Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #314
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Exploiting Cisco with FX
       2. A changing landscape
       3. A new way to bypass Windows heap protections
II.   BUGTRAQ SUMMARY
       1. PHPMyAdmin Cookie.Auth.Lib.PHP HTML Injection Vulnerability
       2. PHPMyAdmin Error.PHP Cross-Site Scripting Vulnerability
       3. SqWebMail HTML Email IMG Tag Script Injection Vulnerability
       4. Land Down Under Signature HTML Injection Vulnerability
       5. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
       6. PHPWebNotes Api.PHP Remote File Include  Vulnerability
       7. Simple PHP Blog Comment_Delete_CGI.PHP Directory Traversal
Vulnerability
       8. MyBB Member.PHP SQL Injection Vulnerability
       9. Land Down Under Multiple SQL Injection Vulnerabilities
       10. AutoLinks Pro Al_initialize.PHP  Remote File Include Vulnerability
       11. PHP-Fusion BBCode URL Tag Script Injection Vulnerability
       12. Cosmoshop Multiple SQL Injection Vulnerabilities
       13. BFCommand & Control Server Manager Multiple Remote Vulnerabilities
       14. Hesk Admin.PHP Authentication Bypass Vulnerability
       15. UMN Gopher Client Remote Buffer Overflow Vulnerability
       16. PHPLDAPAdmin Unauthorized Access Vulnerability
       17. PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities
       18. Maildrop Lockmail Local Privilege Escalation Vulnerability
       19. BlueWhaleCRM AccountID SQL Injection Vulnerability
       20. FreeStyle Wiki Arbitrary Perl Command Execution Vulnerability
       21. e107 Forum_post.PHP Arbitrary Post Creation Vulnerability
       22. BNBT EasyTracker Remote Denial Of Service Vulnerability
       23. Novell Netware CIFS.NLM Denial of Service Vulnerability
       24. FlatNuke ID Parameter Directory Traversal Vulnerability
       25. Greymatter Gm.CGI HTML Injection Vulnerability
       26. FlatNuke USR Parameter Cross-Site Scripting Vulnerability
       27. Indiatimes Messenger Remote Buffer Overflow Vulnerability
       28. DameWare Mini Remote Control Server Pre-Authentication Username
Buffer Overflow Vulnerability
       29. Symantec LiveUpdate Client Local Information Disclosure Vulnerability
       30. CMS Made Simple Lang.PHP Remote File Include Vulnerability
       31. Barracuda Spam Firewall IMG.PL Remote Directory Traversal
Vulnerability
       32. Frox Arbitrary Configuration File Access Vulnerability
       33. Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability
       34. DownFile Multiple Cross-Site Scripting Vulnerabilities
       35. DownFile Administrator Unauthorized Access Vulnerability
       36. 3Com Network Supervisor Directory Traversal Vulnerability
       37. SILC Server Insecure Temporary File Creation Vulnerability
       38. Multiple Vendor Web Vulnerability Scanners HTML Injection
Vulnerability
       39. Novell NetMail Remote IMAP Heap Buffer Overflow Vulnerability
       40. Linux Kernel ZLib Local Null Pointer Dereference Denial of Service
Vulnerability
       41. Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
       42. PolyGen Local Denial of Service Vulnerability
       43. WhitSoft Development SlimFTPd Remote Denial of Service Vulnerability
       44. GBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
       45. OpenSSH DynamicForward Inadvertent GatewayPorts Activation
Vulnerability
       46. PBLang Bulletin Board System Multiple Remote Vulnerabilities
       47. OpenSSH GSSAPI Credential Disclosure Vulnerability
       48. FileZilla FTP Client Hard-Coded Cipher Key Vulnerability
       49. Squid Proxy SSLConnectTimeout Remote Denial Of Service Vulnerability
       50. Plain Black Software WebGUI Remote Perl Command Execution
Vulnerabilities
III.  SECURITYFOCUS NEWS
       1. Big debate over small packets
       2. Katrina's destruction attracts online fraudsters
       3. Hidden-code flaw in Windows renews worries over stealthly malware
       4. Zotob suspects arrested in Turkey and Morocco
       5. E-banking security provokes fear or indifference
       6. Trusted Computing standards won't apply to Vista - Schneier
       7. Hi-tech no panacea for ID theft woes
       8. HP warns over OpenView flaw
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] VP of Regional Sales, Washington
       2. [SJ-JOB] VP of Regional Sales, Washington
       3. [SJ-JOB] Security Consultant, Princeton
       4. [SJ-JOB] Account Manager, Mississauga
       5. [SJ-JOB] Security System Administrator, Islandia
       6. [SJ-JOB] Security Consultant, Tampa
       7. [SJ-JOB] Security Consultant, Tampa
       8. [SJ-JOB] Security Architect, Herndon
       9. [SJ-JOB] Application Security Architect, Any Location
       10. [SJ-JOB] Regional Channel Manager, Austin
       11. [SJ-JOB] Security System Administrator, Marlborough
       12. [SJ-JOB] Security System Administrator, Islandia
       13. [SJ-JOB] Security Consultant, Herndon
       14. [SJ-JOB] Security System Administrator, New York
       15. [SJ-JOB] Sales Engineer, Atlanta
       16. [SJ-JOB] Account Manager, Austin
       17. [SJ-JOB] Sales Engineer, NYC
       18. [SJ-JOB] Sales Engineer, San Francisco
       19. [SJ-JOB] Sales Engineer, National
       20. [SJ-JOB] Security Consultant, Middletown
       21. [SJ-JOB] Security Consultant, Chicago
       22. [SJ-JOB] Sales Engineer, Toronto
       23. [SJ-JOB] Sales Engineer, Minneapolis
       24. [SJ-JOB] Sales Engineer, Reston
       25. [SJ-JOB] Security Consultant, National
       26. [SJ-JOB] Account Manager, Chicago
       27. [SJ-JOB] Sales Engineer, Bay Area
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. Linux free software auditing
VII.  MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
       1. scanning for windows spywear with linux
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Exploiting Cisco with FX
By Federico Biancuzzi
This interview with FX discusses Cisco IOS exploitation, Michael Lynn's work,
and what FX believes can be done when hacking IOS.
http://www.securityfocus.com/columnists/351

2. A changing landscape
By Rohyt Belani
In 2004, I came across an empirical study published by the CERT/CC that
indicated a diminishing correlation between the number of vendor-issued
vulnerabilities and the number of reported security incidents.
http://www.securityfocus.com/columnists/352

3. A new way to bypass Windows heap protections
By Nicolas Falliere
Windows heap overflows have become increasingly popular over the last couple of
years.
http://www.securityfocus.com/infocus/1846


II.  BUGTRAQ SUMMARY
--------------------
1. PHPMyAdmin Cookie.Auth.Lib.PHP HTML Injection Vulnerability
BugTraq ID: 14674
Remote: Yes
Date Published: 2005-08-28
Relevant URL: http://www.securityfocus.com/bid/14674
Summary:
phpMyAdmin is prone to an HTML injection vulnerability.  

This issue may be exploited to steal cookie-based authentication credentials
from legitimate users of the software.  Other attacks are also possible as this
issue may let an attack inject arbitrary content into the site hosting the
software.

2. PHPMyAdmin Error.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14675
Remote: Yes
Date Published: 2005-08-28
Relevant URL: http://www.securityfocus.com/bid/14675
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability.  

This issue may be exploited to steal cookie-based authentication credentials
from legitimate users of the software.  Such an attack would require that the
victim follows a malicious link that includes hostile HTML and script code.

3. SqWebMail HTML Email IMG Tag Script Injection Vulnerability
BugTraq ID: 14676
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14676
Summary:
SqWebMail is affected by a vulnerability that may allow remote attackers to
inject and execute arbitrary script code in a user's browser. 

This may allow for various attacks including session hijacking due to the theft
of user credentials.

SqWebMail 5.0.4 is reportedly vulnerable to this issue.  It is possible that
other versions are affected as well.

4. Land Down Under Signature HTML Injection Vulnerability
BugTraq ID: 14677
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14677
Summary:
Land Down Under is prone to an HTML injection vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input before
using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

5. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
BugTraq ID: 14678
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14678
Summary:
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.

An attacker can merge an image file with a script file and upload it to an
affected server.

This issue can facilitate unauthorized remote access.

FUDforum versions prior to 2.7.1 are reported to be affected.  Currently
Symantec cannot confirm if version 2.7.1 is affected as well.

6. PHPWebNotes Api.PHP Remote File Include  Vulnerability
BugTraq ID: 14679
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14679
Summary:
phpWebNotes is prone to a remote file include vulnerability. 

hpWebNotes is susceptible to a remote file include vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary PHP code on an affected
computer with the privileges of the Web server process. This may facilitate
unauthorized access.

7. Simple PHP Blog Comment_Delete_CGI.PHP Directory Traversal Vulnerability
BugTraq ID: 14681
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14681
Summary:
Simple PHP Blog is prone to a directory traversal vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to delete arbitrary files on the affected
system in the context of the Web server process.



8. MyBB Member.PHP SQL Injection Vulnerability
BugTraq ID: 14684
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14684
Summary:
MyBB is prone to an SQL injection vulnerability. This issue is due to a failure
in the application to properly sanitize user-supplied input. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. 

9. Land Down Under Multiple SQL Injection Vulnerabilities
BugTraq ID: 14685
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14685
Summary:
Land Down Under is prone to multiple SQL injection vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

10. AutoLinks Pro Al_initialize.PHP  Remote File Include Vulnerability
BugTraq ID: 14686
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14686
Summary:
AutoLinks Pro is prone to a remote file include vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.


11. PHP-Fusion BBCode URL Tag Script Injection Vulnerability
BugTraq ID: 14688
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14688
Summary:
PHP-Fusion is prone to a script injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


12. Cosmoshop Multiple SQL Injection Vulnerabilities
BugTraq ID: 14689
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14689
Summary:
Cosmoshop is prone to multiple SQL injection vulnerabilities. These issues are
due to a lack of properly sanitized input to several CGI scipts.

An attacker may compromise this application by using SQL injection techniques to
bypass the admin login process. Successful exploitation results in gaining full
administrative access within the context of the affected application.


13. BFCommand & Control Server Manager Multiple Remote Vulnerabilities
BugTraq ID: 14690
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14690
Summary:
BFCC and BFVCC server managers are vulnerable to multiple remote
vulnerabilities.

The first two issues are login bypass vulnerabilities. These issues allow
remote, anonymous attackers to gain access to the affected server process.

The third issue is a design error whereby the server application implements
access controls, privileges, and other commands in the client-side of the
connection. This allows remote attackers to gain full administrative access to
the affected application.

The fourth issue is a remote denial of service vulnerability. This issue is due
to a failure of the application to properly handle multiple connections.

These vulnerabilities allow remote attackers to gain administrative access in
the affected server application, and to deny further access to the application.

14. Hesk Admin.PHP Authentication Bypass Vulnerability
BugTraq ID: 14692
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14692
Summary:
Hesk is prone to an authentication bypass vulnerability.

The application does not properly validate username and password pairs, and
subsequently allows administrative access without a password.

This can lead to unauthorized access of sensitive data, modification of helpdesk
data and program code, and other types of attacks.


15. UMN Gopher Client Remote Buffer Overflow Vulnerability
BugTraq ID: 14693
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14693
Summary:
Gopher is prone to a remote buffer overflow vulnerability.

The vulnerability presents itself when the client handles a malformed '+VIEWS:'
reply from a server.

A remote attacker may gain unauthorized access in the context of the user
running the application.

Gopher version 3.0.9 is reported to be affected by this vulnerability, however,
other versions may be vulnerable as well.

16. PHPLDAPAdmin Unauthorized Access Vulnerability
BugTraq ID: 14694
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14694
Summary:
phpldapadmin is prone to an unauthorized access vulnerability.  This issue is
due to a failure in the application to properly validate user credentials before
granting access to LDAP administrative functions.

An attacker can exploit this vulnerability to login to the server anonymously,
and utilize administrative functions to modify the LDAP database. 

17. PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities
BugTraq ID: 14695
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14695
Summary:
phpldapadmin is prone to multiple input validation vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

phpldapadmin is prone to a directory traversal vulnerability.  An attacker can
exploit this vulnerability to retrieve arbitrary files on the vulnerable system
in the security context of the Web server process.  Information obtained may aid
in further attacks against the underlying system; other attacks are also
possible.

phpldapadmin is prone to a remote file include vulnerability.  An attacker can
exploit this vulnerability to execute arbitrary PHP script code in the security
context of the Web server process.

phpldapadmin is also prone to a cross-site scripting vulnerability.  An attacker
may leverage this issue to have arbitrary script code executed in the browser of
an unsuspecting user. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.

18. Maildrop Lockmail Local Privilege Escalation Vulnerability
BugTraq ID: 14696
Remote: No
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14696
Summary:
Lockmail is affected by a local privilege escalation vulnerability.

A local attacker can execute arbitrary commands with group mail privileges.

Maildrop 1.5.3 is affected by this issue.  Other versions may be vulnerable as
well.

19. BlueWhaleCRM AccountID SQL Injection Vulnerability
BugTraq ID: 14697
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14697
Summary:
BlueWhaleCRM is prone to an SQL injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


20. FreeStyle Wiki Arbitrary Perl Command Execution Vulnerability
BugTraq ID: 14698
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14698
Summary:
FreeStyle Wiki is prone to an arbitrary command execution vulnerability.  This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker can exploit this vulnerability to execute arbitrary Perl commands in
the context of the affected application.

21. e107 Forum_post.PHP Arbitrary Post Creation Vulnerability
BugTraq ID: 14699
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14699
Summary:
e107 is prone to an input validation vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input.

Successful exploitation of this issue will permit an attacker to create
arbitrary forum message posts.

22. BNBT EasyTracker Remote Denial Of Service Vulnerability
BugTraq ID: 14700
Remote: Yes
Date Published: 2005-08-30
Relevant URL: http://www.securityfocus.com/bid/14700
Summary:
BNBT EasyTracker contains a denial of service vulnerability in its HTTP parser
code. This issue is due to a failure of the application to properly handle
malformed HTTP requests.

If an attacker sends a malformed HTTP request to the application, reports
indicate that the affected application will terminate unexpectedly.

A remote attacker is able to terminate the application, denying service to
legitimate users.

23. Novell Netware CIFS.NLM Denial of Service Vulnerability
BugTraq ID: 14701
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14701
Summary:
Netware CIFS.NLM is reportedly prone to a remote denial of service
vulnerability.

Reportedly, the W32.Randex.CCC worm can trigger this issue resulting in a denial
of service condition due to an ABEND.

NetWare 5.1, 6.0, 6.5 SP2 and 6.5 SP3 are vulnerable to this issue.

24. FlatNuke ID Parameter Directory Traversal Vulnerability
BugTraq ID: 14702
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14702
Summary:
FlatNuke is prone to a directory traversal vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An unauthorized user can retrieve arbitrary files by supplying directory
traversal strings '../' to the vulnerable parameter.
  
Exploitation of this vulnerability could lead to a loss of confidentiality.
Information obtained may aid in further attacks against the underlying system;
other attacks are also possible.

25. Greymatter Gm.CGI HTML Injection Vulnerability
BugTraq ID: 14703
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14703
Summary:
GreyMatter is prone to an HTML injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

26. FlatNuke USR Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 14704
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14704
Summary:
FlatNuke is prone to a cross-site scripting vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

27. Indiatimes Messenger Remote Buffer Overflow Vulnerability
BugTraq ID: 14705
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14705
Summary:
Indiatimes Messenger is reported prone to a remote buffer overflow
vulnerability.

A successful attack may trigger a crash in the client or lead to arbitrary code
execution.  The attacker may then gain unauthorized remote access in the context
of the user running the application.

Indiatimes Messenger 6.0 is affected by this issue.

28. DameWare Mini Remote Control Server Pre-Authentication Username Buffer
Overflow Vulnerability
BugTraq ID: 14707
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14707
Summary:
DameWare Mini Remote Control Server is affected by a remote buffer overflow
vulnerability. This issue presents itself because the application fails to
perform boundary checks prior to copying user-supplied data into sensitive
process buffers.

Remote attackers may execute arbitrary machine code in the context of the
affected server process, facilitating system compromise.

This issue is similar to the one described in BID 9213 (DameWare Mini Remote
Control Server Pre-Authentication Buffer Overflow Vulnerability). This issue may
be related, or possibly a regression in the affected application.

29. Symantec LiveUpdate Client Local Information Disclosure Vulnerability
BugTraq ID: 14708
Remote: No
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14708
Summary:
Symantec LiveUpdate Client is susceptible to a local information disclosure
vulnerability.

Sensitive information such as the server name, IP address, subnet, subnet mask,
connection protocol, username and password to access the LiveUpdate server are
logged in a plain text file.

A local attacker can subsequently access the file and disclose authentication
credentials to access the server.  This may lead to various attacks including
the potential compromise of the server.

30. CMS Made Simple Lang.PHP Remote File Include Vulnerability
BugTraq ID: 14709
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14709
Summary:
CMS Made Simple is prone to a remote file include vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary remote PHP code on an
affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

CMS Made Simple Version .10 and all prior versions are reported vulnerable.
 

31. Barracuda Spam Firewall IMG.PL Remote Directory Traversal Vulnerability
BugTraq ID: 14710
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14710
Summary:
Barracuda Spam Firewall is prone to a directory traversal vulnerability. This
issue affects the Web interface of the appliance.

Exploitation of this vulnerability could lead to a loss of confidentiality as
arbitrary files are disclosed to an attacker.  Information obtained through this
attack may aid in further attacks against the underlying system.

Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this
issue.

32. Frox Arbitrary Configuration File Access Vulnerability
BugTraq ID: 14711
Remote: No
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14711
Summary:
Frox is prone to a vulnerability that permits read access to arbitrary files.

Successful exploitation of this vulnerability will grant the attacker read
access to arbitrary files on the system in the security context of the Frox
process.  Information obtained may aid in further attacks against the underlying
system; other attacks are also possible.

It should be noted that this issue is only exploitable if Frox is installed with
setuid or setgid privileges.

33. Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability
BugTraq ID: 14712
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14712
Summary:
Barracuda Spam Firewall is prone to a remote arbitrary command execution
vulnerability.

This issue arises when user-specified commands are supplied to the Web interface
of the device.

An attacker can supply arbitrary commands and have them executed in the context
of the server.  This issue may facilitate unauthorized remote access.

Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this
issue. 

34. DownFile Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14713
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14713
Summary:
DownFile is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

35. DownFile Administrator Unauthorized Access Vulnerability
BugTraq ID: 14714
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14714
Summary:
DownFile is prone to an unauthorized access vulnerability.  This issue is due to
a failure in the application to perform proper authentication before granting
access to administrative functions.

An attacker can exploit this vulnerability to gain access to administrative
functions, this will result in an elevation of privileges.  

36. 3Com Network Supervisor Directory Traversal Vulnerability
BugTraq ID: 14715
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14715
Summary:
Network Supervisor is prone to a directory traversal vulnerability.

The application fails to properly sanitize input supplied through HTTP GET
requests.

Exploitation of this vulnerability could lead to a loss of confidentiality as
arbitrary files are disclosed to an attacker.  It should be noted that all files
on the affected drive can be disclosed by a successful attack.

37. SILC Server Insecure Temporary File Creation Vulnerability
BugTraq ID: 14716
Remote: No
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14716
Summary:
SILC Server creates temporary files in an insecure manner. The issue exists in
the 'silcd/silcd.c' file.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.

38. Multiple Vendor Web Vulnerability Scanners HTML Injection Vulnerability
BugTraq ID: 14717
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14717
Summary:
N-Stealth and Nikto, Web vulnerability scanners, are prone to an HTML injection
vulnerability.  This issue is due to a failure of the applications to properly
sanitize user-supplied input before using it in dynamically generated content.

An attacker could exploit this vulnerability to execute arbitrary HTML or script
code in the browser of an unsuspecting user.

39. Novell NetMail Remote IMAP Heap Buffer Overflow Vulnerability
BugTraq ID: 14718
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14718
Summary:
Novell NetMail is susceptible to a buffer overflow vulnerability in the IMAP
command continuation function in the IMAP agent. This issue is due to a lack of
proper boundary checks when copying user-supplied data to insufficiently-sized
memory buffers.

This vulnerability allows remote attackers to execute arbitrary machine code in
the context of the affected server process.

This issue was originally documented in BID 13926 (Novell NetMail Multiple
Remote Vulnerabilities).


40. Linux Kernel ZLib Local Null Pointer Dereference Denial of Service
Vulnerability
BugTraq ID: 14720
Remote: No
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14720
Summary:
The Linux kernel is prone to a denial of service vulnerability.  This issue is
due to a failure in the application to properly handle malformed compressed
files.

An attacker can exploit this vulnerability to cause a kernel crash, effectively
denying service to legitimate users.

41. Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
BugTraq ID: 14721
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14721
Summary:
Apache 2.x mod_ssl is prone to a restriction bypass vulnerability. This issue
presents itself when mod_ssl is configured to be used with the 'SSLVerifyClient'
directive.

This issue allows attackers to bypass security policies to gain access to
locations that are configured to be forbidden for clients without a valid client
certificate.

42. PolyGen Local Denial of Service Vulnerability
BugTraq ID: 14722
Remote: No
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14722
Summary:
PolyGen is prone to a local denial of service vulnerability.

A local attacker can potentially cause a denial of service condition due to
resource exhaustion.

PolyGen 1.0.6 is affected by this vulnerability.

43. WhitSoft Development SlimFTPd Remote Denial of Service Vulnerability
BugTraq ID: 14723
Remote: Yes
Date Published: 2005-09-02
Relevant URL: http://www.securityfocus.com/bid/14723
Summary:
SlimFTPd is prone to a remote denial of service vulnerability.  This issue is
due to a failure in the application to handle exceptional conditions.

The problem presents itself during login.  The application fails to handle
malicious input in a proper manner resulting in a crash of the server, thus
denying service to legitimate users.

44. GBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 14725
Remote: Yes
Date Published: 2005-09-02
Relevant URL: http://www.securityfocus.com/bid/14725
Summary:
gBook is prone to multiple unspecified cross-site scripting vulnerabilities. 
These issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

45. OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
BugTraq ID: 14727
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14727
Summary:
OpenSSH is susceptible to a vulnerability that causes improper activation of the
'GatewayPorts' option, allowing unintended hosts to utilize the SSH SOCKS proxy.

Specifically, if the 'DynamicForward' option is activated, 'GatewayPorts' is
also unconditionally enabled.

This vulnerability allows remote attackers to utilize the SOCKS proxy to make
arbitrary TCP connections through the configured SSH session, allowing them to
attack computers and services through a connection that was inappropriately
thought to be secure.

This issue affects OpenSSH 4.0, and 4.1.

46. PBLang Bulletin Board System Multiple Remote Vulnerabilities
BugTraq ID: 14728
Remote: Yes
Date Published: 2005-09-02
Relevant URL: http://www.securityfocus.com/bid/14728
Summary:
PBLang is reported prone to multiple remote vulnerabilities.

Two access validation errors can allow an attacker to gain access to restricted
content and delete arbitrary messages.

Another vulnerability allows an attacker to inject arbitrary script code into a
site and create an administrative account.

PBLang versions prior to 4.66z are affected by these issues.

47. OpenSSH GSSAPI Credential Disclosure Vulnerability
BugTraq ID: 14729
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14729
Summary:
OpenSSH is susceptible to a GSSAPI credential delegation vulnerability.

Specifically, if a user has GSSAPI authentication configured, and
'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials will be
forwarded to remote hosts. This occurs even when the user uses authentication
methods other than GSSAPI to connect, which is not what is usually expected.

This vulnerability allows remote attackers to improperly gain access to GSSAPI
credentials, allowing them to utilize the credentials to access resources
granted to the original principal.

This issue affects versions of OpenSSH prior to 4.2.

48. FileZilla FTP Client Hard-Coded Cipher Key Vulnerability
BugTraq ID: 14730
Remote: No
Date Published: 2005-09-02
Relevant URL: http://www.securityfocus.com/bid/14730
Summary:
FileZilla FTP client may allow local attackers to obtain user passwords and
access remote servers.

The application uses a hard-coded cipher key to decrypt the password, which is
stored in an XML file or the Windows Registry.

This can allow the attacker to gain access to an FTP server with the privileges
of the victim.

49. Squid Proxy SSLConnectTimeout Remote Denial Of Service Vulnerability
BugTraq ID: 14731
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14731
Summary:
A remote denial of service vulnerability affects the Squid Proxy. This issue is
due to a failure of the application to properly handle exceptional network
requests.

A remote attacker may leverage this issue to crash the affected Squid Proxy,
denying service to legitimate users.

50. Plain Black Software WebGUI Remote Perl Command Execution Vulnerabilities
BugTraq ID: 14732
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14732
Summary:
WebGUI may be exploited to execute arbitrary Perl commands. This issue presents
itself due to insufficient sanitization of user-supplied data.

Remote attackers may execute arbitrary Perl commands in the context of the Web
server hosting the vulnerable application. This can facilitate unauthorized
remote access.

Versions of WebGUI prior to 6.7.3 are vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Big debate over small packets
By: Robert Lemos
After a summer of debate over whether flaws in ICMP are a serious threat, an
Argentinian researcher continues to lobby the Internet's technical standards
body  to implement his proposal  to fix the issues.
http://www.securityfocus.com/news/11306

2. Katrina's destruction attracts online fraudsters
By: Robert Lemos
>>From questionable charity sites to malicious code with a hurricane hook,
people ready to take advantage of the natural disaster in New Orleans and the
Gulf of Mexico have pursued their schemes on the Internet.
http://www.securityfocus.com/news/11302

3. Hidden-code flaw in Windows renews worries over stealthly malware
By: Robert Lemos
A flaw in the way that several security programs and systems utilities detect
system changes can allow spyware to run surreptitiously, renewing worries about
stealthier attack code.
http://www.securityfocus.com/news/11300

4. Zotob suspects arrested in Turkey and Morocco
By: Robert Lemos
UPDATE: Law enforcement arrested two men--one living in Turkey and the other in
Morocco--in connection with the release of the recent Zotob worm.
http://www.securityfocus.com/news/11297

5. E-banking security provokes fear or indifference
By: John Leyden
A recent study by analyst Forrester Research has unearthed conflicting views
about the safety or otherwise of online banking. The survey of 11,300 UK net
users found that while many online banking consumers are complacent about
security, a large minority have given up online banking as a direct result of
security fears.
http://www.securityfocus.com/news/11305

6. Trusted Computing standards won't apply to Vista - Schneier
By: John Leyden
Microsoft is dragging its heels about applying guidelines it helped develop for
trusted computing to the next version of Windows, according to noted crypto guru
Bruce Schneier.
http://www.securityfocus.com/news/11303

7. Hi-tech no panacea for ID theft woes
By: John Leyden
Attempts to thwart identity theft and fraud through technology advances are
likely to prove counterproductive, a British academic warns.
http://www.securityfocus.com/news/11304

8. HP warns over OpenView flaw
By: John Leyden
Enterprise users are been urged to apply workarounds following the discovery of
a potentially troublesome vulnerability involving a component of HP's widely
used network management suite, HP OpenView.
http://www.securityfocus.com/news/11301

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] VP of Regional Sales, Washington
http://www.securityfocus.com/archive/77/409816

2. [SJ-JOB] VP of Regional Sales, Washington
http://www.securityfocus.com/archive/77/409792

3. [SJ-JOB] Security Consultant, Princeton
http://www.securityfocus.com/archive/77/409787

4. [SJ-JOB] Account Manager, Mississauga
http://www.securityfocus.com/archive/77/409768

5. [SJ-JOB] Security System Administrator, Islandia
http://www.securityfocus.com/archive/77/409810

6. [SJ-JOB] Security Consultant, Tampa
http://www.securityfocus.com/archive/77/409847

7. [SJ-JOB] Security Consultant, Tampa
http://www.securityfocus.com/archive/77/409892

8. [SJ-JOB] Security Architect, Herndon
http://www.securityfocus.com/archive/77/409845

9. [SJ-JOB] Application Security Architect, Any Location
http://www.securityfocus.com/archive/77/409846

10. [SJ-JOB] Regional Channel Manager, Austin
http://www.securityfocus.com/archive/77/409857

11. [SJ-JOB] Security System Administrator, Marlborough
http://www.securityfocus.com/archive/77/409740

12. [SJ-JOB] Security System Administrator, Islandia
http://www.securityfocus.com/archive/77/409750

13. [SJ-JOB] Security Consultant, Herndon
http://www.securityfocus.com/archive/77/409843

14. [SJ-JOB] Security System Administrator, New York
http://www.securityfocus.com/archive/77/409870

15. [SJ-JOB] Sales Engineer, Atlanta
http://www.securityfocus.com/archive/77/409840

16. [SJ-JOB] Account Manager, Austin
http://www.securityfocus.com/archive/77/409838

17. [SJ-JOB] Sales Engineer, NYC
http://www.securityfocus.com/archive/77/409869

18. [SJ-JOB] Sales Engineer, San Francisco
http://www.securityfocus.com/archive/77/409883

19. [SJ-JOB] Sales Engineer, National
http://www.securityfocus.com/archive/77/409836

20. [SJ-JOB] Security Consultant, Middletown
http://www.securityfocus.com/archive/77/409855

21. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/409841

22. [SJ-JOB] Sales Engineer, Toronto
http://www.securityfocus.com/archive/77/409860

23. [SJ-JOB] Sales Engineer, Minneapolis
http://www.securityfocus.com/archive/77/409864

24. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/409837

25. [SJ-JOB] Security Consultant, National
http://www.securityfocus.com/archive/77/409794

26. [SJ-JOB] Account Manager, Chicago
http://www.securityfocus.com/archive/77/409795

27. [SJ-JOB] Sales Engineer, Bay Area
http://www.securityfocus.com/archive/77/409793

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Linux free software auditing
http://www.securityfocus.com/archive/82/409755

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. scanning for windows spywear with linux
http://www.securityfocus.com/archive/91/409832
[ terug ]