Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FWD: SecurityFocus.com Newsletter #45
- From: Paul Howell
- Date: Mon Jun 12 13:51:57 2000
------- Forwarded Message
Date: Mon, 12 Jun 2000 10:35:39 -0700
Reply-To: Walter Ash <wash@SECURITYFOCUS.COM>
Sender: SF-NEWS Mailing List <SF-NEWS@SECURITYFOCUS.COM>
From: Walter Ash <wash@SECURITYFOCUS.COM>
Subject: SecurityFocus.com Newsletter #45
To: SF-NEWS@SECURITYFOCUS.COM
Premier sponsor: BASELINE Software, Inc.
INSTANT, DEFINITIVE, UP-TO-DATE POLICIES FROM BASELINE!
INFORMATION SECURITY POLICIES MADE EASY is a compilation of 1000+
already-written information security policies by internationally known
consultant Charles Cresson Wood. Save time and money developing policies for
information security manuals, systems standards, contingency plans,
outsourcing agreements.
For more information, go to www.baselinesoft.com.
SecurityFocus.com Newsletter #45
- --------------------------------
I. FRONT AND CENTER
1. Linux: Bastille Linux Walkthrough
2. IDS: Deploying ISS RealSecure in a Large Scale Environment (Part 2)
3. Microsoft: "Ten Steps to a Cleaner Webroot" for IIS
4. Sun: Solaris Default Processes and init.d part II
5. Info.sec.radio is on the air!
6. Request for Writers on Antivirus Related Subjects
II. BUGTRAQ SUMMARY
1. Microsoft SQL Server DTS Password Disclosure Vulnerability
2. TACACS+ Denial of Service Vulnerability
3. TACACS+ Protocol Flaws Vulnerabilities
4. Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
5. Multiple Vendor *BSD Denial of Service Vulnerability
6. NetWin DMail ETRN Buffer Overflow Vulnerability
7. Multiple Vendor xterm (and derivatives) Denial of Service Vulnerability
8. GNU wget 1.5.3 chmod symlink Vulnerability
9. PassWD 1.2 Weak Encryption Vulnerability
10. Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
11. HP-UX man /tmp symlink Vulnerability
12. Microsoft Windows NT 4.0 PDC/BDC Synchonization Reused Keystream Vulnerability
13. Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
14. BSD mailx 8.1.1-10 Buffer Overflow Vulnerability
15. XFree86 Xserver Buffer Overflow Vulnerability
16. Mirabilis ICQ 2000A Mailclient Temporary Link Vulnerability
17. IPFilter Firewall Race Condition Vulnerability
18. Microsoft IE SSL Certificates Vulnerability
19. Microsoft Windows NT 4.0 Machine Account Creation Vulnerability
20. Microsoft IE NavigateComplete2 Cross Frame Access Vulnerability
21. Checkpoint FW-1 Fragmented Packets DoS Vulnerability
22. Savant Web Server CGI Source Code Disclosure Vulnerability
23. Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
24. EType EServ Buffer Overflow Vulnerability
25. ISC innd 2.x Remote Buffer Overflow Vulnerability
26. HP Openview Network Node Manager Alarm Service Buffer Overrun Vulnerability
27. Computalynx CMail Web Interface Buffer Overflow Vulnerability
28. Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
29. Lilikoi Ceilidh 2.60 Multiple Vulnerabilities
30. BRU BRUEXECLOG Environmental Variable Vulnerability
31. Linux Capabilities Vulnerability
32. FreeBSD SSH Port Extra Network Port Listening Vulnerability
33. i-drive Filo 1.0.0.1 Buffer Overflow Vulnerability
34. apsfilter LPD User Execution Vulnerability
35. McAfee VirusScan 4.03 Alert File Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. Microsoft patches Outlook (June 8, 2000)
2. GTE hit with domain Hijack (June 6, 2000)
3. Mitnick Appeals Gag Order (June 4, 2000)
4. When Viruses Fail (June 4, 2000)
IV.SECURITY FOCUS TOP 6 TOOLS
1. Snort 1.6 Win32 (Windows 95/98 and Windows NT)
2. Zebedee 2.0.0 (UNIX, Windows 95/98 and Windows NT)
3. Dante 1.1.2 pre2 (Digital UNIX/Alpha, IRIX, Linux, OpenBSD, Solaris and SunOS)
4. Integrity Protection Driver (IPD) 1.0 (Windows 2000 and Windows NT)
5. Leapfrog for Win32 1.2 (Windows 2000, Windows 95/98 and Windows NT)
6. BUGS 3.0.0 (Linux, Solaris, UNIX, Windows 2000, Windows 95/98 and Windows NT)
V. SECURITYJOBS LIST SUMMARY
1. Computer Forensic Specialist (Thread)
2. iDefense (Thread)
3. Security Engineer (Thread)
4. Information Security Engineer (Thread)
5. job posting (Thread)
6. Security Manager, eSolutions (Thread)
7. Solid Senior Security Engineer/Consultant (Thread)
8. Senior System Security Specialist - CA - #636 (Thread)
9. CoSine Communications Inc. (Thread)
10. jop posting. (Thread)
VI. INCIDENTS LIST SUMMARY
1. AW: What is this guy doing? (Thread)
2. FW: Sub-7 (Thread)
3. update on scans of tcp 12345 AUSCERT#36349 (Thread)
4. What is this guy doing? (Thread)
5. Sub-7 (Thread)
6. How to read port scans (Thread)
7. Port 6347 (Thread)
8. Port-scans from visited web-sites? (Thread)
9. hacked @home with logs and info.. (Thread)
10. Protocol 54 (Thread)
11. Port 109 Scans (Thread)
12. very strange scan patterns (Thread)
13. port 65535 and protocol 171 !? (Thread)
14. Scan of the Week continued (Thread)
15. afs3 exploit?? (Thread)
16. Microsoft version.binding us now? (Thread)
17. Increase in activity from China (Thread)
18. TCP Scans to port 21656 (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. ADV: /con/con is yet exploitable on most fservs (Thread)
2. AV: /con/con is yet exploitable on most fservs (Thread)
3. krb5 1.1.1 (Thread)
4. 'shell://' thoughts (Thread)
5. 'shell://' with win98... error #10050 defined (Thread)
6. Warning! 'shell://' with win98 ... (Thread)
7. /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) (Thread)
8. Outlook/HTML "proggie" (Thread)
9. Mailx fix (Thread)
10. Warning! 'shell://' with win98 causes endless problems (Thread)
11. shell://' problem, "weird dll" (Thread)
12. JOLT2.C (Thread)
13. shell:// shell:\\ shell: (Thread)
14. Possible problem with NT Domains (Thread)
15. Win 2000 & IE 'shell://' problem? (Thread)
16. AW: Outlook/HTML "proggie" (Thread)
17. MSProxy Server 2 (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Security courses (Thread)
2. NT Admin Logon (Thread)
3. Certified Security Course (Thread)
4. win2k and user rights (Thread)
5. AW: win2k and user rights (Thread)
6. NT & Firewall (Thread)
7. Administrivia Re: Ethical/Theoretical Question (Thread)
8. Restrict anonymous (Thread)
9. Ethical/Theoretical Question (Thread)
10. MS LoopBack Adapter (Thread)
11. "Port mapper" for NT/2000. (Thread)
12. Forensic References needed Urgently (Thread)
13. NT domain renaming (Thread)
14. Restrict Anonymous Follow-Up (Thread)
15. Password Aging/Remote Access (Thread)
16. nt config.pol (Thread)
17. Network control panel disabled (Thread)
18. NtCongif.pol (Thread)
19. CIAC and FrontPage (Thread)
20. Default Access Control Settings in Windows 2000 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. setuid Q. (Thread)
2. solaris packages (Thread)
3. Re High TCP connect timeout rate (Thread)
4. High TCP connect timeout rate (Thread)
5. No secure copy on Solaris 8? (Thread)
6. Interesting Solaris Security Interview (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Linux isn't about security?! (Thread)
2. Interesting Interview on SecurityFocus.com (Thread)
XI. SPONSOR INFORMATION - BASELINE Software, Inc.
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. FRONT AND CENTER
- -------------------
Welcome to the SecurityFocus.com 'week in review' newsletter issue
1. New Article in the Linux Focus Area: Bastille Linux Walkthrough
You use a "hardening program" to try to make your system as secure as
possible, from the ground up. Generally, you deactivate unnecessary
services and better the configurations of the ones you leave enabled. This
is wildly effective, as it can eliminate many of the vulnerabilities that
are common on Linux/Unix platforms. This article presents a walkthrough of
Bastille Linux, a popular hardening program for Red Hat and Mandrake,
available for free from Jon Lasser, Pete Watkins, Jay Beale, and the rest
of the Bastille Linux project.
The article covers the just released 1.1 version of Bastille, and is
written by its head developer, Jay Beale.
http://www.securityfocus.com/frames/?focus=linux&content=/focus/linux/articles/linux-bastille.html
2. New Article in the Intrusion Detection Focus Area: Deploying ISS
RealSecure in a Large Scale Environment (Part 2)
This is the second half of the series on deploying ISS' RealSecure IDS
product. The previous article focused on some of the initial thoughts and
practices of actually getting your infrastructure out there. This article
will expand on that by helping you to manage your deployment, as well as
to provide our ideas on event response and executive level reporting. You
will find this half to be much more detailed in terms of actual practical
knowledge you can use today.
http://www.securityfocus.com/frames/?focus=ids&content=/focus/ids/articles/issrealp2.html
3. New Article in the Microsoft Focus Area: "Ten Steps to a Cleaner
Webroot" for IIS
This week in the Microsoft Focus Area, we present "Ten Steps to a Cleaner
Webroot" by Mark Burnett. This informative article describes a series of
simple steps to maintain control over the content of your IIS webroot,
thereby mitigating to some degree the potential impact of attackers using
unpublicised exploits against your installation.
http://www.securityfocus.com/frames/?focus=microsoft&content=/focus/microsoft/iis/webroot.html
4. New Article in the Sun Focus Area: Solaris Default Processes and init.d
Part II
This article is the second half of a series on Solaris init.d and default
processes. It has been written to provide insight into a stock
installation of Solaris 8, and the services started by default. Many
topics discussed will be familiar to seasoned administrators. However,
this document will benefit all parties involved in the administration and
security aspects of Solaris.
http://www.securityfocus.com/frames/?focus=sun&content=/focus/sun/articles/b4.html
5. Info.sec.radio is on the air!
Today's edition of Info.sec.radio features the final installment in our
three part series on Privacy with a look at future trends in Privacy. As
part of this series, Info.sec.radio has a feature interview with David
Banisar, co-author of the Electronic Privacy Papers and the man largely
responsible for leading the boycott against Intel over the Pentium ID Tag.
Info.sec.radio is a bi-monthly program dedicated to issues surrounding
computer and information security. Tune in live at 11:00am Mountain
Standard Time (10:00am Pacific, 1:00pm Mountain, 6:00pm Greenwich) at
http://www.securityfocus.com/media/30
Archives of past shows are now available including interviews with noted
security professional from around the world.
6. Request for Writers on Antivirus Related Subjects
SecurityFocus.com is expanding its article library to include papers on
antivirus-related topics.
Experienced contract and freelance writers, with samples of published
work, are invited to submit proposals for 1800-2200 word articles on a
range of AV subjects.
For further information, please contact:
Jeremy Paquette
SecurityFocus.com
jpaquette@securityfocus.com
(403) 213-3939
II. BUGTRAQ SUMMARY
- -------------------
1. Microsoft SQL Server DTS Password Disclosure Vulnerability
BugTraq ID: 1292
Remote: No
Date Published: 2000-05-30
Relevant URL:
http://www.securityfocus.com/bid/1292
Summary:
It is possible for a user to reveal the database passwords of other users
by viewing the properties of DTS packages they have created.
In the properties of a connection object within the data transformation
services, a dialog box will appear which displays the username and
asterisks in the password field. Although it is obfuscated, the password
is present. Various utilities exist to retrieve the password from the
field.
2. TACACS+ Denial of Service Vulnerability
BugTraq ID: 1293
Remote: Yes
Date Published: 2000-05-30
Relevant URL:
http://www.securityfocus.com/bid/1293
Summary:
A small buffer overrun exists in the free, unsupported implementation of
the tacacs+ server, distributed by Cisco. This vulnerability, while a
buffer overrun, appears to not be exploitable due to its short nature. A
related vulnerability exists, whereby an attacker can cause the tac_plus
server to malloc a large amount of memory, which can potentially result in
a denial of service to the machine as a whole.
While the analysis of the tacacs+ protocol posted to Bugtraq indicated
that clients, including IOS, were vulnerable to the above problems, Cisco
claims that IOS clients will reject the packets as invalid, and report an
error, without any further problems. Attacking the client requires the
ability to perform blind TCP sequencing, and as such is difficult to
conduct.
The first vulnerability, a buffer overflow, is due to the nature in which
the tac_plus server allocates memory for the incoming packet. It will read
only up to the length of the header in a primary read, allocate the amount
of memory indicated in the header, copy the header into the allocated
memory, and then read and copy the remaining buffer in. The buffer overrun
is caused by it failing to check for an integer overflow in the length
field of the header when added to the header length. This can result in an
11 byte overflow.
The second vulnerability is due to a lack of sanity checking on the
length field. An arbitrarily large number can be sent for the body length.
The server or client will malloc whatever the length presented is, and as
such may allocate an excessive amount of memory, resulting in the denial
of service previously mentioned.
3. TACACS+ Protocol Flaws Vulnerabilities
BugTraq ID: 1294
Remote: Yes
Date Published: 2000-05-30
Relevant URL:
http://www.securityfocus.com/bid/1294
Summary:
A number of vulnerabilities exist in the TACACS+ protocol. These are part
of the protocol, and as such do not affect only those products listed as
being vulnerable, but any implementation of TACACS+, both on the client
and on the server side.
1) Integrity Checking
TACACS+ does not use any form of integrity checking to ensure a TACACS+
packet has not been tampered with. Due to the nature of its encryption
mechanism, an attacker could potentially alter a packet by flipping bits.
One example cited is the possibility of an attacker flipping a single bit
to alter an accounting packet, changing the elapsed_time being reported
from 9000 to 1000.
2) Vulnerability to Replay
TACACS+ has no protection against replay attacks. So long as a packet has
the correct TACACS+ sequence number, it will be accepted. As TACACS+
sequence numbers start at 1, the server will always process packets with
the sequence number of 1. The description of this vulnerability noted
that this is most easily used against accounting packets, as they are
single packet transactions.
3) Session ID collision
The encryption mechanism for TACACS+ depends heavily on a unique
session_id for each session. If multiple sessions get the same session_id
and seq_no, it can become vulnerable to a frequency analysis attack. In
addition, if plaintext is known in one packet, it is trivial to decrypt
the corresponding portion of the other packet containing the same sequence
and session id. It is possible to get a TACACS+ server to encrypt a reply
packet using a chosen session_id. This makes it possible to compromise
the encryption of packets from the server to client.
4) Session ID randomness
Due to the length of the session_id, and an inability to prevent id
collision across reboots and multiple servers, session id's will
eventually be reused, which can result in the decryption of packets.
According to the Bugtraq post, this will occur every 100,000 sessions.
Due to the nature of TACACS+, this will happen in a fairly small amount of
time.
5) Lack of padding
A lack of padding of fields in the protocol can reveal the length of these
unpadded fields. This could result in revealing the length of a user
password.
6) MD5 context leak
A theoretical vulnerability exists whereby part of a packet may be
decrypted, due to the presence of certain bytes.
These attacks all require the attacker be present on the network where
these transaction are taking place; in some cases, the attack may need to
be on a machine or router seperating the client from the server. As such,
while very real vulnerabilities, using them in a real world situation may
be difficult.
4. Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
BugTraq ID: 1295
Remote: No
Date Published: 2000-06-01
Relevant URL:
http://www.securityfocus.com/bid/1295
Summary:
Windows 2000 Protected Store uses a default 40-bit encryption instead of
utilizing the stronger 56-bit DES encryption that it is shipped with, or
168-bit Triple DES (if Windows 2000 has been upgraded using the High
Encryption Pack). A remote or local user who posesses full administrative
rights can use decryption utilities against the weakly encrypted Protected
Store in order to obtain user private keys.
5. Multiple Vendor *BSD Denial of Service Vulnerability
BugTraq ID: 1296
Remote: No
Date Published: 2000-06-01
Relevant URL:
http://www.securityfocus.com/bid/1296
Summary:
A denial of service attack exists that affects FreeBSD, NetBSD and
OpenBSD. It is believed that all versions of these operating systems are
vulnerable. The vulnerability is related to setting socket options
regarding the size of the send and receive buffers on a socketpair. By
setting them to certain values, and performing a write the size of the
value the options have been set to, FreeBSD can be made to panic. NetBSD
and OpenBSD do not panic, but network applications will stop responding.
Details behind why this happens have not been made available.
6. NetWin DMail ETRN Buffer Overflow Vulnerability
BugTraq ID: 1297
Remote: Yes
Date Published: 2000-06-01
Relevant URL:
http://www.securityfocus.com/bid/1297
Summary:
NetWin's DMail is an alternative mail-server solution for unix and NT
servers. There is a buffer overflow vulnerability in the server daemon
that could allow remote attackers to execute arbitrary commands as root or
cause a denial of service. The overflow occurs when a large buffer is sent
to argument the ETRN command: If over 260 characters are sent, the stack
is corrupted and the mailserver will crash.
7. Multiple Vendor xterm (and derivatives) Denial of Service Vulnerability
BugTraq ID: 1298
Remote: Yes
Date Published: 2000-06-01
Relevant URL:
http://www.securityfocus.com/bid/1298
Summary:
xterm is a popular X11-based terminal emulator. If VT control-characters
are displayed in the xterm, they can be interpreted and used to cause a
denial of service attack against the client (and even the host running the
client). What makes it possible for remote users to exploit this
vulnerability is a situation like this:
An admin is tailing the http access log Attacker requests url with
control characters in it Admin's xterm crashes
This vulnerability also affects applications (such as other terminal
emulators) derived from xterm code.
8. GNU wget 1.5.3 chmod symlink Vulnerability
BugTraq ID: 1299
Remote: No
Date Published: 1999-02-02
Relevant URL:
http://www.securityfocus.com/bid/1299
Summary:
GNU Wget is a freely available network utility to retrieve files from the
World Wide Web, using HTTP (Hyper Text Transfer Protocol) and FTP (File
Transfer Protocol), the two most widely used Internet protocols. When
invoked with the -N option, it tries to chmod downloaded symlinks, but
actually permissions are changed at target files. There is the potential
to chmod target files to world-writable.
9. PassWD 1.2 Weak Encryption Vulnerability
BugTraq ID: 1300
Remote: Yes
Date Published: 2000-06-04
Relevant URL:
http://www.securityfocus.com/bid/1300
Summary:
PassWd 1.2 is a password management utility designed to store user login
information to various URLs. The login information, which includes
username, password and link location is stored in the pass.dat file which
resides in the PassWD directory. The information is encrypted with a weak
encoding algorithm and includes the key which can be used to decode any
stored password.
10. Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
BugTraq ID: 1301
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1301
Summary:
Transmitting SMB requests to either port 445 or 139 without acknowledging
the responses will cause Windows NT 4.0 to refuse any incoming network
connections and will disable any SMB-reliant services in Windows 2000
until 20 seconds after the connection desists. Outgoing network
connections in Windows 2000 are not affected by this vulnerability.
11. HP-UX man /tmp symlink Vulnerability
BugTraq ID: 1302
Remote: No
Date Published: 2000-06-02
Relevant URL:
http://www.securityfocus.com/bid/1302
Summary:
The programmers of the 'man' command on various HPUX releases have made
several fatal mistakes that allow an attacker to trivially set a trap that
could result in any arbitrary file being overwritten on the system when
root runs the 'man' command.
Details:
1) man creates temporary files with predictable filenames in
world-writeable directories. The two files are named catXXXX and manXXXX
where XXXX is the PID of the man process (highly predictable).
2) man blindly follows symlinks.
3) man explicitly opens the temp files with mode 666 and ignores the
existing umask. I verified that this doesn't change the mode of existing
files to 666, but it allows for attackers to edit the tempfiles and
potentially insert harmful man commands (like recent Bugtraq discussions
about malicious manpages).
4) man opens the tempfiles with O_TRUNC. This means that when a file is
symlinked to, that file is blindly truncated. This could lead to easy
denial-of-service if you want to trash the password file or a hard disk
device file. This could also have bad effects on sane man program
operation, regardless of security, if a user runs man and leaves it
running, then PIDs are wrapped around and someone of higher privilege runs
man and overwrites your tempfiles!
12. Microsoft Windows NT 4.0 PDC/BDC Synchonization Reused Keystream Vulnerability
BugTraq ID: 1303
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1303
Summary:
In a PDC/BDC synchronization, the entire SAM database is sent encrypted
between the Primary and Backup Domain Controllers. A unique RC4 cypher
stream is created for each PDC/BDC synchronization. The LM and NT hashes
are concatenated for each account and the same cypher stream is applied to
each such block of data.
In certain situations where a machine on the network has reset its Trust
Account Password, the NT hash will be transmitted normally and the LM hash
will be set to contain 16 bytes of zeroes (for the Trust Account only). As
any value XORed with all zeroes returns the original value, the second
half of the cypher stream is sent over the wire in plaintext in the LM
hash field of the Trust Account portion of the synchronization. If an
attacker can sniff the data on that segment, it is then possible to
decrypt any LM hash from the SAM database using this second half of the
keystream.
13. Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
BugTraq ID: 1304
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1304
Summary:
Windows NT 4.0 and 2000 hosts will crash if they receive a DCE/RPC request
encapusulated in a SMB write request with an incorrect data length field.
14. BSD mailx 8.1.1-10 Buffer Overflow Vulnerability
BugTraq ID: 1305
Remote: No
Date Published: 2000-06-02
Relevant URL:
http://www.securityfocus.com/bid/1305
Summary:
Some Linux distributions ship with BSD mailx 8.1.1-10 (On Slackware 7.x it
can be found as /usr/bin/Mail). It is susceptible to a buffer overflow
which could be used to gain gid=mail. See exploits.
15. XFree86 Xserver Buffer Overflow Vulnerability
BugTraq ID: 1306
Remote: No
Date Published: 2000-04-16
Relevant URL:
http://www.securityfocus.com/bid/1306
Summary:
Running X Server with the -xkbmap parameter and over 2100 characters (or
shellcode) will give an overflow with root privileges in the main
(Xserver) process.
16. Mirabilis ICQ 2000A Mailclient Temporary Link Vulnerability
BugTraq ID: 1307
Remote: No
Date Published: 2000-06-06
Relevant URL:
http://www.securityfocus.com/bid/1307
Summary:
While using ICQmailclient, the user creates a temporary internet link
created in a default temporary directory, which remains even after the
user signs out or closes ICQ. This link may be re-opened by another user,
thus giving them full access to the ICQmail webaccount.
17. IPFilter Firewall Race Condition Vulnerability
BugTraq ID: 1308
Remote: Yes
Date Published: 2000-05-26
Relevant URL:
http://www.securityfocus.com/bid/1308
Summary:
If IPFilter rulesets are constructed such that "return-rst" and "keep
state" overlap, e.g.:
block return-rst in proto tcp from A to V
pass out proto tcp from V' to A' keep state
where A, A', V and V' are hostmasks that can include "any", and the
attacker matches against A and A' and the victim matches against V and V',
the attacker may exploit a race condition in the state table generation
code that results from fr_addstate()'s fault of creating a new state entry
for the outgoing RST packet generated by the "return-rst" rule. If a new
SYN packet comes in before the state entry created by the RST expires, the
state entry will allow the SYN packet to pass through the firewall, and
the explicit permissiveness of a "pass out all keep state" or similar
rules then allows the SYN-ACK and all successive ACK's to create new state
entries. The attacker merely needs to ignore the RST's that are being sent
to him and continue to attack the victim.
18. Microsoft IE SSL Certificates Vulnerability
BugTraq ID: 1309
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1309
Summary:
It is possible for a malicious website to establish an SSL connection to
an Internet Explorer client with a forged certificate representing itself
to be from a trusted site. Due to a flaw in the implementation of SSL
certificate checks within Internet Explorer, not all contents of the
certificate are verified when the connection is established from within an
IFRAME. Once an SSL connection has been successfully established with a
server, new SSL sessions with that server within the same browsing session
are established without any certificate verification .
19. Microsoft Windows NT 4.0 Machine Account Creation Vulnerability
BugTraq ID: 1310
Remote: No
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1310
Summary:
When a NT administrator adds a computer account to a domain, the machine
name is transmitted in plaintext along with the encrypted password. The
default password for new machines added remotely is the machine name
itself. With this information, one can obtain the User Session Key which
can then be used to decrypt data sent by the administrator using either
USRMGR.EXE or SRVMGR.EXE, including any passwords changed by the
administrator.
With LanManager Version 1, the User Session Key is based on the NT hash of
the password. Therefore, a compromised User Session Key will be valid
until the administrative user changes their password.
In NT LanManager Version 2, the User Session Key is based on random data
and is recreated with every connection. Therefore, the User Session Key
is only valid against data sent during the same session.
20. Microsoft IE NavigateComplete2 Cross Frame Access Vulnerability
BugTraq ID: 1311
Remote: Yes
Date Published: 2000-06-06
Relevant URL:
http://www.securityfocus.com/bid/1311
Summary:
The NavigateComplete2 function in IE does not properly validate origin
domains.
Therefore it is possible for a remote webserver to gain read access to
local files on the machine of any website visitor or email recipient by
accessing the browser object of a frame containing local content. The
path and name of the file must be known by the attacker.
21. Checkpoint FW-1 Fragmented Packets DoS Vulnerability
BugTraq ID: 1312
Remote: Yes
Date Published: 2000-06-06
Relevant URL:
http://www.securityfocus.com/bid/1312
Summary:
By sending illegally fragmented packets directly to or routed through
Check Point FireWall-1, it is possible to force the firewall to use 100%
of available processor time logging these packets. The FireWall-1 rulebase
cannot prevent this attack and it is not logged in the firewall logs.
22. Savant Web Server CGI Source Code Disclosure Vulnerability
BugTraq ID: 1313
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1313
Summary:
Omitting the HTTP version from a "GET" request for a CGI script to the
Savant Web Server discloses the source code of the script.
23. Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
BugTraq ID: 1314
Remote: Yes
Date Published: 2000-06-07
Relevant URL:
http://www.securityfocus.com/bid/1314
Summary:
Due to a faulty mechanism in the password parsing implementation in
authentication requests, it is possible to launch a denial of service
attack against Allaire ColdFusion 4.5.1 or previous by inputting a string
of over 40 000 characters to the password field in the Administrator login
page. CPU utilization could reach up to 100%, bringing the program to
halt. The default form for the login page would prevent such an attack.
However, a malicious user could download the form locally to their hard
drive, modify HTML tag fields, and be able to submit the 40 000 character
string to the ColdFusion Server.
Restarting the application would be required in order to regain normal
functionality.
24. EType EServ Buffer Overflow Vulnerability
BugTraq ID: 1315
Remote: Yes
Date Published: 2000-06-06
Relevant URL:
http://www.securityfocus.com/bid/1315
Summary:
The logging mechanism in EType EServ mail server is vulnerable to a buffer
overflow that could allow remote attackers to execute arbitrary code on
the server. The overflow occurs when an unusually long query string is
sent to the server.
25. ISC innd 2.x Remote Buffer Overflow Vulnerability
BugTraq ID: 1316
Remote: Yes
Date Published: 2000-06-06
Relevant URL:
http://www.securityfocus.com/bid/1316
Summary:
innd 2.2.2 contains a remotely exploitable buffer overflow in code reached
when a cancel request is sent to the "control" newsgroup, under the
following condition: the cancel request contains a valid Message-ID but
the From/Sender fields differ between the cancel request and the post
referenced by the Message-ID. This attack only works against machines
running INN with "verifycancels = true"
26. HP Openview Network Node Manager Alarm Service Buffer Overrun Vulnerability
BugTraq ID: 1317
Remote: Yes
Date Published: 2000-06-06
Relevant URL:
http://www.securityfocus.com/bid/1317
Summary:
Quoted from Delphis Security Advisory DST2K0012:
By using the Alarm service which is shipped and installed by default with
HP openview network node manager it is possible to cause a Buffer overrun
in OVALARMSRV overwriting the EIP allowing the execution of arbitry code.
This is done be connecting to post 2345 which the port resides on by
default and sending a large string. The string has to be a length of 4064
+ EIP (4 bytes) making a total of 4068 bytes.
27. Computalynx CMail Web Interface Buffer Overflow Vulnerability
BugTraq ID: 1318
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1318
Summary:
The Web Interface of ComputaLynx CMail 2.4.7 (and possibly earlier
versions) resides on port 8002 by default and is vulnerable to a buffer
overflow attack which could allow for the execution of arbitrary code.
Connecting to the port the service resides on and sending a GET request of
428 bytes + EIP (4 bytes) will overwrite the EIP.
28. Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
BugTraq ID: 1319
Remote: Yes
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1319
Summary:
ComputaLynx CMail's Web Interface, which resides on port 8002 by default,
is vulnerable to a temporary CPU utilization DoS (which could
theoretically be rendered more serious with repeated attacks). After
connecting to the service, it is possible to enter a long username (around
200k) which will cause CPU use to jump to about 95%. The process releases
the CPU after an uncertain amount of time.
29. Lilikoi Ceilidh 2.60 Multiple Vulnerabilities
BugTraq ID: 1320
Remote: Yes
Date Published: 2000-06-08
Relevant URL:
http://www.securityfocus.com/bid/1320
Summary:
Lilikoi Ceilidh is a threaded bulletin board and email application that is
vulnerable to two security hazards:
Path Disclosure Vulnerability - A hidden form field called
'translated_path' is embedded in HTML code generated by Ceilidh and
reveals the full path location of the Ceilidh directory underneath the web
root (eg. http://target/cgi-bin/ceilidh.exe/ceilidh/?N4).
Denial of Service Vulnerability - Transmitting a specially formed POST
statement to Ceilidh will spawn multiple copies of ceilidh.exe and utilize
1% of CPU and 700 KB of memory. Performing this action repeatedly can
result in a denial of service attack. Stopping and restarting the World
Wide Web Publishing Service is required in order to regain normal
functionality.
30. BRU BRUEXECLOG Environmental Variable Vulnerability
BugTraq ID: 1321
Remote: No
Date Published: 2000-06-05
Relevant URL:
http://www.securityfocus.com/bid/1321
Summary:
A vulnerability exists in BRU, the Backup and Restore Utility, from
Enhanced Software Technologies. By setting the value of the BRUEXECLOG
environment variable, it is possible to an attack to alter and create
files on the filesystem. As BRU is installed setuid, these files are
owned by root. This vulnerability can be easily used by local users to
obtain root privileges.
31. Linux Capabilities Vulnerability
BugTraq ID: 1322
Remote: No
Date Published: 2000-06-07
Relevant URL:
http://www.securityfocus.com/bid/1322
Summary:
POSIX "Capabilities" have recently been implemented in the Linux kernel.
These "Capabilities" are an additional form of privilege control to enable
more specific control over what priviliged processes can do. Capabilities
are implemented as three (fairly large) bitfields, which each bit
representing a specific action a privileged process can perform. By
setting specific bits, the actions of priviliged processes can be
controlled -- access can be granted for various functions only to the
specific parts of a program that require them. It is a security measure.
The problem is that capabilities are copied with fork() execs, meaning
that if capabilities are modified by a parent process, they can be carried
over. The way that this can be exploited is by setting all of the
capabilities to zero (meaning, all of the bits are off) in each of the
three bitfields and then executing a setuid program that attempts to drop
priviliges before executing code that could be dangerous if run as root,
such as what sendmail does. When sendmail attempts to drop priviliges
using setuid(getuid()), it fails not having the capabilities required to
do so in its bitfields and with no checks on its return value . It
continues executing with superuser priviliges, and can run a users
.forward file as root leading to a complete compromise.
32. FreeBSD SSH Port Extra Network Port Listening Vulnerability
BugTraq ID: 1323
Remote: Yes
Date Published: 2000-06-07
Relevant URL:
http://www.securityfocus.com/bid/1323
Summary:
A vulnerability exists in the FreeBSD 'ports' version of SSH. A patch was
added to allow sshd to listen on multiple ports. At the same time, the
configuration file was inadvertently altered to make sshd listen on both
port 22, which is normal, and port 722. This could affect users who are
firewalling off services, and do not realize sshd is running on port 722.
This does not represent a vulnerability in sshd. It is a misconfiguration
only. In addition, this vulnerability is unlikely to have any real impact
in normal scenarios, as the sshd listening to port 722 behaves as normal;
authentication is still required.
33. i-drive Filo 1.0.0.1 Buffer Overflow Vulnerability
BugTraq ID: 1324
Remote: Yes
Date Published: 2000-06-07
Relevant URL:
http://www.securityfocus.com/bid/1324
Summary:
i-drive is a provider of web-based storage space where users can store
downloaded files from the internet. Filo is the application used to
download files to the i-drive account and a component of it is a proxy
server. This proxy server is susceptible to a buffer overflow attack.
A malicious user may transmit an unusually long HTTP GET request to the
proxy server which would overrun a heap buffer thus allowing for arbitrary
code to be executed.
34. apsfilter LPD User Execution Vulnerability
BugTraq ID: 1325
Remote: No
Date Published: 2000-06-07
Relevant URL:
http://www.securityfocus.com/bid/1325
Summary:
A vulnerability exists in some versions of the apsfilter program.
Apsfilter is a program designed to allow easy printing of a wide variety
of different file formats, without needing to convert file types. Versions
of apsfilter prior to version 5.4.1 contained a vulnerability that would
allow local users to execute commands with the privilege of the user the
LP daemon runs as. On many systems, this is root.
Apsfilter runs on a wide variety of Unix systems. This vulnerability was
discovered in the FreeBSD ports version of apsfilter. It is not installed
by default on FreeBSD.
35. McAfee VirusScan 4.03 Alert File Vulnerability
BugTraq ID: 1326
Remote: No
Date Published: 2000-06-08
Relevant URL:
http://www.securityfocus.com/bid/1326
Summary:
The alerting mechanism in McAfee VirusScan 4.0.3 is accessible by any
local user on the network. A local user is capable of sending an
unlimited number of alerts to the Central Alert server.
Windows 9x clients send alerts in the form of text files which contain
information such as username, computer name, virus name and so forth.
This text file could be manipulated by a malicious user to contain
arbitrary information. The alerts are stored on the Central Alert server
in a directory to which all users have write, read, and delete permissions
granted by default.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------
1. Microsoft patches Outlook (June 8, 2000)
Redmond issues an anti-virus patch that could have hobbled LoveLetter.
Experts say, better late then never.
http://www.securityfocus.com/news/46
2. GTE hit with domain Hijack (June 6, 2000)
Law enforcement is brought in after GTE.net goes to Germany.
http://www.securityfocus.com/news/45
3. Mitnick Appeals Gag Order (June 4, 2000)
Hacker Kevin Mitnick asks the judge who sentenced him to let him back on
the computer security lecture circuit.
http://www.securityfocus.com/news/44
4. When Viruses Fail (June 4, 2000)
The tragedy of viruses that don't quite measure up.
http://www.securityfocus.com/commentary/43
IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. Snort 1.6 Win32 (Windows 95/98 and Windows NT)
by Michael Davis, Mike@eEye.com
URL:
http://www.securityfocus.com/data/tools/snort-1.6-win32-source.zip
Snort is a lightweight network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
and much more. Snort uses a flexible rules language to describe traffic
that it should collect or pass, as well as a detection engine that
utilizes a modular plugin architecture. Snort has a real-time alerting
capability as well, incorporating alerting mechanisms for syslog, a user
specified file, a UNIX socket, or WinPopup messages to Windows clients
using Samba's smbclient.
2. Zebedee 2.0.0 (UNIX, Windows 95/98 and Windows NT)
by Neil Winton, zebedee@winton.org.uk
URL:
http://www.securityfocus.com/data/tools/zebedee-2.0.0.tar.gz
Zebedee is a simple program to establish an encrypted and compressed
TCP/IP tunnel between two systems. This allows TCP-based traffic such as
telnet, FTP and X to be protected from snooping as well as potentially
gaining performance over slow networks from compression. The main goals
for Zebedee are to provide full client and server functionality under both
UNIX and Windows 95/98/NT, to be easy to install, use and maintain with
little or no configuration required, to have a small footprint, low wire
protocol overhead and give significant traffic reduction by the use of
compression and to use only algorithms that are either unpatented or for
which the patent has expired. Changes: UDP support, better performance
when making several short-lived tunnels, better security through
generation of new session keys for all connections, and removal of the
dependency on GMP for better portability.
3. Dante 1.1.2 pre2 (Digital UNIX/Alpha, IRIX, Linux, OpenBSD, Solaris and SunOS)
by Inferno Nettverk A/S, info@inet.no
URL:
http://www.securityfocus.com/data/tools/dante-1.1.2-pre2.tar.gz
Dante is a free implementation of the proxy protocols socks version 4,
socks version 5 (rfc1928) and msproxy. Dante is also a circuit-level
firewall/proxy that can be used to provide convenient and secure network
connectivity to a wide range of hosts while requiring only the server
Dante runs on to have external network connectivity.
Once installed, Dante can in most cases be made transparent to the clients
while offering detailed access control and logging facilities to the
server administrator.
4. Integrity Protection Driver (IPD) 1.0 (Windows 2000 and Windows NT)
by Pedestal Software, webmaster@pedestalsoftware.com
URL:
http://www.securityfocus.com/data/tools/ipd.zip
A device driver for Windows NT and Windows 2000 that helps to protect
systems from rootkits and other trojan horse utilities that use kernel
drivers to hide files and alter the normal behavior of the system.
5. Leapfrog for Win32 1.2 (Windows 2000, Windows 95/98 and Windows NT)
by COTSE, webs@cotse.com
URL:
http://www.securityfocus.com/data/tools/utils/network/leap_frog_win_release_2.zip
Leapfrog will anonymize and redirect (bounce) any port. It can be used to
work around firewall configuration and other issues requiring a port
redirect.
Leapfrog can be chained, reconfigured on the fly, and customized to change
ports/machine redirects without the need to log into the box. It can be
configured (with little work) to remove all traces of itself from disk
after being loaded, or it can be configured to log everything (default).
It supports colors and some basic admin tools. It is very fast.
Version 1.2 Adds a config file for setting the port that LeapFrog will
bind and listen on. Version 1.2 also adds the ability to (by a config
variable) make leapfrog a detached process (run in the background under
95/98/nt/2000). Version 1.2 has added some new logging facility
6. BUGS 3.0.0 (Linux, Solaris, UNIX, Windows 2000, Windows 95/98 and Windows NT)
by Sylvain Martinez, martinez@encryptsolutions.com
URL:
http://www.securityfocus.com/data/tools/bugs-3.0.0.tgz
This is the new version of BUGS. It provides a new dynamic cryptography
algorithm, 5 different levels of encryption, strong private key algorithm,
stream and block encryption, open source, free for personal usage. The
package contains different applications: file encryption, secure chat,
login application. This version is much stronger than the old one, if you
are already using BUGS you MUST upgrade to BUGS v3.0.0 .
V. SECURITY JOBS SUMMARY
- ------------------------
1. Computer Forensic Specialist (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3ds93e1d31.006@mail.iewa.com
2. iDefense (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3dE3A5BCF79162D211A4190008C7A49E0D89A506@idsrv10.ipartnership.com
3. Security Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3d20000606135038.12391.qmail@securityfocus.com
4. Information Security Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3d20000606134229.4627.qmail@securityfocus.com
5. job posting (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3d20000606133148.4614.qmail@securityfocus.com
6. Security Manager, eSolutions (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3d006101bfcfdc$475a05a0$2413a8c0@station-06.eclectic-usa.com
7. Solid Senior Security Engineer/Consultant (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3d20000605212902.6945.qmail@securityfocus.com
8. Senior System Security Specialist - CA - #636 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3d20000605193205.2740.qmail@securityfocus.com
9. CoSine Communications Inc. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3dEDB1679FDCE4D31196840090279A2911B32AC5@exchsrv1.cosinecom.com
10. jop posting. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-06-09%26thread%3dB2477B01DB2DD411A2CD0008C791FB3A260A1B@hslnt94jax.homeside.com
VI. INCIDENTS LIST SUMMARY
- --------------------------
1. AW: What is this guy doing? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dNDBBKGCODKEIDLPAMIPECEGECPAA.security@perotech.ch
2. FW: Sub-7 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dACEEKDDBPJBLHIBHBDNFIEEPCFAA.abel@able-towers.com
3. update on scans of tcp 12345 AUSCERT#36349 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d00060812302501.11608@hermetix.trans4media.com
4. What is this guy doing? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d393F6333.40910DE6@esolutioncenter.net
5. Sub-7 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dslrn8jutos.pkg.James@linux.home
6. How to read port scans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d852568F8.005C5A0D.00@smtpvw.campbellsoup.com
7. Port 6347 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d31933968789DD111BEAB0080C81D384C31A5DE@CT_NT
8. Port-scans from visited web-sites? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d393FBF5C.59BA5BF8@silicondefense.com
9. hacked @home with logs and info.. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d20000607181017.25684.qmail@securityfocus.com
10. Protocol 54 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d20000607133035.7822.qmail@securityfocus.com
11. Port 109 Scans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d20000607083359.21831.qmail@securityfocus.com
12. very strange scan patterns (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dPine.GSO.4.05.10006070959420.9392-100000@ejovi.net
13. port 65535 and protocol 171 !? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d393BC4A2.1C147A01@gmx.net
14. Scan of the Week continued (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dPine.LNX.4.10.10006031141590.23267-100000@otto.spitzner.net
15. afs3 exploit?? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dPine.LNX.4.10.10006021815090.31248-100000@www.sc.esf.edu.hk
16. Microsoft version.binding us now? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3d20000603010843.26919.qmail@securityfocus.com
17. Increase in activity from China (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dSIMEON.10006020932.E1007@bluebottle.itss
18. TCP Scans to port 21656 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-06-09%26thread%3dPine.LNX.4.10.10006021521490.1717-100000@rfasuc159.rfa.org
VII. VULN-DEV RESEARCH LIST SUMMARY
- ----------------------------------
1. ADV: /con/con is yet exploitable on most fservs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d393F4B54.28D48D8A@one.net.au
2. AV: /con/con is yet exploitable on most fservs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d393F8023.C3487E97@ebeon.com
3. krb5 1.1.1 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d200006071900.EAA13558@ogyo.pointer-software.com
4. 'shell://' thoughts (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3dv04210101b5654b919a9f@[198.108.163.185]
5. 'shell://' with win98... error #10050 defined (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d20000607090253.A16305@branka.zesoi.fer.hr
6. Warning! 'shell://' with win98 ... (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d20000605121215.F7211@branka.zesoi.fer.hr
7. /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d20000605102421.A14626@kris.top.pl
8. Outlook/HTML "proggie" (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3dD129BBE1730AD2118A0300805FC1C2FE04C799A9@209-76-212-10.trendmicro.com
9. Mailx fix (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d20000604224412.A16748@quaketop.them.org
10. Warning! 'shell://' with win98 causes endless problems (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d3938E509.D46A115B@telekabel.at
11. shell://' problem, "weird dll" (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d20000604000833.8957.qmail@hotmail.com
12. JOLT2.C (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d009401bfcd8d$030f9960$bda3b3d1@EARTHLINK.NET
13. shell:// shell:\\ shell: (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d007101bfcd85$b4a1a4a0$bda3b3d1@EARTHLINK.NET
14. Possible problem with NT Domains (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3ds937d138.046@paili.scis.ecu.edu.au
15. Win 2000 & IE 'shell://' problem? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d3937FCBD.1A64A943@telekabel.at
16. AW: Outlook/HTML "proggie" (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3dLPBBIMLICJDJAJLIAEBMKEBJCFAA.joerg@fs.is.uni-sb.de
17. MSProxy Server 2 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-06-09%26thread%3d20000602153725.76014.qmail@hotmail.com
VIII. MICROSOFT FOCUS LIST SUMMARY
- ---------------------------------
1. Security courses (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d00fb01bfd019$041e07e0$584386cb@inom
2. NT Admin Logon (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d00d401bfd09a$3ef974e0$0a01a8c0@WOOD2PROF
3. Certified Security Course (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d393EF2E4.B0AC7E4E@freewwweb.com
4. win2k and user rights (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d393E110A.E0FA4B1F@di.uoa.gr
5. AW: win2k and user rights (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3dLPBBIMLICJDJAJLIAEBMIEDECFAA.joerg@fs.is.uni-sb.de
6. NT & Firewall (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d393E0D94.7A2F0E18@vps.co.za
7. Administrivia Re: Ethical/Theoretical Question (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3dPine.GSO.4.21.0006071834501.15635-100000@mail
8. Restrict anonymous (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3dB7E4A67157A2D3118ABE000629388EC8E167@KARL
9. Ethical/Theoretical Question (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3dD129BBE1730AD2118A0300805FC1C2FE04C799D6@209-76-212-10.trendmicro.com
10. MS LoopBack Adapter (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3dAB8B23C71CC1D211ABA600805FFE04FD0674C16C@hermes.bcbst.com
11. "Port mapper" for NT/2000. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3dCBF860F33EF3D211BEE90008C7CFACA101683636@msxsrvmtl1.vpi.hydro.qc.ca
12. Forensic References needed Urgently (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d002f01bfcfac$58c87540$fb050180@benjizs
13. NT domain renaming (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d002601bfd00c$641c1450$aa410cc1@bihrner2.datarutin.se
14. Restrict Anonymous Follow-Up (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d000001bfd012$6197f2c0$5e17433f@tidalwave.net
15. Password Aging/Remote Access (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d00060615472306.00347@c400
16. nt config.pol (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3ddd.54bd715.266e796e@aol.com
17. Network control panel disabled (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3ds93cc993.001@gwsmtp.tnb.com
18. NtCongif.pol (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d010601bfcfbf$9a0698d0$19d46383@corp.compucom.com
19. CIAC and FrontPage (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d20000606152926.5572.qmail@nwcst294.netaddress.usa.net
20. Default Access Control Settings in Windows 2000 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-06-09%26thread%3d04972CFB2C3AD4118606009027DE247618689B@hsadenmx02.hsacorp.net
IX. SUN FOCUS LIST SUMMARY
- ----------------------------
1. setuid Q. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-06-09%26thread%3d200006081747.TAA27528@romulus.Holland.Sun.COM
2. solaris packages (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-06-09%26thread%3d200006080938.KAA23939@otis.UK.Sun.COM
3. Re High TCP connect timeout rate (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-06-09%26thread%3d
4. High TCP connect timeout rate (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-06-09%26thread%3d20000607100017.N14186@securityfocus.com
5. No secure copy on Solaris 8? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-06-09%26thread%3dPine.GHP.4.21.0006051144440.22941-100000@mail.ilrt.bris.ac.uk
6. Interesting Solaris Security Interview (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-06-09%26thread%3d20000605143203.B2427@securityfocus.com
X. LINUX FOCUS LIST SUMMARY
- ---------------------------
1. Linux isn't about security?! (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-06-09%26thread%3d20000607095618.A23138@securityfocus.com
2. Interesting Interview on SecurityFocus.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-06-09%26thread%3d20000607092039.H7819@securityfocus.com
XI. SPONSOR INFORMATION - BASELINE Software, Inc.
- -------------------------------------------------
INSTANT, DEFINITIVE, UP-TO-DATE POLICIES FROM BASELINE!
INFORMATION SECURITY POLICIES MADE EASY is a compilation of 1000+
already-written information security policies by internationally known
consultant Charles Cresson Wood. Save time and money developing policies for
information security manuals, systems standards, contingency plans,
outsourcing agreements.
For more information, go to www.baselinesoft.com.
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
- -------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1@securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
Walter Ash
SecurityFocus
www.securityfocus.com
------- End of Forwarded Message
|
