conjectured that it may
also be possible to utilize this vulnerability to gain administrative
privileges.

No further details were provided. This BID will be updated as new information is
disclosed.

35. Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability
BugTraq ID: 13969
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13969
Summary:
Opera Web Browser is affected by a cross-site scripting vulnerability that can
be leveraged to disclose local files as well.

Attackers may steal cookie-based authentication credentials, disclose local
files in the context of the browser and carry out other attacks.

Opera Web Browser version 8.0 is prone to this issue.

36. Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability
BugTraq ID: 13970
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13970
Summary:
Opera Web Browser is prone to an issue that allows a violation of the
cross-domain security model.

This issue arises due to an access validation error affecting the
'XMLHttpRequest' object.

Successful exploitation may result in cookie theft, content manipulation,
information disclosure or other attacks.

Opera Web Browser version 8.0 is prone to this issue.

37. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13971
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13971
Summary:
Ultimate PHP Board is prone to multiple cross-site scripting vulnerabilities. 
These issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

38. ATutor Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13972
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13972
Summary:
ATutor is prone to multiple cross-site scripting vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks. 

39. SquirrelMail Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 13973
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13973
Summary:
SquirrelMail is affected by multiple unspecified cross-site scripting
vulnerabilities.  These issues are due to a failure of the application to
properly sanitize user-supplied URI input.  

These issues could permit a remote attacker to create a malicious URI link that
includes hostile HTML and script code. If this link were to be followed, the
hostile code may be rendered in the web browser of the victim user. This would
occur in the security context of the affected web site and may allow for theft
of cookie-based authentication credentials or other attacks.


40. e107 Website System Multiple Input Validation and Information Disclosure
Vulnerabilities
BugTraq ID: 13974
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13974
Summary:
e107 Website System is prone to multiple input validation and information
disclosure vulnerabilities.

The application has an information disclosure vulnerability regarding valid
usernames.

The application is also vulnerable to several cross-site scripting and HTML
injection vulnerabilities.  These issues are due to a failure in the application
to properly sanitize user-supplied input before using it in dynamically
generated content.

Some of the cross-site scripting issues are the same as described in BID 10436,
which were believed to be addressed in previous versions of the application. 
Further information has reported that the application is still affected.


41. Ultimate PHP Board Weak Password Encryption Vulnerability
BugTraq ID: 13975
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13975
Summary:
Ultimate PHP Board is prone to a weak password encryption vulnerability.  This
issue is due to a failure of the application to protect passwords with a
sufficiently effective encryption scheme.

This issue may allow a malicious user to gain access to user and administrator
passwords for the affected application.

42. Cool Cafe Chat LOGIN.ASP SQL Injection Vulnerability
BugTraq ID: 13976
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13976
Summary:
Cool Cafe Chat is prone to an SQL injection vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input to the
'login.asp' script before using it in an SQL query. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

Cool Cafe Chat 1.2.1 is reportedly vulnerable.

43. OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
BugTraq ID: 13977
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13977
Summary:
A local denial of service vulnerability affects OpenBSD.

The vendor reports that a local user may invoke 'getsockopt()' on an existing
socket to trigger this vulnerability.

A local attacker may exploit this issue to trigger a kernel panic and deny
service for legitimate users.


44. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
BugTraq ID: 13978
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial of service vulnerability. This issue is
due to a failure of the application to properly handle overly long email
headers. 

Further details regarding this vulnerability are currently not available. This
BID will be updated as more information is disclosed.

An attacker may cause SpamAssassin to take inordinate amounts of time to check a
specially crafted email message. By sending many malicious messages, it may be
possible for attackers to cause extremely large delays in email delivery,
denying service to legitimate users.

45. osCommerce Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 13979
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13979
Summary:
osCommerce is prone to multiple HTTP response splitting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

A remote attacker may exploit any of these vulnerabilities to influence or
misrepresent how Web content is served, cached or interpreted. This could aid in
various attacks that attempt to entice client users into a false sense of trust.


46. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
BugTraq ID: 13980
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13980
Summary:
SuSE Linux is affected by an unspecified vulnerability related to S/MIME signing
using gpg2.  The cause and impact of this issue is currently unknown.

Due to a lack of details, it cannot be confirmed whether this issue poses a
security threat or results in an adverse affect on the functionality of the
application.  It is conjectured that this issue is remote in nature.

SUSE Linux 9.3 is affected by this issue.



47. Yaws Remote Source Code Disclosure Vulnerability
BugTraq ID: 13981
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13981
Summary:
A vulnerability has been reported in Yaws that may result in the disclosure of
script files' source code. 

Information obtained in this manner may be used by the attacker to launch
further attacks against a vulnerable system. 

Yaws 1.55 and prior versions are affected.

48. XAMMP Lang.PHP HTML Injection Vulnerability
BugTraq ID: 13982
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13982
Summary:
XAMMP is prone to an HTML injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

This issue is reported to affect the Linux distribution of XAMMP.

49. XAMMP Lang.PHP Directory Traversal Vulnerability
BugTraq ID: 13983
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13983
Summary:
XAMMP is prone to a directory traversal vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

A remote unauthorized user can disclose the contents of arbitrary local PHP
scripts through the use of directory traversal strings '../'.  Exploitation of
this vulnerability could lead to a loss of confidentiality.

This issue is reported to affect the Linux distribution of XAMMP.

50. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerability
BugTraq ID: 13984
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial of service
vulnerabilities. The following issues are reported:

The first denial of service vulnerability exists in the discovery logic of
Razor-agents.

The second issue exists in the preprocessing code of Razor-agents.

Both issues may be exploited to cause a denial of service for the vulnerable
application.


51. JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability
BugTraq ID: 13985
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13985
Summary:
JBoss is prone to a remote information disclosure vulnerability. The issue
exists in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient
sanitization of user-supplied request data.

Information that is harvested through leveraging of this issue may be used to
aid in further attacks that are launched against the affected service.


52. Ajax-Spell HTML Tag Script Injection Vulnerability
BugTraq ID: 13986
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13986
Summary:
ajax-spell is prone to a script injection vulnerability.  This could permit an
attacker to inject hostile HTML and script code into the session of a user of
the Web site hosting the application.

Successful exploitation could let an attacker steal cookie-based authentication
credentials or launch other attacks.

53. Contelligent Preview Privilege Escalation Vulnerability
BugTraq ID: 13987
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13987
Summary:
Contelligent is prone to a privilege escalation vulnerability.  This issue is
exposed by the preview mechanism of the software, allowing an attacker to gain
elevated privileges within the application.

This issue was reported in Contelligent 9.0.15.  Earlier versions may also be
affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. MasterCard warns of massive credit-card breach
By: Robert Lemos
Data thieves breached the systems of Atlanta, Georgia-based CardSystems
Solutions, stealing data on as many as 40 million accounts affecting various
credit-card brands, MasterCard says.
http://www.securityfocus.com/news/11219

2. Phishers look to net small fry
By: Robert Lemos
Online fraudsters are targeting the customers of small financial institutions,
hoping to take advantage of less knowledgeable and more trusting consumers.
http://www.securityfocus.com/news/11214

3. Stealthy Trojan horses, modular bot software dodging defenses
By: Robert Lemos
Software that turns PCs into remotely controlled zombies is getting better, but
defenses are not keeping up. 
http://www.securityfocus.com/news/11209

4. Latest Bluetooth attack makes short work of weak passwords
By: Robert Lemos
Devices that use 4-digit PINs for security can be compromised in less than a
second, but longer passwords are proof against the attack, researchers say.
http://www.securityfocus.com/news/11202

5. Microsoft sues German spammer
By: John Oates
Microsoft is taking legal action against an alleged spammer now resident in
Germany.
http://www.securityfocus.com/news/11220

6. Adware makers exploit BitTorrent
By: John Leyden
A row has broken out after a marketing firm was caught hiding adware in files
distributed on the BitTorrent file sharing network.
http://www.securityfocus.com/news/11215

7. UK trojan siege has been running over a year
By: Peter Warren
One of the UK's most secretive security organisations is hunting down a gang of
high tech criminals in the Far East that has been attacking the computer systems
of Government departments and multi-national companies to steal secrets.
http://www.securityfocus.com/news/11216

8. Ssshhh! Opera slips out security update
By: John Leyden
Opera users are urged to update their browser software following the discovery
of a security flaw that creates a means for hackers to read local files using a
form of cross-site scripting attack.
http://www.securityfocus.com/news/11217

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/402496

2. [SJ-JOB] Sr. Security Analyst, PALO ALTO
http://www.securityfocus.com/archive/77/402497

3. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/402498

4. [SJ-JOB] Auditor, Miami
http://www.securityfocus.com/archive/77/402509

5. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/402499

6. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/402500

7. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/402508

8. [SJ-JOB] Information Assurance Engineer, Dulles/Falls    Church/Washington
D.C.
http://www.securityfocus.com/archive/77/402507

9. [SJ-JOB] Technology Risk Consultant, Portsmouth
http://www.securityfocus.com/archive/77/402505

10. [SJ-JOB] Security Auditor, McLean
http://www.securityfocus.com/archive/77/402502

11. [SJ-JOB] Application Security Engineer, West Coast
http://www.securityfocus.com/archive/77/402503

12. [SJ-JOB] Sales Engineer, NYC, and Los Angeles
http://www.securityfocus.com/archive/77/402510

13. [SJ-JOB] Sr. Security Engineer, Dallas
http://www.securityfocus.com/archive/77/402501

14. [SJ-JOB] Information Assurance Analyst, Arlington
http://www.securityfocus.com/archive/77/402504

15. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/402486

16. [SJ-JOB] Information Assurance Engineer, DC
http://www.securityfocus.com/archive/77/402489

17. [SJ-JOB] Technical Writer, DC
http://www.securityfocus.com/archive/77/402493

18. [SJ-JOB] Developer, Boulder
http://www.securityfocus.com/archive/77/402488

19. [SJ-JOB] Security Architect, Ft Lauderdale
http://www.securityfocus.com/archive/77/402491

20. [SJ-JOB] Developer, Boulder
http://www.securityfocus.com/archive/77/402487

21. [SJ-JOB] Security Engineer, Santa Barbara
http://www.securityfocus.com/archive/77/402492

22. [SJ-JOB] Application Security Engineer, Foster City
http://www.securityfocus.com/archive/77/402490

23. [SJ-JOB] Channel / Business Development, TBD
http://www.securityfocus.com/archive/77/402494

V.   INCIDENTS LIST SUMMARY
---------------------------
1. FTimes 3.5.0 Released
http://www.securityfocus.com/archive/75/402592

2. Digital forensics of the physical memory
http://www.securityfocus.com/archive/75/402311

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. exploiting/debuggin SetUnhandledException filter
http://www.securityfocus.com/archive/82/402718

2. Black Hat Briefings Announcements
http://www.securityfocus.com/archive/82/402564

3. the possibility of jumping back to code in an exploited program
http://www.securityfocus.com/archive/82/402347

4. Exploit development in Per
http://www.securityfocus.com/archive/82/402136

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Imaging question for MS OS.
http://www.securityfocus.com/archive/88/402892

2. Disclaimer on Active/active clustered exchange servers
http://www.securityfocus.com/archive/88/402785

3. WSUS/Reboot
http://www.securityfocus.com/archive/88/402572

4. IE in Kiosk mode
http://www.securityfocus.com/archive/88/402477

5. Windows Server 2K Lockdown Baseline
http://www.securityfocus.com/archive/88/402321

6. SecurityFocus Microsoft Newsletter #244
http://www.securityfocus.com/archive/88/402299

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
[ terug ]