Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #313
----------------------------------------

This Issue is Sponsored By: IT-Harvest

Zotob got you down?
Attend the The Detroit IT Security Summit
This premier Midwest security event is all about "Security That Works"
Register online at: 

http://www.securityfocus.com/sponsor/ITHarvest_sf-news_050830

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. The great firewall of China
II.   BUGTRAQ SUMMARY
       1. Elm Expires Header Remote Buffer Overflow Vulnerability
       2. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
       3. Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
       4. Land Down Under Multiple SQL Injection Vulnerabilities
       5. Land Down Under Multiple Cross-Site Scripting Vulnerabilities
       6. PCRE Regular Expression Heap Overflow Vulnerability
       7. Computer Associates Message Queuing Denial Of Service Vulnerability
       8. Computer Associates Message Queuing Buffer Overflow Vulnerability
       9. Computer Associates Message Queuing CAFT Spoofing Vulnerability
       10. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
       11. Coppermine Displayimage.PHP Script Injection Vulnerability
       12. NEPHP Browse.PHP Cross Site Scripting Vulnerability
       13. DTLink Software AreaEdit SpellChecker Plugin Arbitrary Command
Execution Vulnerability
       14. Cisco IDS Management Software SSL Certificate Validation
Vulnerability
       15. PHPKit Multiple SQL Injection Vulnerabilities
       16. RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection
Vulnerabilities
       17. BEA WebLogic Portal Access Validation Vulnerability
       18. Cisco Intrusion Prevention System Local Privilege Escalation
Vulnerability
       19. RunCMS Arbitrary Variable Overwrite Vulnerability
       20. PostNuke Multiple Cross Site Scripting Vulnerabilities
       21. PostNuke DL-viewdownload.PHP SQL Injection Vulnerability
       22. Netquery Host Parameter Arbitrary Command Execution Vulnerability
       23. Adobe Version Cue for Mac OS X Local Privilege Escalation
Vulnerabilities
       24. SaveWebPortal Unauthorized Access Vulnerability
       25. SLocate Local Database Corruption Vulnerability
       26. SaveWebPortal Multiple Remote File Include Vulnerabilities
       27. SaveWebPortal Multiple Cross Site Scripting Vulnerabilities
       28. SaveWebPortal Multiple Directory Traversal Vulnerabilities
       29. Ventrilo Status Requests Denial Of Service Vulnerability
       30. ZipTorrent Proxy Server Password Disclosure Vulnerability
       31. Mercora IMRadio Plaintext Password Disclosure Weakness
       32. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow
Vulnerability
       33. PADL Software PAM_LDAP Authentication Bypass Vulnerability
       34. SqWebMail File Attachment Script Injection Vulnerability
       35. WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
       36. MPlayer Audio Header Buffer Overflow Vulnerability
       37. Home Ftp Server Multiple Vulnerabilities
       38. PAFileDB Auth.PHP SQL Injection Vulnerability
       39. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
       40. QNX RTOS InputTrap Local Arbitrary File Disclosure Vulnerability
       41. Foojan PHPWeblog Html Injection Vulnerability
       42. Tor Cryptographic Handshake Remote Information Disclosure
Vulnerability
       43. Apache CGI Byterange Request Denial of Service Vulnerability
       44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of
Service Vulnerability
       45. HP OpenView Network Node Manager Multiple Remote Command Execution
Vulnerabilities
       46. HP-UX Veritas File System Unauthorized Data Access Vulnerability
       47. Quake 2 Lithium II Mod Memory Corruption Vulnerability
       48. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
       49. Simpleproxy Remote Syslog() Format String Vulnerability
       50. Simple PHP Blog Remote Arbitrary File Upload Vulnerability
       51. Gallery Script Injection Vulnerability
       52. PHPgraphy Script Injection Vulnerability
       53. YaPig Script Injection Vulnerability
       54. PhotoPost Script Injection Vulnerability
       55. Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
       56. NTPD Insecure Privileges Vulnerability
III.  SECURITYFOCUS NEWS
       1. Zotob suspects arrested in Turkey and Morocco
       2. Storm brewing over SHA-1 as further breaks are found
       3. Plug-and-play bots worming and warring among Windows systems
       4. Worm spreading through Microsoft Plug-and-Play flaw
       5. Zotob arrests throws open trade in compromised PCs
       6. Brazil cuffs 85 in online bank hack dragnet
       7. Polyglot IM worm targets MSN
       8. The GIMP threatens PIN number security
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Auditor, Charlotte
       2. [SJ-JOB] Security Consultant, Various
       3. [SJ-JOB] Security System Administrator, Seattle
       4. [SJ-JOB] Security Engineer, Santa Clara
       5. [SJ-JOB] Security Engineer, Bayarea
       6. [SJ-JOB] Database Security Engineer, Santa Clara
       7. [SJ-JOB] Information Assurance Engineer, Seattle
       8. [SJ-JOB] Information Assurance Analyst, Seattle
       9. [SJ-JOB] Sr. Security Engineer, New York
       10. [SJ-JOB] Security Consultant, UK-wide
       11. [SJ-JOB] Sr. Security Analyst, beijing
       12. [SJ-JOB] Security Engineer, Berkshire
       13. [SJ-JOB] Disaster Recovery Coordinator, Washington
       14. [SJ-JOB] Sales Engineer, Washington
       15. [SJ-JOB] Sales Representative, Atlanta
       16. [SJ-JOB] Information Assurance Analyst, Arlington
       17. [SJ-JOB] Security Consultant, Munich or Frankfurt
       18. [SJ-JOB] Sales Engineer, New York
       19. [SJ-JOB] Channel / Business Development, New York
       20. [SJ-JOB] Channel / Business Development, Dallas/Austin
       21. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
       22. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
       23. [SJ-JOB] Application Security Architect, Amsterdam
       24. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
       25. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
       26. [SJ-JOB] Management, Cincinnatti
       27. [SJ-JOB] Sales Representative, TBA
       28. [SJ-JOB] Security Architect, Sunnyvale
       29. [SJ-JOB] Sales Representative, St. Louis or Kansas City, MO.
       30. [SJ-JOB] Manager, Information Security, Wales
       31. [SJ-JOB] Forensics Engineer, London
       32. [SJ-JOB] Sr. Security Analyst, Parsippany
       33. [SJ-JOB] Sr. Security Analyst, central
       34. [SJ-JOB] VP / Dir / Mgr engineering, Pune
       35. [SJ-JOB] Quality Assurance, Cupertino
       36. [SJ-JOB] Technical Marketing Engineer, Cupertino
       37. [SJ-JOB] Security System Administrator, Appleton
V.    INCIDENTS LIST SUMMARY
       1. strange icmp echo request
       2. SSH compiled with backdoor
       3. Looking for Analysts in the Calgary, Alberta Canada - UI design
workshop
       4. cuebot-d infection method
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. Xcon2005 papers released
       2. 22nd Chaos Communication Congress 2005: Call for Papers
       3. Windows Multi-Languages OPcodes DB
       4. rm fileutils Segmentation fault
       5. osx bugs in realplayer, grapher, and garage band
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #253
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
       1. POC /dev/input/event*  keylogger
       2. Re[2]: Linux hardening
       3. Xvfb Question
       4. Linux hardening
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. The great firewall of China
By Scott Granneman
When a barrage of attacks and hacking attempts come from IP addresses traced
back to China, and you don't do any business in China, do you block their entire
IP address range and call it a day?
http://www.securityfocus.com/columnists/350


II.  BUGTRAQ SUMMARY
--------------------
1. Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an attacker to
execute malicious code.  This issue is due to a failure in the application to
perform proper bounds checking on user-supplied data.

A successful attack can result in overflowing a finite sized buffer and may
ultimately lead to arbitrary code execution in the context of the affected
application.

2. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability
BugTraq ID: 14616
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14616
Summary:
Process Explorer is prone to a buffer overflow vulnerability.  This issue is due
to a failure in the application to perform proper bounds checking on
user-supplied data.

A successful attack can result in the overflowing of a finite sized buffer and
may ultimately lead to the execution of arbitrary code in the context of the
affected application.

3. Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
BugTraq ID: 14617
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14617
Summary:
Woltlab Burning Board is prone to an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

It should be noted an attacker must have moderator credentials to access the
vulnerable script.

4. Land Down Under Multiple SQL Injection Vulnerabilities
BugTraq ID: 14618
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14618
Summary:
Land Down Under is prone to multiple SQL injection vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

5. Land Down Under Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14619
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14619
Summary:
Land Down Under is prone to multiple cross-site scripting vulnerabilities. 
These issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

6. PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability.  This issue is due to a failure
of the library to properly bounds check user-supplied input prior to copying
data to an internal memory buffer. 

The impact of successful exploitation of this vulnerability depends on the
application and the user credentials utilizing the vulnerable library. 
Successful attack may ultimately permit an attacker to control the contents of
critical memory control structures and write arbitrary data to arbitrary memory
locations.

7. Computer Associates Message Queuing Denial Of Service Vulnerability
BugTraq ID: 14621
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14621
Summary:
Computer Associates Message Queuing (CAM) is prone to a remote denial of service
vulnerability.

A remote attacker can exploit this vulnerability to deny service to legitimate
users.

It should be noted exploitation of this issue does not cause the affected
application to consume system resources.  The only known consequence is no
further connections to the TCP port can take place.

8. Computer Associates Message Queuing Buffer Overflow Vulnerability
BugTraq ID: 14622
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14622
Summary:
Computer Associates Message Queuing (CAM) is prone to a buffer overflow
vulnerability.  This issue is due to a failure in the application to perform
proper bounds checking on user-supplied data.

A successful attack can cause the process's execution stack to overflow and may
ultimately lead to the execution of arbitrary code in the context of the
affected application.  This may facilitate privilege escalation to SYSTEM level
privileges.

9. Computer Associates Message Queuing CAFT Spoofing Vulnerability
BugTraq ID: 14623
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14623
Summary:
CAM is prone to a vulnerability that could permit the spoofing of a CAFT
application utilizing the CAM instance.  This may ultimately allow the execution
of arbitrary commands.  

CAFT is a file transfer application that utilizes CAM to send and receive the
files.  The problem presents itself due to a failure in the CAM service to
verify the legitimacy of the CAFT application.  An attacker can spoof a
legitimate CAFT instance and ultimately execute arbitrary CAM commands with
elevated privileges.

10. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
BugTraq ID: 14624
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14624
Summary:
lm_sensors creates temporary files in an insecure manner. The issue exists in
the 'pwmconfig' script.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.

lm_sensors version 2.9.1 is reportedly affected, however, other versions may be
vulnerable as well.

11. Coppermine Displayimage.PHP Script Injection Vulnerability
BugTraq ID: 14625
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14625
Summary:
Coppermine is prone to a script injection vulnerability. This is due to a lack
of proper sanitization of user-supplied input.

A malicious user may cause arbitrary script code to be executed in the Web
browser context of an unsuspecting victim. This may lead to the theft of
cookie-based authentication credentials in the context of the victim's browser
application.


12. NEPHP Browse.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14626
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14626
Summary:
nePHP is prone to a cross-site scripting vulnerability. This issue is due to a
lack of sanitization of user-supplied input.

This vulnerability will allow a malicious user to perform attacks on an
unsuspecting user in the context of the site hosting the affected application. 

This can lead to the theft of cookie-based authentication credentials, as well
as other attacks.


13. DTLink Software AreaEdit SpellChecker Plugin Arbitrary Command Execution
Vulnerability
BugTraq ID: 14627
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14627
Summary:
AreaEdit is affected by a remote arbitrary command execution vulnerability. 

Successful exploitation of this issue results in command execution with the
privileges of the Web server process. This can lead to various attacks including
unauthorized access to an affected computer. 

AreaEdit versions prior to 0.4.3 are affected by this vulnerability.

14. Cisco IDS Management Software SSL Certificate Validation Vulnerability
BugTraq ID: 14628
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14628
Summary:
CiscoWorks Management Center for IDS Sensors, and Cisco Monitoring Center for
Security are both susceptible to an SSL certificate validation vulnerability.
This issue is due to a failure of the software to properly validate SSL
certificates.

Attackers may exploit this vulnerability to spoof SSL certificates, allowing
them to impersonate Cisco Intrusion Detection Sensor or Cisco Intrusion
Prevention System devices.

By spoofing these connections attackers may gain access to login credentials,
aiding them in further attacks. Spoofed connections may also allow for the
insertion of false data or the modification or destruction of other valid data
contained in the affected management software. This allows attackers to hide the
traces of their malicious activity, creating a false sense of security. Other
attacks may also be possible.


15. PHPKit Multiple SQL Injection Vulnerabilities
BugTraq ID: 14629
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14629
Summary:
PHPKit is prone to multiple SQL injection vulnerabilities.  These issues are due
to a failure in the application to properly sanitize user-supplied input before
using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


16. RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection
Vulnerabilities
BugTraq ID: 14631
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14631
Summary:
RunCMS is prone to multiple SQL injection vulnerabilities.  These issues are due
to a failure in the application to properly sanitize user-supplied input before
using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

17. BEA WebLogic Portal Access Validation Vulnerability
BugTraq ID: 14632
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14632
Summary:
BEA WebLogic Portal is affected by an access validation vulnerability.

An attacker can gain access to restricted content including all pages of the
Book by issuing a specially crafted HTTP GET request.

WebLogic Portal 8.1 Service Pack 4 and prior are affected by this vulnerability.

18. Cisco Intrusion Prevention System Local Privilege Escalation Vulnerability
BugTraq ID: 14633
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14633
Summary:
Cisco IPS is susceptible to a local privilege escalation vulnerability. This
issue is due to a flaw in the logic of the command line interface (CLI).

Users with VIEWER or OPERATOR privileges may exploit this vulnerability to gain
administrative access on affected devices. These privileges are non-privileged
accounts designated for monitoring and troubleshooting of IPS devices.

By exploiting this vulnerability, attackers may gain full administrative
privileges on affected devices. This allows them to bypass the network security
features of the device, aiding them in further attacks. Arbitrary code execution
and denial of network services is also possible.

19. RunCMS Arbitrary Variable Overwrite Vulnerability
BugTraq ID: 14634
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14634
Summary:
RunCMS is prone to a vulnerability that permits the overwriting of arbitrary
variables.

RunCMS is prone to a vulnerability that permits the overwriting of arbitrary
variables.  

An attacker can exploit this vulnerability to overwrite arbitrary application
global variables.  The attacker supplies new values through use of the POST
method.

Successful exploitation of this vulnerability can have multiple ramifications
depending on the variables overwritten and the scope and permissions of the
vulnerable application.

20. PostNuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14635
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14635
Summary:
PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues
are due to a failure of the application to properly sanitize user-supplied
input.

This can lead to theft of cookie-based authentication credentials, as well as
other types of attacks.


21. PostNuke DL-viewdownload.PHP SQL Injection Vulnerability
BugTraq ID: 14636
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14636
Summary:
PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack
of sufficient sanitization of user-supplied input.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


22. Netquery Host Parameter Arbitrary Command Execution Vulnerability
BugTraq ID: 14637
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14637
Summary:
Netquery is affected a remote command execution vulnerability.

An attacker can supply arbitrary commands through the 'host' parameter of the
'nquser.php' script.  This can allow an attacker to execute commands in the
context of an affected server and potentially gain unauthorized access.

Netquery 3.11 is affected by this vulnerability.  It is possible that prior
versions are vulnerable as well.


23. Adobe Version Cue for Mac OS X Local Privilege Escalation Vulnerabilities
BugTraq ID: 14638
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14638
Summary:
Adobe Version Cue for Mac OS X is prone to two local privilege escalation
vulnerabilities.  This issue could allow a local attacker to load arbitrary
libraries or overwrite files.

The first issue (CAN-2005-1842) allows a local user to overwrite arbitrary files
in the context of the superuser through the VCNative application.  This
vulnerability permits privilege escalation as files may be overwritten with
custom data.

The second issue (CAN-2005-1843) allows a local user to load arbitrary libraries
in the context of the superuser through the VCNative application.  This will
permit privilege escalation.

Adobe Version Cue 1.0 and 1.0.1 are vulnerable to this issue.


24. SaveWebPortal Unauthorized Access Vulnerability
BugTraq ID: 14639
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14639
Summary:
SaveWebPortal is prone to an unauthorized access vulnerability. This issue is
due to a failure in the application to limit access to administrative scripts.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access and further attacks on the affected site.


25. SLocate Local Database Corruption Vulnerability
BugTraq ID: 14640
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14640
Summary:
slocate is susceptible to a local database corruption vulnerability. This issue
is due to a failure of the application to handle unexpected directory and
filename input.

This issue presents itself when the affected utility attempts to index specially
crafted directory structures. The utility fails to handle the directory
structure, and fails to complete the indexing process.

This vulnerability allows local attackers to cause the premature failure of the
index process, resulting in an incomplete database. If the database is used in
further security, backup, or other critical functions, incomplete data may
result in the failure of services dependent on it.

This issue is reported in version 2.7 of slocate, but other versions may also be
affected.

26. SaveWebPortal Multiple Remote File Include Vulnerabilities
BugTraq ID: 14641
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14641
Summary:
SaveWebPortal is prone to multiple remote file include vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to execute arbitrary server-side
script code on an affected computer with the privileges of the Web server
process. This may facilitate unauthorized access.

27. SaveWebPortal Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14642
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14642
Summary:
SaveWebPortal is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.


28. SaveWebPortal Multiple Directory Traversal Vulnerabilities
BugTraq ID: 14643
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14643
Summary:
SaveWebPortal is prone to multiple directory traversal vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

Exploitation of this vulnerability could lead to a loss of confidentiality and
integrity. Information obtained may aid in further attacks against the
underlying system; other attacks are also possible.  

An attacker can also execute arbitrary local PHP files through exploitation of
this vulnerability.  The impact of this will depend on the PHP files available.



29. Ventrilo Status Requests Denial Of Service Vulnerability
BugTraq ID: 14644
Remote: Yes
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14644
Summary:
Ventrilo is prone to a remote denial of service vulnerability.  This issue is
due to a failure in the application to handle execeptional conditions.

Successful exploitation will terminate the software denying service to
legitimate users.

30. ZipTorrent Proxy Server Password Disclosure Vulnerability
BugTraq ID: 14645
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14645
Summary:
ZipTorrent is affected by a vulnerability that may allow local attackers to
obtain the proxy server passwords of affected users.

This may lead to various attacks against affected users including the disclosure
of sensitive information.

ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be
affected as well.

31. Mercora IMRadio Plaintext Password Disclosure Weakness
BugTraq ID: 14646
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14646
Summary:
Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry
keys for the application are not encrypted or obfuscated in any way. 

A local attacker may monitor the keyboard, CRT and mouse activity of a local
administrator and retrieve the usernames and passwords for other users of the
affected application.It should be noted that normal user accounts do not have
the ability to read these registry keys. 

In the event that an attacker gains administrative privileges by some other
means, these usernames and passwords could be viewed and recorded to launch
further attacks on the affected computer.


32. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 14647
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14647
Summary:
HAURI Anti-Virus is affected by a remote buffer overflow vulnerability when
handling ACE archives.

An attacker can exploit this issue by crafting a malicious ACE archive
containing a specially crafted file name and sending this archive to a
vulnerable computer.

The attacker may exploit this vulnerability to gain unauthorized remote access
in the context of the superuser.

33. PADL Software PAM_LDAP Authentication Bypass Vulnerability
BugTraq ID: 14649
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14649
Summary:
PAM_LDAP is prone to an authentication bypass vulnerability when handling new
password policy control.  This could allow an unauthorized user to bypass
authentication.

This vulnerability was reported to affect PAM_LDAP builds 169 through 179.


34. SqWebMail File Attachment Script Injection Vulnerability
BugTraq ID: 14650
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14650
Summary:
SqWebMail is prone to a vulnerability with regards to an email containing file
attachments. 

Successful exploitation will lead to the execution of malicious script code in
the context of the victim's account. The attacker's malicious code will be able
to perform the same functions as the victim, for example, sending and viewing
email messages; other attacks may also be possible.


35. WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
BugTraq ID: 14651
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14651
Summary:
WebCalendar is prone to a remote file include vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

36. MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a failure
of the application to properly validate the length of user-supplied strings
prior to copying them into static process buffers.

The problem presents itself when the affected application attempts to process
audio streams that contain overly large values in their header.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application. This may facilitate
unauthorized access or privilege escalation.

37. Home Ftp Server Multiple Vulnerabilities
BugTraq ID: 14653
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14653
Summary:
Home Ftp Server is affected by multiple vulnerabilities.  These issues can allow
local attackers to disclose sensitive information and remote attackers to carry
out directory traversal attacks.

Home Ftp Server 1.0.7 b45 is reported to be vulnerable.  Other versions may be
affected as well.

38. PAFileDB Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14654
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14654
Summary:
paFileDB is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Exploitation of this issue may allow for compromise of the software, session
hijacking, or attacks against the underlying database. Other attacks are also
possible.


39. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
BugTraq ID: 14655
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14655
Summary:
LeapFTP client is prone to a remote buffer overflow vulnerability.

The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq)
file.

A remote attacker may gain unauthorized access in the context of the user
running the application.

LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.


40. QNX RTOS InputTrap Local Arbitrary File Disclosure Vulnerability
BugTraq ID: 14656
Remote: No
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14656
Summary:
QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This
issue is due to a failure of the 'inputtrap' utility to properly implement
access control restrictions.

This vulnerability allows local malicious users to gain access to the contents
of arbitrary files with superuser privileges, aiding them in further attacks.

QNX RTOS versions 6.1 and 6.3 are affected by this issue. Other versions are
also likely affected. This issue is similar to the one described in BID 4901.

41. Foojan PHPWeblog Html Injection Vulnerability
BugTraq ID: 14658
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14658
Summary:
Foojan PHPWeblog is prone to an HTML injection vulnerability. This is due to a
lack of proper sanitization of user-supplied input.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.


42. Tor Cryptographic Handshake Remote Information Disclosure Vulnerability
BugTraq ID: 14659
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14659
Summary:
Tor is susceptible to a remote information disclosure vulnerability. This issue
is due to a flaw in the implementation of the Diffie-Hellman key exchange
protocol.

Specifically, certain values used during the Diffie-Hellman key exchange
protocol are insecure, and when used, lead to the ability of attackers to access
the negotiated encryption keys.

This vulnerability allows attackers to gain access to the negotiated keys used
to encrypt the communications between Tor servers and clients. This allows
attackers to read or modify all the traffic that is sent from the targeted user
over the Tor network. The anonymity, confidentiality, and integrity guarantees
of the network are lost through the exploitation of this issue.

43. Apache CGI Byterange Request Denial of Service Vulnerability
BugTraq ID: 14660
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14660
Summary:
Apache is prone to a denial of service when handling large CGI byterange
requests.  

44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of
Service Vulnerability
BugTraq ID: 14661
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14661
Summary:
A local denial of service vulnerability affects the Linux kernel's ELF header
processing functionality on 64 bit x86 platforms.

A successful attack can allow a local attacker to trigger a denial of service
condition in the kernel.

This issue may be related to BID 11846 (Linux Kernel 64 Bit ELF Header Local
Denial Of Service Vulnerability).  Due to a lack of information, this cannot be
confirmed at the moment.  This BID will be retired if further analysis reveals
that the issues are identical.


45. HP OpenView Network Node Manager Multiple Remote Command Execution
Vulnerabilities
BugTraq ID: 14662
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14662
Summary:
HP OpenView Network Node Manager is prone to multiple remote arbitrary command
execution vulnerabilities.

These issue arises when the user-specified 'node' URI parameter of various
scripts is utilized as a part of a command to be executed with the 'system()'
function.

These issues may facilitate unauthorized remote access in the context of the Web
server to the affected computer.

These issues affects version 6.41 and 7.5 on the Solaris platform. Unknown
versions of the package on Microsoft Windows platforms is also affected. It is
likely that other versions and platforms are also affected.

46. HP-UX Veritas File System Unauthorized Data Access Vulnerability
BugTraq ID: 14663
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14663
Summary:
HP-UX is affected by a vulnerability that may allow local unauthorized users to
access potentially sensitive data.

This vulnerability presents itself in HP-UX systems running the Veritas File
System (VxFS).

A successful attack may disclose sensitive information and aid in other attacks
against a vulnerable computer.


47. Quake 2 Lithium II Mod Memory Corruption Vulnerability
BugTraq ID: 14664
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14664
Summary:
Quake 2 Lithium II Mod is affected by a memory corruption vulnerability.

A successful attack may allow the attacker to corrupt process memory and execute
arbitrary code resulting in unauthorized remote access.

It is conjectured that this issue may also facilitate format string attacks,
however, this has not been confirmed at the moment.

Lithium II version 1.24 is affected by this vulnerability.

48. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
BugTraq ID: 14665
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14665
Summary:
Astaro Security Linux is prone to a weakness that may allow remote attackers to
connect to arbitrary ports on a vulnerable computer.

This weakness may be combined with other attacks to exploit latent
vulnerabilities.  An attacker can bypass access controls implemented by the
application through this attack.

Astaro Security Linux 6.001 is prone to this weakness.


49. Simpleproxy Remote Syslog() Format String Vulnerability
BugTraq ID: 14666
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14666
Summary:
It is reported that simpleproxy contains a format string vulnerability. This
issue is due to a failure of the applications to properly sanitize user-supplied
input before using it as the format specifier in a formatted printing function.

Successful exploitation of this issue will allow an attacker to execute
arbitrary code on the affected computer with the privileges of the affected
package. This application may be run as the superuser in order to proxy
privileged TCP ports.

Versions of simpleproxy prior to 3.4 are reported susceptible to this
vulnerability.

50. Simple PHP Blog Remote Arbitrary File Upload Vulnerability
BugTraq ID: 14667
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14667
Summary:
Simple PHP Blog is prone to a remote arbitrary file upload vulnerability.

This issue may allow remote attackers to upload arbitrary files including
malicious scripts and possibly execute the script on the affected server.

Simple PHP Blog 0.4.0 is affected by this issue.  Other versions may be
vulnerable as well.

51. Gallery Script Injection Vulnerability
BugTraq ID: 14668
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14668
Summary:
Gallery is prone to a script injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input.

A malicious user may cause arbitrary script code to be executed in the Web
browser context of an unsuspecting victim. This may lead to the theft of
cookie-based authentication credentials in the context of the victim's browser
application.

Further attacks are also possible.


52. PHPgraphy Script Injection Vulnerability
BugTraq ID: 14669
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14669
Summary:
phpGraphy is prone to a script injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input.

A malicious user may cause arbitrary script code to be executed in the Web
browser context of an unsuspecting victim. This may lead to the theft of
cookie-based authentication credentials in the context of the victim's browser
application.

Further attacks are also possible.


53. YaPig Script Injection Vulnerability
BugTraq ID: 14670
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14670
Summary:
YaPig is prone to a script injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input.

A malicious user may cause arbitrary script code to be executed in the Web
browser context of an unsuspecting victim. This may lead to the theft of
cookie-based authentication credentials in the context of the victim's browser
application.

Further attacks are also possible.


54. PhotoPost Script Injection Vulnerability
BugTraq ID: 14671
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14671
Summary:
PhotoPost is prone to a script injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input.

A malicious user may cause arbitrary script code to be executed in the Web
browser context of an unsuspecting victim. This may lead to the theft of
cookie-based authentication credentials in the context of the victim's browser
application.

Further attacks are also possible.


55. Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
BugTraq ID: 14672
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14672
Summary:
Nokia Affix BTSRV is affected by a remote command execution vulnerability.

An attacker can supply arbitrary commands through a device name and have them
executed in the context of the service.  This can lead to a complete compromise.

56. NTPD Insecure Privileges Vulnerability
BugTraq ID: 14673
Remote: Yes
Date Published: 2005-08-27
Relevant URL: http://www.securityfocus.com/bid/14673
Summary:
ntpd is prone to an insecure privileges vulnerability.

The application may be started with the effective permissions of a privileged
user, and if the application is compromised by some other means, may allow an
attacker to conduct further exploits.
 

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Zotob suspects arrested in Turkey and Morocco
By: Robert Lemos
UPDATE: Law enforcement arrested two men--one living in Turkey and the other in
Morocco--in connection with the release of the recent Zotob worm.
http://www.securityfocus.com/news/11297

2. Storm brewing over SHA-1 as further breaks are found
By: Robert Lemos
Three Chinese researchers refine an attack on the encryption standard used to
digitally sign documents, leaving cryptographers to debate whether the Secure
Hash Algorithm needs to be mothballed more quickly.
http://www.securityfocus.com/news/11292

3. Plug-and-play bots worming and warring among Windows systems
By: Robert Lemos
A dozen different worms based on bot software have started attacking
already-compromised Windows 2000 systems with the aim of creating a lasting bot
net, security experts warn. Several companies, such as CNN and the New York
Times, have been infected because they failed to patch in time. 
http://www.securityfocus.com/news/11285

4. Worm spreading through Microsoft Plug-and-Play flaw
By: Robert Lemos
Dubbed Zotob, the worm infects computers using a flaw in the Windows operating
system's Plug-and-Play functionality, but security experts believe that the
attack won't be as significant as previous epidemics.
http://www.securityfocus.com/news/11281

5. Zotob arrests throws open trade in compromised PCs
By: John Leyden
One of two men arrested last week over the Zotob worm outbreak has been linked
to the creation of 20 other viruses.
http://www.securityfocus.com/news/11299

6. Brazil cuffs 85 in online bank hack dragnet
By: Lester Haines
Brazilian federal police last week cuffed 85 people across seven states
suspected of hacking online bank accounts and netting $33m, Reuters reports.
http://www.securityfocus.com/news/11298

7. Polyglot IM worm targets MSN
By: John Leyden
A new worm spreading over IM networks is the first to check system settings in
order to send a message in the appropriate language.
http://www.securityfocus.com/news/11295

8. The GIMP threatens PIN number security
By: Lester Haines
This must be a first: Linux image manipualtion programme the GIMP has been
fingered as a possible tool in uncovering people's PIN numbers as sent through
the post.
http://www.securityfocus.com/news/11296

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/409517

2. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/409516

3. [SJ-JOB] Security System Administrator, Seattle
http://www.securityfocus.com/archive/77/409470

4. [SJ-JOB] Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/409474

5. [SJ-JOB] Security Engineer, Bayarea
http://www.securityfocus.com/archive/77/409467

6. [SJ-JOB] Database Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/409471

7. [SJ-JOB] Information Assurance Engineer, Seattle
http://www.securityfocus.com/archive/77/409472

8. [SJ-JOB] Information Assurance Analyst, Seattle
http://www.securityfocus.com/archive/77/409465

9. [SJ-JOB] Sr. Security Engineer, New York
http://www.securityfocus.com/archive/77/409466

10. [SJ-JOB] Security Consultant, UK-wide
http://www.securityfocus.com/archive/77/409272

11. [SJ-JOB] Sr. Security Analyst, beijing
http://www.securityfocus.com/archive/77/409273

12. [SJ-JOB] Security Engineer, Berkshire
http://www.securityfocus.com/archive/77/409271

13. [SJ-JOB] Disaster Recovery Coordinator, Washington
http://www.securityfocus.com/archive/77/409270

14. [SJ-JOB] Sales Engineer, Washington
http://www.securityfocus.com/archive/77/409193

15. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/409194

16. [SJ-JOB] Information Assurance Analyst, Arlington
http://www.securityfocus.com/archive/77/409183

17. [SJ-JOB] Security Consultant, Munich or Frankfurt
http://www.securityfocus.com/archive/77/409185

18. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/409186

19. [SJ-JOB] Channel / Business Development, New York
http://www.securityfocus.com/archive/77/409188

20. [SJ-JOB] Channel / Business Development, Dallas/Austin
http://www.securityfocus.com/archive/77/409184

21. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
http://www.securityfocus.com/archive/77/409175

22. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
http://www.securityfocus.com/archive/77/409172

23. [SJ-JOB] Application Security Architect, Amsterdam
http://www.securityfocus.com/archive/77/409170

24. [SJ-JOB] Security Consultant, Zurich, Bern or Lausanne
http://www.securityfocus.com/archive/77/409169

25. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
http://www.securityfocus.com/archive/77/409176

26. [SJ-JOB] Management, Cincinnatti
http://www.securityfocus.com/archive/77/409091

27. [SJ-JOB] Sales Representative, TBA
http://www.securityfocus.com/archive/77/409061

28. [SJ-JOB] Security Architect, Sunnyvale
http://www.securityfocus.com/archive/77/409062

29. [SJ-JOB] Sales Representative, St. Louis or Kansas City, MO.
http://www.securityfocus.com/archive/77/409029

30. [SJ-JOB] Manager, Information Security, Wales
http://www.securityfocus.com/archive/77/409032

31. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/409028

32. [SJ-JOB] Sr. Security Analyst, Parsippany
http://www.securityfocus.com/archive/77/409027

33. [SJ-JOB] Sr. Security Analyst, central
http://www.securityfocus.com/archive/77/405941

34. [SJ-JOB] VP / Dir / Mgr engineering, Pune
http://www.securityfocus.com/archive/77/405939

35. [SJ-JOB] Quality Assurance, Cupertino
http://www.securityfocus.com/archive/77/405943

36. [SJ-JOB] Technical Marketing Engineer, Cupertino
http://www.securityfocus.com/archive/77/405946

37. [SJ-JOB] Security System Administrator, Appleton
http://www.securityfocus.com/archive/77/405947

V.   INCIDENTS LIST SUMMARY
---------------------------
1. strange icmp echo request
http://www.securityfocus.com/archive/75/409494

2. SSH compiled with backdoor
http://www.securityfocus.com/archive/75/409497

3. Looking for Analysts in the Calgary, Alberta Canada - UI design workshop
http://www.securityfocus.com/archive/75/409209

4. cuebot-d infection method
http://www.securityfocus.com/archive/75/409026

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Xcon2005 papers released
http://www.securityfocus.com/archive/82/409605

2. 22nd Chaos Communication Congress 2005: Call for Papers
http://www.securityfocus.com/archive/82/409443

3. Windows Multi-Languages OPcodes DB
http://www.securityfocus.com/archive/82/409444

4. rm fileutils Segmentation fault
http://www.securityfocus.com/archive/82/409442

5. osx bugs in realplayer, grapher, and garage band
http://www.securityfocus.com/archive/82/409441

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #253
http://www.securityfocus.com/archive/88/409064

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. POC /dev/input/event*  keylogger
http://www.securityfocus.com/archive/91/409017

2. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012

3. Xvfb Question
http://www.securityfocus.com/archive/91/409023

4. Linux hardening
http://www.securityfocus.com/archive/91/408758
[ terug ]