Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FWD: SecurityFocus.com Newsletter #56
- From: Paul Howell
- Date: Tue Sep 05 14:23:55 2000
------- Forwarded Message
Date: Tue, 5 Sep 2000 09:16:18 -0700
Reply-To: Stephen Entwisle <se@SECURITYFOCUS.COM>
Sender: SF-NEWS Mailing List <SF-NEWS@SECURITYFOCUS.COM>
From: Stephen Entwisle <se@SECURITYFOCUS.COM>
Subject: SecurityFocus.com Newsletter #56
To: SF-NEWS@SECURITYFOCUS.COM
Premier sponsor: eEye Digital Security
Vulnerability Is Over ... eEye Digital Security Announces Retina
Retina, the Network Security Scanner, is the first security software
application with state-of-the-art artificial intelligence features that
allow it to think like a hacker. Retina is the first network security software that works like
an around-the-clock human network security analyst, giving you the most
comprehensive network security analysis available.
Available for download at
http://www.eeye.com/click.asp?referrer=3DSFMS1&p=3DRetina
SecurityFocus.com Newsletter #56
- --------------------------------
I. FRONT AND CENTER
1.New Article in the Incident Handling Focus Area: The Field Guide for
Investigating Computer Crime: Search and Seizure Planning
2.New Article in the Focus-Sun Area:
Role Based Access Control - A distribution of power part 2
3.New Article in the Virus Focus Area Examines Media Coverage of Virus Threats
II. BUGTRAQ SUMMARY
1. Intel Express Switch 500 series DoS
2. vqSoft vqServer 1.4.49 DoS Vulnerability
3. O'Reilly WebSite Pro Write Access Vulnerability
4. Multiple Vendor mgetty Symbolic Link Traversal Vulnerability
5. Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
6. Robotex Viking Server Buffer Overflow Vulnerability
7. Microsoft Money Plaintext Password Vulnerability
8. Kerberos KDC Spoofing Vulnerability
9. IPSWITCH IMail File Attachment Vulnerability
10. [No Subject]
11. GoodTech FTP Server RNTO DoS Vulnerability
12. Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vuln
13. GWScripts News Publisher author.file Write Vulnerability
14. Helix Code "go-gnome" /tmp Symlink Vulnerability
15. Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
16. Xpdf Embedded URL Vulnerability
17. FreeBSD Malformed ELF Image Denial of Service Vulnerability
18. Worm httpd Directory Traversal Vulnerability
19. eEye IRIS Buffer Overflow Vulnerability
20. FreeBSD Linux Compatibility Mode Buffer Overflow Vulnerability
21. FreeBSD Ports brouted Installation Permission Vulnerability
22. CGI Script Center Auction Weaver Directory Traversal Vulnerability
23. Microsoft Outlook winmail.dat Vulnerability
24. Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
25. Microsoft Outlook 2000 Vcard DoS Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. AtStake Jilts Phiber Optik (Sept. 1, 2000)
2. Corporate Carnivore Available (Aug. 29, 2000)
IV.SECURITY FOCUS TOP 6 TOOLS
1. SAINT - Security Administrator's Integrated Network Tool 2.2beta1
2. Automated Password Generator (APG) 1.0.4
3. ShadowScan 1.00.019
4. eXpert-BSM 1.1
5. Samhain 0.9.2
6. MIME Defanger 0.4
V. SECURITYJOBS LIST SUMMARY
1. [ITALY] - Network Security Developer (Thread)
2. Information Security Director - #76 - Iselin, NJ (Thread)
3. Technical Sales Consultant - #176 - Cincinnati, OH (Thread)
4. WireX Webmaster (Thread)
5. Security Architect in Seattle (Thread)
6. Quantico, VA - Sr. Software Security Engineer (Thread)
7. eEye Digital Security is Hiring (Thread)
8. CISSP/CCIE Candidates Needed (Thread)
9. Security Consultant (Thread)
10. Vulnerability analyst (Thread)
11. Network security programmer (Thread)
12. Security Engineer (Thread)
13. Security Architect (Thread)
14. Security and Unix Administrator (Thread)
15. Manager-Security/E-Commerce - #170 - Chicago, Detroit (Thread)
16. E-commerce/Security - Sr. Manager - #170 - Chicago, IL (Thread)
17. Sr. Application Security Engineer - #618 - Alexandria, VA (Thread)
18. Application Security Engineer - #618 - Alexandria, VA (Thread)
19. Jr. Application Security Engineer/Analyst - #618... (Thread)
20. Senior Security Analyst - #43 - Various Locations (Thread)
VI. INCIDENTS LIST SUMMARY
1. A slap on the wrist...? (Thread)
2. Annoy Those Sub7 Scanners. (Thread)
3. Solaris stated exploit? (Thread)
4. two port scans (Thread)
5. UDP port 137 packets sent to 70.255.224.194 (and to other...(Thread)
6. weird 500/udp (Thread)
7. detecting "trinity v3 by self" DDoS agent (Thread)
8. UDP port 137 packets sent to 70.255.224.194 (and to other... (Thread)
9. Weird Logs (Thread)
10. UDP port 137 packets sent to 70.255.224.194 (Thread)
11. UDP Port 1907 & 28800 (Thread)
12. bubonic.c -- random TCP segment DoS tool (Thread)
13. Sub7/Open Telnet/Open Socks/DOS (Thread)
14. Network Probing (Thread)
15. You guys were right (Thread)
16. Possible widespread hole? (Thread)
17. Break-in attempt from 203.197.38.247 (Thread)
18. Linuxconf scanning (Thread)
19. Port Scan? (Thread)
20. Spammers just got smarter. (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. SSL & IDS (Thread)
2. jsp malicious coding (Thread)
3. Remote exploitation of network scanners? (Thread)
4. Yahoo pager (Thread)
5. jump2.eudora.com (Thread)
6. Netscape mail reader oddity (Thread)
7. X Server Test/Exploit (Thread)
8. Microsoft Word RTF parser buffer overflow (Thread)
9. Final thoughts on Daemonic.c (Thread)
10. Non-Mathmatical Forging of PKI Digital Certificates...(Thread)
11. linux ld.so vuln - CSSA-2000-028.0 (Thread)
12. Netscape 6 beta2 opens the net? (Thread)
13. Sonicwall DoS (Thread)
14. actions to jump2.eudora.com (Thread)
15. Flood Attack (Thread)
16. Daemonic (Thread)
17. os/2 shellcode? (Thread)
18. How do web servers handle dropped connections? (Thread)
19. /dev/urandom | logger "issue" (Thread)
20. connections to jump2.eudora.com (Thread)
21. Antwort: Re: How do web servers handle dropped connections?(Thread)
22. Win2k & Linux DoS (Thread)
23. Linksys 4-port Router NAT/Firewall (Thread)
24. Packet Fragmentation Attacks (Thread)
25. Must coredump? No. (Was: Local root through vuln...) (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Snort & Nmap for NT (obviously) (Thread)
2. Win 2K Policy Editor? (Thread)
3. Windows Network logon (Thread)
4. Privacy Concerns with Office?? What about this!? (Thread)
5. Exchange email legal notice (Thread)
6. Possible security bug in Windows 2000 Professional (Thread)
7. mail server in a DMZ (Thread)
8. FW: [COVERT-2000-10] Windows NetBIOS Unsolicited Cache...(Thread)
9. Easy way to set permission (Thread)
10. [no subject]
11. Blocking MAC Addresses (Thread)
12. Web User Trusted Authentication (Thread)
13. High Encryption for NT (Thread)
14. Modem Hangup (Thread)
15. Ssh Server for Windows NT (Thread)
16. Pop3 and IMAP (Thread)
17. Sofware Audit Tools (Thread)
18. Silly NT question (Thread)
19. Microsoft Security Configuration Manager (SCM) (Thread)
20. W2KTerminal Services Security (Thread)
21. MS Proxy Server 2.0 and MS FrontPage 2000 (Thread)
22. OS Fingerprinting (Thread)
23. Outlook Web access Question. (Thread)
24. Windows firewalls (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Limiting write access to a port (Thread)
2. nisd_resolv issues (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Port 587/tcp (Thread)
2. Authentication Problems with Samba (Thread)
3. Incoming directory in WU-FTPD (Thread)
4. Sendmail issue (Thread)
5. free swan problem.. (Thread)
6. sendmail security? (Thread)
7. [No Subject]
8. open ports and your linux box (Thread)
9. SV: blocking icq & napster (Thread)
10. 1026 tcp nterm remote_login terminal_emulation (Thread)
11. blocking icq & napster (Thread)
12. Operator (Thread)
13. ssh hosts allow/deny (Thread)
14. sshd2_config (Thread)
15. How do buffer overflows work? (Thread)
16. ssh (Thread)
17. in.identd (Thread)
18. Buffer overflow (Thread)
19. Compiling squid?? (Thread)
20. question on log files (Thread)
XI. SPONSOR INFORMATION - eEye Digital Security
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. FRONT AND CENTER
- -------------------
Welcome to the SecurityFocus.com 'week in review' newsletter issue
1. New Article in the Incident Handling Focus Area: The Field Guide for
Investigating Computer Crime: Search and Seizure Planning
In our last article, "Search and Seizure Basics", we discussed six
fundamental rules that an investigator should always have in mind when
performing a search and seizure. Primarily, these rules are to help
establish and safeguard the chain of custody for computer crime scene
evidence. At this juncture, we're ready to look at the first stage of the
search and seizure process: planning.
http://www.securityfocus.com/focus/ih/articles/crimeguide4.html
2.New Article in the Focus-Sun Area: Role Based Access Control - A
distribution of power part 2
In an attempt to add a finer grain of control to privileges, Sun
implemented the Role Based Access Control system in Solaris 8. As a clever
solution to a large problem, Sun has implemented a facility that allows
the customizing of privilege for each individual user. The distribution of
power can now allow users access to resources previously not possible
without giving them root access to the system.
Hal Flynn delves in to the configuration files and utilities used for
RBAC, and gets the reader ready to implement RBAC on their own systems.
http://www.securityfocus.com/focus/sun/articles/rbac2.html
3.New Article in the Virus Focus Area Examines Media Coverage of Virus Threats
LoveBug, Pikachu, Erap Estrada - lately, it seems virus warnings are often more
widely distributed than the real thing. Outspoken antivirus journalist George
Smith takes a critical look at how the media covers, and sometimes hypes, potential
computer virus threats.
http://www.securityfocus.com/focus/virus/articles/mediareview.html.
II. BUGTRAQ SUMMARY
- -------------------
1. Intel Express Switch 500 series DoS
BugTraq ID: 1609
Remote: Yes
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1609
Summary:
If an IP packet with a malformed header is sent to an Intel Express 500
series Switch or a host behind it, the switch will crash. In order to
regain functionality, the power must be disconnected and reconnected - the
reset switch will not be operational.
2. vqSoft vqServer 1.4.49 DoS Vulnerability
BugTraq ID: 1610
Remote: Yes
Date Published: 2000-08-19
Relevant URL:
http://www.securityfocus.com/bid/1610
Summary:
vqServer 1.4.49 is subject to a buffer overflow. If a GET request is sent
to the server containing 65 000 characters the server will stop
responding. A reboot is required in order to gain normal functionality.
3. O'Reilly WebSite Pro Write Access Vulnerability
BugTraq ID: 1611
Remote: Yes
Date Published: 2000-08-24
Relevant URL:
http://www.securityfocus.com/bid/1611
Summary:
By default, O'Reilly WebSite Pro installs the following directories on the
web root as read accessible by any user:
cgi-win
cgi-shl
cgi-src
cgi-temp
The program uploader.exe exists in the /cgi-win directory. Any remote
user can execute this program by performing a GET request for
http://target/cgi-win/uploader.exe. This program will allow the user to
upload any file to the remote server.
4. Multiple Vendor mgetty Symbolic Link Traversal Vulnerability
BugTraq ID: 1612
Remote: No
Date Published: 2000-08-25
Relevant URL:
http://www.securityfocus.com/bid/1612
Summary:
A vulnerability exists in a portion of the mgetty package, by Gert
Doering. By exploiting a flaw in the faxrunq and faxrunqd programs, it is
possible for local users to create arbitrary files, and alter arbitrary
files on the filesystem. This in turn can lead to local root compromise.
The faxrunq and faxrunqd programs will follow symbolic links. By creating
a symbolic link named .last_run in /var/spool/fax/outgoing, and running
the faxrunqd or faxrunq program, arbitrary files can be created. Existing
files will have their contents overwritten.
mgetty is a popular getty replacement package that supports fax receipt
and transmission. It runs on a wide range of systems, and is distributed
with a number of popular Linux distributions. It is also part of the
OpenBSD and FreeBSD ports packages. It is not, however, installed by
default on either system.
mgetty is marked BROKEN in the OpenBSD ports package because of this
problem and users are not able to install it.
5. Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
BugTraq ID: 1613
Remote: Yes
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1613
Summary:
It is possible for a malicious user, to corrupt the Local Security Policy
of a Windows 2000 machine which would effectively deny network services.
The Local Security Policy identifies:
- - the domains trusted to authenticate logon attempts.
- - who may access the system and how (interactively, network, as a
service).
- - who is assigned privileges.
- - what security auditing is to be performed.
- - the establishment of default memory quotas. This controls how much paged
and non-paged pool an individual may use.
If the LSP was successfully corrupted on a Windows 2000 client, a user
would not be able to log onto the domain, download files from the server,
share files, and so forth. If the the LSP was successfully corrupted on a
domain controller, network services would be eliminated throughout the
entire domain. In the case that a LSP is corrupted, restoring a well
known configuration from backup would be the only solution.
It is not required to be an authenticated user in order to mount an
attack. Any remote or local user who can establish a RPC connection and
follow a series of specific steps can exploit this vulnerability.
6. Robotex Viking Server Buffer Overflow Vulnerability
BugTraq ID: 1614
Remote: Yes
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1614
Summary:
A number of unchecked buffers exists in Robotex Viking Server. This
enables a malicious user to either crash the application or execute
arbitrary code, depending on the data supplied.
7. Microsoft Money Plaintext Password Vulnerability
BugTraq ID: 1615
Remote: No
Date Published: 2000-08-25
Relevant URL:
http://www.securityfocus.com/bid/1615
Summary:
Under certain circumstances, the password used to protect Microsoft Money
from unauthorized access is stored as plaintext. A user who has physical
access to the system where the Money file resides is able to obtain the
password and use it to view and modify the Money file which includes
account information.
This vulnerability could only be exploited remotely if the Money file
exists on a share that has been made available to external users.
8. Kerberos KDC Spoofing Vulnerability
BugTraq ID: 1616
Remote: Yes
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1616
Summary:
Kerberos is a cryptographic authentication protocol that allows users of a
network to access services without transmitting cleartext passwords. A
common implementation of the protocol includes a login service which is
vulnerable to an attack which involves spoofing responses from the Key
Distribution Center (KDC). The login service authenticates a user by first
requesting a ticket granting ticket (TGT) from the authentication server.
If the TGT can be decrypted using the password supplied by the user, the
login service attempts to verify the identity of the KDC by making a
request with the received TGT for a service ticket for itself. The service
ticket returned by the KDC is encrypted with a secret shared between the
KDC and the service host. If the service ticket cannot be verified with
the service's secret key it is assumed that the KDC is not authentic. If
the login service has not been registered as a principal with the KDC or
the service's secret key has not been installed on the host the login
service will proceed without verification that the TGT was returned by the
authentic KDC. In these circumstances it is possible to log into the
server illicitly if an attacker can spoof responses from the Key
Distribution Center.
9. IPSWITCH IMail File Attachment Vulnerability
BugTraq ID: 1617
Remote: Yes
Date Published: 2000-08-30
Relevant URL:
http://www.securityfocus.com/bid/1617
Summary:
IPSWITCH ships a product titled IMail, an email server for usage on NT
servers serving clients their mail via a web interface. To this end the
IMail server provides a web server typically running on port 8383 for it's
end users to access. Via this interface users may read and send mail, as
well as mail with file attachments. Certain versions of IMail do not
perform proper access validation however resulting in users being able to
attach files resident on the server. The net result of this is users may
attach files on the server to which they should have no access. This
access is limited to the user privileges which the server is being run as,
typically SYSTEM.
It should be noted that once a user attachs the files in question the
server deletes them.
10. [no subject]
BugTraq ID: 1618
Remote: Unknown
Date Published: 2000-08-15
Relevant URL:
http://www.securityfocus.com/bid/1618
Summary:
11. GoodTech FTP Server RNTO DoS Vulnerability
BugTraq ID: 1619
Remote: Yes
Date Published: 2000-08-30
Relevant URL:
http://www.securityfocus.com/bid/1619
Summary:
It is possible for a remote user to cause a denial of service against the
GoodTech FTP server. Requesting numerous RNTO commands will cause the
server to stop responding. A restart of the server service is required to
gain normal functionality.
12. Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
BugTraq ID: 1620
Remote: Yes
Date Published: 2000-08-29
Relevant URL:
http://www.securityfocus.com/bid/1620
Summary:
The implementation of the NetBIOS cache in Windows 95, 98, NT 4.0, and
2000 allows for remote insertion of dynamic cache entries and removal of
both dynamic and static (from the LMHOSTS file) cache entries. This is
due to the interaction between the implementation of the NetBIOS cache and
the CIFS (Common Internet File System) Browser Protocol.
The CIFS Browsing Protocol generates a list of network resources and is
used in services such as My Neighborhood or My Network Places. It also
defines a number of Browse Frames encapsulated within a NetBIOS datagram.
Information contained in a NetBIOS datagram is extracted and inserted into
the NetBIOS cache when a Browse Frame request is received on UDP port 138.
This information includes a source and destination NetBIOS name, second
source IP address, and IP headers.
A remote malicious user can transmit unicast or broadcast UDP datagrams
which can result in the redirection of NetBIOS name resolution to IP
address resolution forwarding to an arbitrary IP address under their
control. Once the cache is corrupted with a UDP datagram, it is no longer
a prerequisite to predict Transaction IDs (which is reportedly an easily
predictable 16-bit ID to begin with).
To flush a dynamic entry in the cache, one can send a Postive Name Query
response that provides a different IP address to NetBIOS name mapping.
13. GWScripts News Publisher author.file Write Vulnerability
BugTraq ID: 1621
Remote: Yes
Date Published: 2000-08-29
Relevant URL:
http://www.securityfocus.com/bid/1621
Summary:
It is possible for a remote user to add an author to the author index
(author.file) in GWScripts News Publisher, a web news publisher. This can
be done by requesting the following raw HTTP request using any arbitrary
username and password:
POST /cgi-bin/news/news.cgi?addAuthor HTTP/1.0
Connection: close
User-Agent: user/browser
Host: target
Referer: http://target/cgi-bin/news/news.cgi
Content-type: application/x-www-form-urlencoded
Content-length: 71
author=<username>&apassword=<password>&email=<emailaddress>&name=<username>&password=<password>
14. Helix Code "go-gnome" /tmp Symlink Vulnerability
BugTraq ID: 1622
Remote: No
Date Published: 2000-08-29
Relevant URL:
http://www.securityfocus.com/bid/1622
Summary:
Go-Gnome is a system created by Helix Code to download the files necessary
to install Helix Code Gnome easily and automatically. It is basically a
shellscript served by go-gnome.com that is dumped into a textfile with
lynx and then executed. Go-Gnome, when run, creates a number of temporary
files in /tmp with predictable filenames. Since /tmp is world writeable,
if a malicious user knows in advance that root is going to be using
go-gnome to install Gnome, symbolic links to arbitrary files on the
filesystem with filenames of files written to /tmp by go-gnome can be
created before go-gnome runs. When go-gnome is executed, it will attempt
to write to these files but will instead write to whatever is pointed to
by the symbolic links. Thus it is possible for an attacker, with knowledge
that go-gnome will be run, to overwrite any files on the filesystem. This
can lead to a denial of service or in some cases compromise of the system.
15. Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
BugTraq ID: 1623
Remote: Yes
Date Published: 2000-08-30
Relevant URL:
http://www.securityfocus.com/bid/1623
Summary:
SStalkerlab's Mailers 1.1.2 and possibly more recent versions are subject
to a design error which could potentially enable a user to access the
local files of the web server.
Mailers 1.1.2 contains the program CGImail.exe which uses a template file
located on the web server disk to convert the HTML form to email. Due to
specific values in the file it is possible for a user to save the web page
to disk and modify different variables such as the $To$, $Attach$ and the
$File$ variables. This could potentially cause the program to send any
file saved on the web server to the user.
16. Xpdf Embedded URL Vulnerability
BugTraq ID: 1624
Remote: No
Date Published: 2000-08-29
Relevant URL:
http://www.securityfocus.com/bid/1624
Summary:
To launch an embedded URL from a pdf file, Xpdf 0.90 and previous will
construct a string containing the URL and pass it to system().
Therefore, an embedded link containing shell characters could instruct a
user's shell to execute arbitrary commands when clicked.
17. FreeBSD Malformed ELF Image Denial of Service Vulnerability
BugTraq ID: 1625
Remote: No
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1625
Summary:
A vulnerability exists in versions 3.x, and 4.x and 5.x prior to August
15, 2000, of FreeBSD. A failure of the ELF image activator to perform
sufficient sanity checks on the ELF image header could result in local
users being able to perform a denial of service attack against the
machine.
By failing to handle conditions where the header had an invalid or
truncated header, FreeBSD could suffer from a sign overflow bug. This in
turn would cause the CPU to enter a long in-kernel loop. This can result
in the machine being unavailable to remote and local users for 15 minutes
or more.
18. Worm httpd Directory Traversal Vulnerability
BugTraq ID: 1626
Remote: Yes
Date Published: 2000-08-25
Relevant URL:
http://www.securityfocus.com/bid/1626
Summary:
Worm httpd is a free webserver created by Jeremy Arnold (Wormonline
Software). It is possible to request files outside of the webroot by using
"double dots" to traverse parent directories. If an attacker knows the
absolute path of a file on the system, it can be retrieved via
exploitation of this vulnerability. This may lead to further compromise of
the system.
19. Eeye IRIS Buffer Overflow Vulnerability
BugTraq ID: 1627
Remote: Yes
Date Published: 1998-08-31
Relevant URL:
http://www.securityfocus.com/bid/1627
Summary:
IRIS from eEye Digital Security is a protocol analyzer geared towards
network management, it is currently in BETA. This product was formerly
known as SpyNet CaptureNet. Certain versions of the this software are
vulnerable to a remotely triggered buffer overflow attack. This attack is
orchestrated by a malicious user launching multiple UDP sessions to random
ports on the machine which IRIS resides on (and is in operation on). The
net result of this buffer overflow is that the product ceases to function
and may drive system resources to 100% before exiting. It may be possible
that this overflow (a heap overflow according to the attached advisory)
could result in a system compromise. No information indicating that this
is the case has been released.
20. FreeBSD Linux Compatibility Mode Buffer Overflow Vulnerability
BugTraq ID: 1628
Remote: No
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1628
Summary:
A vulnerability exists in the Linux compatibility portions of versions
3.x, 4.x and 5.x of FreeBSD. Versions of 5.0 released prior to July 23,
2000, 4.1 prior to July 29, 2000 and 3.5 prior to August 24, 2000, should
be considered vulnerable. Releases after these dates are not vulnerable
to this problem.
The Linux compatibility module implements what FreeBSD calls a "shadow"
filesystem. This is overlayed on the regular filesystem hierarchy. This
allows Linux binaries to see files in the shadow filesystem which can mask
native files. If a user can create a file in the shadow filesystem which
has a long name comprised of machine executable code, it is possible to
overwrite values on the stack and execute the content of the buffer
containing the filename. This is only the case if the Linux kernel module
is loaded, or has been statically compiled in to the kernel. By default,
it is not enabled.
21. FreeBSD Ports brouted Installation Permission Vulnerability
BugTraq ID: 1629
Remote: No
Date Published: 2000-08-28
Relevant URL:
http://www.securityfocus.com/bid/1629
Summary:
A vulnerability exists in the FreeBSD ports package for the brouted
program. Vulnerable versions of brouted were available in the ports
packages for 3.5-RELEASE and 4.1-RELEASE until August 22, 2000.
Subsequent installations of the ports package are not vulnerable.
brouted is incorrectly installed with setgid kmem permissions. Versions
of the port released prior to August 22, 2000 had buffer overflows in the
command line argument handling. This could lead to local users being able
to execute arbitrary code with GID kmem permissions. This could be used
to elevate privilege to that of root by manipulating kernel memory.
22. CGI Script Center Auction Weaver Directory Traversal Vulnerability
BugTraq ID: 1630
Remote: Yes
Date Published: 2000-08-23
Relevant URL:
http://www.securityfocus.com/bid/1630
Summary:
It is possible to view the contents of any known file residing on a system
running CGI Script Center Auction Weaver. For example:
http://target/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\&fromfile=file.ext
will allow a remote user, regardless of privilege level to read the file
specified.
23. Microsoft Outlook winmail.dat Vulnerability
BugTraq ID: 1631
Remote: Yes
Date Published: 2000-08-24
Relevant URL:
http://www.securityfocus.com/bid/1631
Summary:
If an email message is sent from a Microsoft Outlook client and is RTF
formatted, a file named winmail.dat is also sent as an attachment. If the
recipient opens the email message in a client other than Outlook, the
windmail.dat file will be visible as an attachment. Windmail.dat contains
the full path of the senders' .pst file which is located on the user
profile directory by default. The path contains the username of the
sender in addition to the domain name.
If the email message is sent through Exchange Server 5.5, windmail.dat
will be stripped from the email message and it will not be received by the
intended recipient.
24. Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
BugTraq ID: 1632
Remote: Yes
Date Published: 2000-08-31
Relevant URL:
http://www.securityfocus.com/bid/1632
Summary:
A potential problem exists in the way that Microsoft Windows handles file
extensions. Under usual circumstances, when opening an unknown file type,
the user is prompted with a dialogue box asking what application should be
used to execute the file. This is not the case with Microsoft Office
documents.
If a file is made in an Office application and the extension is renamed to
an unknown file type, Windows will still open the file in the
corresponding Office program. Reportedly this is because Windows uses
header information to determine the file type rather than the file
extension itself.
Problems could arise if a malicious user were to embed macro viruses in an
Office document and then rename the extension to *.vi?. Most antivirus
programs will not scan files with the extension of *.vi?. Therefore,
viruses contained in such Office documents would go undetected.
25. Microsoft Outlook 2000 Vcard DoS Vulnerability
BugTraq ID: 1633
Remote: Yes
Date Published: 2000-08-31
Relevant URL:
http://www.securityfocus.com/bid/1633
Summary:
Microsoft Outlook 2000 is subject to a denial of service due to the
handling of certain vcard fields.
If certain fields in a vcard(.vcf) contain over 75 characters and a user
opens the file Outlook 2000 will stop responding. Outlook will prompt a
user with a warning before importing and opening the vcard(.vcf) file,
however if a user saves the file to a directory and proceeds to open it
through explorer no warning will be given.
Affected fields which cause CPU utilization are as follows: name:
nickname: fn: title: title;language=value=text: tel: tel;<label>:
tel;<label>,<label>:
The following fields will cause Outlook 2000 to terminate:
email:
bday; value=date
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------
1. AtStake Jilts Phiber Optik
By Kevin Poulsen
September 1, 2000 5:12 AM PT
When Mark Abene found himself being wooed last month by security services
firm @stake, he didn't expect his hacker past from seven years earlier to
come back to haunt him. After all, just last January a newly-minted @stake
was basking in media limelight after announcing a merger with the group
the company described as the "renowned hacker think-tank" L0pht Heavy
Industries.
So Abene was surprised when the company, which was apparently ignorant of
his history when asking him to join its budding New York office, abruptly
withdrew its offer in the final phases of hiring. As Abene describes it,
the @stake recruiter tiptoed gingerly around the reason for the company's
change of heart, before she finally explained in a voice dripping with
contempt and finality, "We ran a background check."
2. Corporate Carnivore Available
By Kevin Poulsen
August 29, 2000 10:12 PM PT
ARLINGTON, Va.--Corporate security professionals covetous of the FBI's
Carnivore system may want to take a look at PostMaster, an
email-monitoring tool developed by General Dynamics Electronic Systems and
displayed at Surveillance Expo 2000 here Tuesday.
"It's sort of a Carnivore Lite," explained Jerry Foil, a technical manager
at the company.
IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1.SAINT - Security Administrator's Integrated Network Tool 2.2beta1
(AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD,Solaris,
SunOS and Ultrix)
by World Wide Digital Security, Inc. (saint@wwdsi.com)
URL:
http://wwdsilx.wwdsi.com/saint/
SAINT (Security Administrator's Integrated Network Tool) is a security
assessment tool based on SATAN. It is updated regularly and scans for just
about all remotely detectable vulnerabilities. Features include scanning
through a firewall, updated security checks from CERT & CIAC bulletins, 4
levels of severity (red, yellow, brown, & green) and a feature rich HTML
interface. Changes: This release adds vulnerability checks for
setproctitle vulnerability in ftpd (added checks for HP-UX, OpenBSD, and
ProFTP), Linux statd format string vulnerability, Big Brother (two
vulnerabilities), Apache: ASP (source.asp), Poll It, guestbook.cgi, Excite
for Web Servers, OmniHTTPD (imagemap.exe), Mini SQL (w3-msql), and the
AltaVista search engine.
2. Automated Password Generator (APG) 1.0.4 (FreeBSD, Linux and Solaris)
by Adel I. Mirzazhanov
URL:
http://www.adel.nursat.kz/apg/
APG (Automated Password Generator) is a tool set for random password
generation
3.ShadowScan 1.00.019 (Windows 2000, Windows 95/98 and Windows NT)
by RedShadow
URL:
< http://www.rsh.kiev.ua >
Shadow Scan - is a program, intended for the analysis IP of networks,
including also functions, attacks on host (WinNuke, SSPing), search of the
passwords on POP3, FTP, analysis started of services etc. The purpose at a
spelling of the given program - to collect all best on research and hack
of a network in one to the program. Anyone wishing can take part in
development.
Now Shadow Scan contains: Shadow Advantis Administrator Tools - Ping
(SSPing), Port Scanner, IP Scanner, Site Info (is intended for fast
definition of services started on the host), Network Port Scanner,
Tracert, Telnet, Nslookup, Finger, Echo, Time, UPD test, File Info,
Compare File, Netstat, SysInfo, Crypr, Crc File, DBF view/edit, DiskInfo,
NTprocess, Keyboard test, DNS info. Automated Password Generator (APG)
1.0.4 Shadow Hack and Crack - WinNuke, Mail Bomber, POP3 and FTP Crack
(definitions of the password by a method of search), Unix password Crack,
Finger over SendMail, Buffer Overlow , Smb Password Check , CRK Files,
Http crack, Socks crack.
ShadowPortGuard - code for detection of connection on the certain port.
Shadow Novell NetWare Crack - code for breaking Novell NetWare 4.x.
4. eXpert-BSM 1.1 (Solaris)
by SRI's EMERALD team
URL:
http://www.sdl.sri.com/emerald/releases/eXpert-BSM
EMERALD's eXpert-BSM Monitor is a host-based intrusion detection system
that provides an unprecedented degree of realtime security monitoring for
critical application servers and workstations. eXpert-BSM provides the
most comprehensive knowledge-base for detecting insider misuse, policy
violations, privilege misuse or subversion, illegal resource manipulation,
and other site policy violations for Sun Solaris operating systems. This
component is packaged and distributed as a full intrusion detection
solution, providing data collection, intrusion detection analysis, an
alert management interface, and detailed response directives.
5.Samhain 0.9.2 (AIX, HP-UX, Linux, Solaris and Unixware)
by Rainer Wichmann (rwichmann@hs.uni-hamburg.de)
URL:
http://samhain.sourceforge.net/
Samhain is a file system integrity checker that can optionally be used as
a client/server application for centralized monitoring of networked hosts.
Databases and configuration files can be stored on the server. In addition
to forwarding reports to the log server via authenticated TCP/IP
connections, several other logging facilities (e-mail, console,
tamper-resistant log file, and syslog) are available. Samhain has been
tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
6.MIME Defanger 0.4 <Linux, Perl (any system supporting perl) and UNIX>
by David F. Skol (dfs@roaringpenguin.com)
URL:
http://www.roaringpenguin.com/mimedefang/
MIME Defanger is an e-mail filter program which works with Sendmail 8.10.
MIME Defanger filters all e-mail messages sent via SMTP. MIME Defanger
splits multi-part MIME messages into their components and potentially
deletes or modifies the various parts. It then reassembles the parts back
into an e-mail message and sends it on its way. Mail filter can more
reliably determine attachment names, and extra logging via syslog.
V. SECURITY JOBS SUMMARY
- ------------------------
1. [ITALY] - Network Security Developer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d39AD90A1.36186808@emaze.net
2. Information Security Director - #76 - Iselin, NJ (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000830183233.24556.qmail@securityfocus.com
3. Technical Sales Consultant - #176 - Cincinnati, OH (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000830152906.26251.qmail@securityfocus.com
4. WireX Webmaster (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d39AD7A81.B8E723C3@wirex.com
5. Security Architect in Seattle (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000830165033.FRGS11668.mta04.onebox.com@onebox.com
6. Quantico, VA - Sr. Software Security Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d39ABC73D.E23C7085@bah.com
7. eEye Digital Security is Hiring (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3dFPECLIAAFMBHPPPJKHCKAEJDDEAA.info@eeye.com
8. CISSP/CCIE Candidates Needed (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000828204324.14778.qmail@securityfocus.com
9. Security Consultant (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000828155359.13055.qmail@securityfocus.com
10. Vulnerability analyst (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3dPine.LNX.4.20.0008281509520.4884-100000@2xs.co.il
11. Network security programmer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3dPine.LNX.4.20.0008281508550.4884-100000@2xs.co.il
12. Security Engineer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000827215431.16364.qmail@securityfocus.com
13. Security Architect (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000827215328.16356.qmail@securityfocus.com
14. Security and Unix Administrator (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3dB9CD0023B07AD411B77A001083FD2ADC5FFC@nwd2exm2.analog.com
15. Manager-Security/E-Commerce - #170 - Chicago, Detroit (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000825193138.12660.qmail@securityfocus.com
16. E-commerce/Security - Sr. Manager - #170 - Chicago, IL (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000825192016.12600.qmail@securityfocus.com
17. Sr. Application Security Engineer - #618 - Alexandria, VA (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000825191159.12581.qmail@securityfocus.com
18. Application Security Engineer - #618 - Alexandria, VA (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000825190320.12558.qmail@securityfocus.com
19. Jr. Application Security Engineer/Analyst - #618 - Alexandria, VA (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-09-01%26thread%3d20000825185939.12548.qmail@securityfocus.com
20. Senior Security Analyst - #43 - Various Locations (Thread)
VI. INCIDENTS LIST SUMMARY
- -------------------------
1. A slap on the wrist...? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3dPine.LNX.4.21.0008311411570.21773-100000@gemini.bigbrother.net
2. Annoy Those Sub7 Scanners. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3dCEE0B7A5C566D4118621009027DE24767F74@hsadenmx02.hsacorp.net
3. Solaris stated exploit? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d14766.12723.281603.315948@tripwire.cert.dfn.de
4. two port scans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d8600BF007197944F8DD3906E40CB428005D878@itdomain001.itdomain.net.au
5. UDP port 137 packets sent to 70.255.224.194 (and to other hosts...(Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3ds9ae2d20.064@gateway.bm
6. weird 500/udp (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d20000831094139.B31130@mail.wave.co.nz
7. detecting "trinity v3 by self" DDoS agent (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d01da01c012e2$b2581600$1b8a84c3@cybercable.fr
8. UDP port 137 packets sent to 70.255.224.194 (and to other hosts...(Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3dshzolus7ye.fsf@lns130.lns.cornell.edu
9. Weird Logs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d8600BF007197944F8DD3906E40CB428005D86D@itdomain001.itdomain.net.au
10. UDP port 137 packets sent to 70.255.224.194 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d20000830080042.23098.qmail@securityfocus.com
11. UDP Port 1907 & 28800 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d005d01c011f4$d3886e40$0401a8c0@ev1.net
12. bubonic.c -- random TCP segment DoS tool (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d39AB19A7.D8E6D0CE@scholar.don.tased.edu.au
13. Sub7/Open Telnet/Open Socks/DOS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3dNEBBKDPOGLLPEMKLLGKLAEANCEAA.ryagatich@csn1.com
14. Network Probing (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d20000828095639.B31004@psi.cl
15. You guys were right (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d20000827213959.8526.qmail@securityfocus.com
16. Possible widespread hole? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3dPine.GSO.4.21.0008271515480.6667-100000@nitzer.it.su.se
17. Break-in attempt from 203.197.38.247 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3dPine.LNX.4.21.0008251535500.18224-100000@spindle.sickfuck.org
18. Linuxconf scanning (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d2D8EBD809238D411B71200805FE6C636138149@rciexch03.rci.com
19. Port Scan? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d39A5EA90.14D9C04D@balakovo.ru
20. Spammers just got smarter. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-09-01%26thread%3d20000824234821.A8707@obfuscation.org
VII. VULN-DEV RESEARCH LIST SUMMARY
- ----------------------------------
1. SSL & IDS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008312325420.21597-100000@blue.localdomain
2. jsp malicious coding (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d20000831193738.A7808@geenpunt.nl
3. Remote exploitation of network scanners? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008311330180.20569-100000@blue.localdomain
4. Yahoo pager (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008311311470.20569-100000@blue.localdomain
5. jump2.eudora.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008311255530.20569-100000@blue.localdomain
6. Netscape mail reader oddity (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d39AE894B.306F6EB0@campus.qro.itesm.mx
7. X Server Test/Exploit (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d222959579.20000831112730@studenti.ing.uniroma1.it
8. Microsoft Word RTF parser buffer overflow (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d18634.000830@sandy.ru
9. Final thoughts on Daemonic.c (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d383833099.967601321696.JavaMail.root@web421-mc.mail.com
10. Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.21.0008291913350.7386-100000@scylla.bogus
11. linux ld.so vuln - CSSA-2000-028.0 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d001801c01206$1c1250c0$450af00a@btrd.bostontechnoloy.com
12. Netscape 6 beta2 opens the net? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d4B279CF3578CD211B945009027178017046CFE7C@swilnts809.wil.fusa.com
13. Sonicwall DoS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d39AAD358.63E432A9@enternet.se
14. actions to jump2.eudora.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d4.3.2.7.2.20000828223726.00af1cb0@mail.plus.net
15. Flood Attack (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.BSF.4.21.0008282130001.16338-100000@totally.righteous.net
16. Daemonic (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.GSO.4.05.10008281818520.4244-100000@tundra.winternet.com
17. os/2 shellcode? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008281729070.16498-100000@blue.localdomain
18. How do web servers handle dropped connections? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dNDBBJOKICOHGIJLJDFEJKEGPCIAA.dom@devitto.demon.co.uk
19. /dev/urandom | logger "issue" (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d200008281423.KAA00351@multics.mit.edu
20. connections to jump2.eudora.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d00e301c0107b$226f1160$4500a8c0@office.diggy.net.au
21. Antwort: Re: How do web servers handle dropped connections? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dOF002F4F85.A64630AA-ONC1256949.00273282@OnVista.de
22. Win2k & Linux DoS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dF39nqNI4lQ5tX60LUDA000008c0@hotmail.com
23. Linksys 4-port Router NAT/Firewall (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d00082604375907.13186@smp.kyx.net
24. Packet Fragmentation Attacks (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3d39A63283.AE231339@enternet.se
25. Must coredump? No. (Was: Local root through vuln...) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008250844270.9983-100000@blue.localdomain
VIII. MICROSOFT FOCUS LIST SUMMARY
- ---------------------------------
1. Snort & Nmap for NT (obviously) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d20000831213132.4423.qmail@web121.yahoomail.com
2. Win 2K Policy Editor? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d15C95180BF99D2118BC500A0C95E12183AE781@cta52.cta.ha.osd.mil
3. Windows Network logon (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d3.0.5.32.20000831114834.00a5ce00@mail.arkpacific.com
4. Privacy Concerns with Office?? What about this!? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d2127CCC5C206D4118F6600508BA3691C1930E8@ES1
5. Exchange email legal notice (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d031001c012b0$0b0e8960$a6267faa@gblon1-009221.wcom.co.uk
6. Possible security bug in Windows 2000 Professional (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d00ec01c01280$d90b8aa0$ca00a8c0@DaemonLabs.com
7. mail server in a DMZ (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3dD6C7B533F7C4D311BBD800001D121E7F753501@clmail.cmccontrols.com
8. FW: [COVERT-2000-10] Windows NetBIOS Unsolicited Cache Corruption (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d014a01c012c1$ce73af50$ea02020a@paperweight
9. Easy way to set permission (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d93BDDB5C35CDD211AD9B0008C7E989EB9B8195@ALVINE_MAINFS
10. [ no subject ]
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3dMMEKJBKNDDNAIKLEDGDBAEDNCAAA.sgeorgion@e-closer.com
11. Blocking MAC Addresses (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d20000830023916.26271.qmail@web123.yahoomail.com
12. Web User Trusted Authentication (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3dF26m203ciSmGdCdBIgu00001dda@hotmail.com
13. High Encryption for NT (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d71251C7D5FB1D2119C8F0008C7A44ED1859A39@es07snlnt.sandia.gov
14. Modem Hangup (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d000201c00f76$32a67060$0101a8c0@ares
15. Ssh Server for Windows NT (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d034001c00f7b$59b0b1c0$0500000a@frankenstein
16. Pop3 and IMAP (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3dNIEBJFMEHLAFNBGOFHLPEEPLCBAA.Mbalbo@technisys.com.ar
17. Sofware Audit Tools (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d219CA9548ADCD311887000508B8BB26156D54E@CBZUNHRE
18. Silly NT question (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d2127CCC5C206D4118F6600508BA3691C1930E1@ES1
19. Microsoft Security Configuration Manager (SCM) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d2127CCC5C206D4118F6600508BA3691C1930DF@ES1
20. W2KTerminal Services Security (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d2DBFCBE6D1DAD11191E300805F577D1201A05B91@exchange104.comp.pge.com
21. MS Proxy Server 2.0 and MS FrontPage 2000 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d3.0.5.32.19990114134903.009e48f0@mail.arkpacific.com
22. OS Fingerprinting (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d3.0.5.32.19990114120700.0090fdf0@mail.arkpacific.com
23. Outlook Web access Question. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3d%22JMD0120-000825130240Z-52535*%2fPRMD%3dUSDOJ-JCON%2fADMD%3d%20%2fC%3dUS%2f%22@MHS
24. Windows firewalls (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-09-01%26thread%3dF232KZmcK8r6beUzmRf0000033b@hotmail.com
IX. SUN FOCUS LIST SUMMARY
- ----------------------------
1. Limiting write access to a port (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-09-01%26thread%3d20000831205744.27848.qmail@securityfocus.com
2. nisd_resolv issues (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2000-09-01%26thread%3d200008301608.RAA18329@otis.UK.Sun.COM
X. LINUX FOCUS LIST SUMMARY
- ---------------------------
1. Port 587/tcp (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d003901c013a5$dd238cc0$8dedfea9@vghk
2. Authentication Problems with Samba (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d5751665B4A77D311943100E029245B8F300CDB@stlmxsusr1.wavetech.com
3. Incoming directory in WU-FTPD (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d20000831234727.18007.qmail@web2001.mail.yahoo.com
4. Sendmail issue (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d000701c0137d$07589720$0e010a0a@narellan.net
5. freeswan problem.. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d5751665B4A77D311943100E029245B8F300CD7@stlmxsusr1.wavetech.com
6. sendmail security? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dPine.LNX.4.21.0008310928360.5469-100000@wawa.eahd.or.ug
7. [ no subject ]
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d20000830214226.12567.qmail@web2003.mail.yahoo.com
8. Open ports and your linux box (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008292025070.14550-100000@rthonet.happyland.net
9. SV: blocking icq & napster (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dLEEEJCGJHJFJONPEAONIKEKCCBAA.daniel@avantnoise.com
10. 1026 tcp nterm remote_login terminal_emulation (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dPine.GSO.4.10.10008291217050.22362-100000@watsol.cc.columbia.edu
11. blocking icq & napster (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d139233948196.20000829115241@relline.ru
12. Operator (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d002201c0119e$2efbc210$0a00a8c0@a01
13. ssh hosts allow/deny (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d005701c011ca$03c6f390$0b090a0a@cnet.com
14. sshd2_config (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d00082816431401.00686@inet1.ksk.t-online.de
15. How do buffer overflows work? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dPine.LNX.3.96.1000828162456.6833I-100000@dff.samurajdata.se
16. ssh (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dPine.HPX.4.10.10008281500080.25830-100000@merle.acns.nwu.edu
17. in.identd (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d002201c01089$c5d66520$0202000a@absoft.com.au
18. Buffer overflow (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d001b01c01100$1e534620$49521eac@Icc.adc.ey.com
19. Compiling squid?? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3dPine.LNX.4.10.10008280751080.8789-100000@alchemist.moria.org
20. question on log files (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-01%26thread%3d00082616162000.17969@a24b161n151client14.hawaii.rr.com
XI. SPONSOR INFORMATION - eEye Digital Security
- ----------------------------------
Vulnerability Is Over ... eEye Digital Security Announces Retina
Retina, the Network Security Scanner, is the first security software
application with state-of-the-art artificial intelligence features that
allow it to think like a hacker. Retina is the first network security
software that works like an around-the-clock human network security
analyst, giving you the most comprehensive network security
analysis available.
Available for download at
http://www.eeye.com/click.asp?referrer=3DSFMS1&p=3DRetina
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
- -------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1@securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
------- End of Forwarded Message
|
