Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FWD: SecurityFocus.com Newsletter #59
- From: Paul Howell
- Date: Thu Sep 21 09:53:15 2000
------- Forwarded Message
Date: Wed, 20 Sep 2000 08:59:35 -0700
Reply-To: Stephen Entwisle <se@SECURITYFOCUS.COM>
Sender: SF-NEWS Mailing List <SF-NEWS@SECURITYFOCUS.COM>
From: Stephen Entwisle <se@SECURITYFOCUS.COM>
Subject: SecurityFocus.com Newsletter #59
To: SF-NEWS@SECURITYFOCUS.COM
Premier sponsor: RSA Security
RSA Security The Only Fully Interoperable PKI Solution.=20
PKI is driving the next wave of e-business. RSA Keon PKI issues and
manages digital certificates and trust - enabling you to securely deploy
apps that feature authentication, digital signatures and encryption. For
smooth implementation that's easy to use, you need interoperability. That
means you need RSA Keon PKI.=20
Contact RSA Security at1-800-495-1095.
www.rsasecurity.com/go/keon
SecurityFocus.com Newsletter #59
- --------------------------------
I. FRONT AND CENTER
=091. Closing the Window of Exposure: Reflections on the Future of Security
=092. New Article in the Incident Handling Focus Area: Chasing the
=09 Wind - Episode 1: No Place to Hide
=093. New article in the Sun Focus Area: Role-Based Access Control -=20
=09 A Distribution of Power Part 3
=094. New Article in the Virus Focus Area: The Negatives of False
=09 Positives - Antivirus False Alarms
II. BUGTRAQ SUMMARY
=091. Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulns
=092. SuSE Apache CGI Source Code Viewing
=093. GNOME esound Unsafe /tmp File Creation Vulnerability
=094. AIX netstat -Z Statistic Clearing Vulnerability
=095. Check Point Firewall-1 Session Agent Impersonation Vulnerability
=096. Check Point Firewall-1 Session Agent Dictionary Attack Vulnerability
=097. SCO Unixware "/search97cgi/vtopic" Vulnerability
=098. Tmpwatch Recursive Write DoS Vulnerability
=099. muh IRC Log Format String Vulnerability
=0910. NT Authentication PAM Modules Buffer Overflow Vulnerability
=0911. Mailman 1.1 Writable Variable Vulnerability
=0912. YaBB Arbitrary File Read Vulnerability
=0913. Ranson Johnson mailto.cgi Piped Address Vulnerability
=0914. MailForm 2.0 XX-attach_file Vulnerability
=0915. Microsoft WebTV DoS Vulnerability
=0916. mgetty-sendfax .lastrun File Overwrite Vulnerability
=0917. Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
=0918. Horde CGI Remote Command Execution Vulnerability
=0919. EFTP Buffer Overflow Vulnerability
=0920. EFTP Partial Input Denial of Service Vulnerability
=0921. Mandrake /perl http Directory Disclosure Vulnerability
=0922. IMP File Disclosure Vulnerability=09
=0923. Jack De Winter WinSMTP Buffer Overflow Vulnerability
=0924. Netegrity SiteMinder Authentication Bypass Vulnerability
=0925. HP OpenView Network Node Manager Config Scripts Vulnerability
=0926. Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
=0927. Sambar Server (BETA) Search CGI Vulnerability
=0928. CamShot Remote Buffer Overflow Vulnerability
=0929. FreeBSD Eject Local Root Vulnerability
=0930. Pine Malformed Header Denial of Service Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
=091. Cyber SpyHunt=20
=092. White House Flunks Back
=093. Panel: 'Cyberweapons' Control Needed
=094. Microsoft Cookies Jump Domains
=095. Coming Out Party
IV.SECURITY FOCUS TOP 6 TOOLS
=091. Ethereal 0.8.12
=092. ShadowSecurityScanner 1.01.001
=093. Lsof 4.51=20
=094. Wrapper v2
=095. Winfingerprint 2.2.8
=096. OpenSSL 0.9.5a
V. SECURITYJOBS LIST SUMMARY
=091. What are the advantages using a recruiter? (Thread)
=092. Jobs @NFR: Be with the Best (Thread)
=093. Security Engineer: New Jersey (Thread)
=094. Looking for a mid level server security engineer (Thread)
=095. HP Internet Security Opportunities - Atlanta, GA... (Thread)
=096. Join the security team of a major ISP!-Atlanta, Georgia (Thread)
=097. Security Manager needed for D.C. 5-12 month engagement, (Thread)
=098. Advertise MN (Thread)
=099. Internet Security Analyst - #187 - NJ (Thread)
=0910. Security Consultant (Any State) (Thread)
=0911. Senior Security Consultant - #416 - Palo Alto, CA or NYC (Thread)
=0911. Senior Security Consultant - #416 - Palo Alto, CA or NYC (Thread)
VI. INCIDENTS LIST SUMMARY
=091. Large scans in progress... (Thread)
=092. ICMP mapping, questioning legality!! (Thread)
=093. Follow up on Apache Wierdness (Thread)
=094. new scanner tool or blind luck? (Thread)
=095. t0rnkit on www (Thread)
=096. port scans from local workstation (Thread)
=097. Administrivia: Quoting (Thread)
=098. Interesting Logs (Thread)
=099. isakmp before smtp? (Thread)
=0910. UDP port 1025 Blackjack=BF? (Thread)
=0911. Port 2000, 2002 scans (Thread)
=0912. DDOS attacks on IRC (Thread)
=0913. ICMP messages - Scan or exploit attempt? (Thread)
=0914. Hits on 64257/tcp (Thread)
=0915. [Snort-users] [bgallia@orion.it.luc.edu: Castor's use of...(Thread)
=0916. por favor (Thread)
=0917. wake up & smell the DDoS (Thread)
=0918. t0rn (Thread)
=0919. AW: Port 2000, 2002 scans (Thread)
=0920. t0rn (the rootkit) (Thread)
=0921. Large ICMP Packet, DoS or smth else? (Thread)
=0922. win95, notepad.exe worm/trojan, note.com (Thread)
=0923. AOL vs. Koreans (Thread)
=0924. Digital Signatures for evidence (Thread)
=0925. ICMP Source Quench - Can it be some flood attack? (Thread)
=0926. clearing up: Re: something nasty (Thread)
=0927. port 9704 scans (Thread)
=0928. packets with reserved bits set on (Thread)
=0929. Oh, Christmas Tree (Was: packets with reserved bits set on)(Thread)
=0930. The end of trinity (soon) (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
=091. [No Subject]
=092. How to prevent malicious linking/posting to webapps? (Thread)
=093. ICMP clarification (Thread)
=094. All Advantage Spyware (Thread)
=095. Forge packets ? (Thread)
=096. stackguard-like embedded protection (Thread)
=097. RES: All Advantage Spyware (Thread)
=098. za and spyware (was: no subject) (Thread)
=099. your mail (Thread)
=0910. Format Bugs in Windows Code? (Thread)
=0911. por favor (Thread)
=0912. Auto-update software... (Thread)
=0913. Daemonic (Thread)
=0914. Stack Interpretation and Manipulation (Thread)
=0915. How to strip http-referer field? (Thread)
=0916. All Advantage Spyware maybee the new orifice (Thread)
=0917. Format Bug List? (Thread)
=0918. glibc vulnerability (Thread)
=0919. Format Bugs Are Not Unique to UNIX (Thread)
=0920. IRIX telnetd exploit for 5.3 (Thread)
=0921. getcat.com -- IE CueCat Spy on you. (Thread)
=0922. Cisco 2621 (Thread)
=0923. getcat.com-- IE CueCat Spy on you. (Thread)
=0924. ICMP and BlackICE (fwd) (Thread)
=0925. SSL & IDS (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
=091. NTFS and ACLs (Thread)
=092. Renaming the Administrator Account (Logging out... (Thread)
=093. Fwd:Re: Logging out of a NT server (Thread)
=094. W2K Security Policy (Thread)=09
=095. Logging out of a NT server (Thread)
=096. Logging out of a NT server(s) (Thread)
=097. Secure IMAP (Thread)
=098. Renaming the Administrator Account (Logging out... (Thread)
=099. MS Proxy as a firewall (Thread)
=0910. ArcServIT encrypted (Thread)
=0911. IIS ISAPI Filter (Thread)
=0912. MS-CHAP/PAP and reg. values (Thread)
=0913. CGI Scripts (Thread)
=0914. how to detect password sniffing trojans ? (Thread)
=0915. I need informations about arp/rarp attack (Thread)
=0916. Hotfixing SP6a servers running iis4.0 (Thread)
=0917. NT Vulnerability Scanners (Thread)
=0918. javascript-of-unknown-origin.netscape.com (Thread)
=0919. NT Patch script (Thread)
=0920. config issue (Thread)
=0921. Visual Source Safe? (Thread)
=0922. Logging out of a NT server (logging IP) (Thread)
=0923. Logging out of a NT server - straying a bit (Thread)
=0924. SecurityFocus.com Microsoft News #2 (Thread)
=0925. AIM and Screen Savers (Thread)
=0926. Windows Network logon (Thread)
=0927. Route Command (Thread)
=0928. Restricting Win2K TS Connection? (Thread)
=0929. RestrictAnonymous Not working (Thread)
=0930. Software Audit Tools (Thread)
=0931. Policy and Procedure for installing Service Packs (Thread)
=0932. Messenger service for Win9x / WinNT-2k (Thread)
IX. SUN FOCUS LIST SUMMARY=09
=091. Custom PAM for Solaris (Thread)
=092. How to configure a unified, secure, DHCP/DNS/NIS in a ... (Thread)
=093. How to configure a unified, secure,DHCP/DNS/NIS in a... (Thread)
=094. How to configure a unified, secure, DHCP/DNS/NIS in a ... (Thread)
=095. Is there a way to timeout telnet session (Thread)
=096. unsafe start-up services [Long excerpt] (Thread)
=097. unsafe start-up services (Thread)
=098. [FW1] Please help: Blocking user jumping to different ...(Thread)
=099. locale exploit on BugTrack (Thread)
X. LINUX FOCUS LIST SUMMARY
=091. ipchains log .... connect from local port:23 to remote...(Thread)
=092. scp secure (Thread)
=093. Red Hat Linux release 6.0/6.1 (Hedwig) (Cartman) bug? (Thread)
=094. root on irc (Thread)
=095. From Ports Unknown... (Thread)
=096. Apache Logs (Thread)
=097. We've been compromised? (Thread)
=098. nslookup weirdness (Thread)
=099. samba vs nfs (Thread)
=0910. User's .bash_history (Thread)
=0911. chmod and permission trouble (Thread)
=0912. Can't identify log entry (Thread)
=0913. in_cksum.h (Thread)
=0914. Where to get security-related upgrades in linux2.4... (Thread)
=0915. samba binded int. secure? (Thread)
=0916. FTPD Question (Thread)
XI. SPONSOR INFORMATION - Premier Sponsor: RSA Security
=09=09=09- Standard Sponsor: Aladdin Knowledge Systems =20
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
Proactive protection (eSafe Gateway) versus Reactive protection (too
late)...
The ILOVEYOU vandal caused damages of over $10 billion in a matter of
days, proving that reactive anti-virus solutions were useless in
preventing this attack. The key to Internet security is to be proactive -
stopping attacks and dealing with Web content, scripts and malicious
mobile code before anything ever reaches your network's critical assets.
For this, there's eSafe Gateway. =20
For more information go to: http://www.ealaddin.com/esafe/gateway.
I. FRONT AND CENTER
- -------------------
1. Closing the Window of Exposure: Reflections on the Future of Security=20
In this week's Guest Feature, Bruce Schneier examines the chain of events
that occur in a typical patch release for a security vulnerability, and
ways that we can limit the exposure of affected systems.
http://www.securityfocus.com/templates/forum_message.html?forum=3D2&head=3D=
3384&id=3D3384
2. New Article in the Incident Handling Focus Area: Chasing the Wind -
Episode 1: No Place to Hide
Computer security is a technical subject, and it seems to be getting more
so day by day. Keeping abreast of new developments requires dedication and
a lot of reading. In fact, it could be argued that more of the average
computer security practitioner's time is spent in reading than in any
other single pursuit. While there is a lot of good information out there
to be read, not much of it can truly be called entertaining. In an effort
to lighten the load a little, Security Focus presents "Chasing the
Wind," an ongoing saga that chronicles the evolution of "Jake" from raw
sysadmin to computer security jock. It also follows his nemesis
"Ian" (iR8 d0g) as he climbs the steep trail from script kiddie to one of
the 3l337. Along the way there are lots of insights into the politics,
people, and technologies that make up corporate computer security
culture.
http://www.securityfocus.com/focus/ih/articles/chasing1.html
3. New article in the Sun Focus Area: Role-Based Access Control - A
Distribution of Power Part 3
In an attempt to add a finer grain of control to privileges, Sun
implemented the Role-Based Access control system in Solaris 8. As
a clever solution to a large problem, Sun has implemented a facility that
allows the customizing of privilege for each individual user. The
distribution of power can now allow users access to resources previously
not possible without giving them root access to the system.=20
In our previous article, an overview of RBAC was given. We talked about
what files RBAC uses, what binaries are part of the RBAC suite, and how
they interact. We discussed file formats, and described the content of
RBAC configuration files.
This article guides us through a sample implementation of RBAC. Topics
such as the planning of an RBAC setup and the ideas associated with
design are discussed. This article is designed to work as a reference.
While the concepts in this article can be transparently applied in a
production environment to create an RBAC infrastructure, such an
infrastructure should be carefully planned and designed to provide
scalability and optimization. In short, plan your RBAC environment for
your business needs prior to implementation.
http://www.securityfocus.com/focus/sun/articles/rbac3.html
4. New Article in the Virus Focus Area: The Negatives of False Positives -
Antivirus False Alarms
It is a classic truth in computer science that "the rarer a warning is,
the more likely it is to be noticed." The more common a warning is, the
more likely the user is to want to swat it away like a mosquito on the
monitor screen. So the crucial question for security systems
administrators is this: are you hanging up on your virus checking or
firewall software?=20
http://www.securityfocus.com/focus/virus/articles/falsepos.html
II. BUGTRAQ SUMMARY
- -------------------
1. Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabiliti=
es
BugTraq ID: 1657
Remote: Yes
Date Published: 2000-09-08
Relevant URL:
http://www.securityfocus.com/bid/1657
Summary:
A number of unchecked static buffers exist in Mobius' DocumentDirect for
the Internet program. Depending on the data entered, arbitrary code
execution or a denial of service attack could be launched under the
privilege level of the corresponding service.
Buffer Overflow #1 - Issuing the following GET request will overflow
DDICGI.EXE:
GET /ddrint/bin/ddicgi.exe?[string at least 1553 characters long]=3DX
HTTP/1.0
Buffer Overflow #2 - Entering a username consisting of at least 208
characters in the web authorization form will cause DDIPROC.EXE to
overflow. If random data were to be used, a denial of service attack
would be launched against the DocumentDirect Process Manager which would
halt all services relating to it.
Buffer Overflow #3 - Issuing the following GET request will cause an
access validation error in DDICGI.EXE:
GET /ddrint/bin/ddicgi.exe HTTP/1.0\r\nUser-Agent: [long string of
characters]\r\n\r\n
2. SuSE Apache CGI Source Code Viewing
BugTraq ID: 1658
Remote: Yes
Date Published: 2000-09-07
Relevant URL:
http://www.securityfocus.com/bid/1658
Summary:
SuSE Linux versions 6.3 and 6.4 (previous versions may also be vulnerable)
installs Apache web server (version 1.3.12 in version 6.4 of SuSE)
Apache configuration file /etc/httpd/httpd.conf contains an entry (Alias
/cgi-bin-sdb/ /usr/local/httpd/cgi-bin/). Therefore, files in /cgi-bin/
can be accessed via URLs of the format http://target/cgi-bin-sdb as well. =
=20
Because the path does not contain the string /cgi-bin/, improper
permissions will be assigned, and the file will be sent to the client as
opposed to being executed on the server.
This renders it possible to view the source code of CGI scripts stored in
/cgi-bin/.
3. GNOME esound Unsafe /tmp File Creation Vulnerability
BugTraq ID: 1659
Remote: No
Date Published: 2000-08-31
Relevant URL:
http://www.securityfocus.com/bid/1659
Summary:
A vulnerability exists in the esound package, part of the popular GNOME
environment. Versions 0.2.19 and prior of esound will create a world
writable directory in /tmp, which is normally used to store a Unix domain
socket. An attacker on the system can instead create a symbolic link, and
cause any file or directory owned by the user running esound to be made
world writable.
4. AIX netstat -Z Statistic Clearing Vulnerability
BugTraq ID: 1660
Remote: No
Date Published: 2000-09-03
Relevant URL:
http://www.securityfocus.com/bid/1660
Summary:
A vulnerability exists in versions 4.x. x of AIX, from IBM. Any local user
can utilize the -Z command to netstat, without needing to be root. This
will cause interface statistics to be reset. This could potentially
interfere with programs that track statistical information.
5. Check Point Firewall-1 Session Agent Impersonation Vulnerability
BugTraq ID: 1661
Remote: Yes
Date Published: 1998-09-24
Relevant URL:
http://www.securityfocus.com/bid/1661
Summary:
A vulnerability exists in the "Session Agent" portion of Firewall-1, from
Check Point. This vulnerability appears to affect all versions of the
session agent prior to the one shipped in FW-1 4.1. The session agent
listens on a Windows 9x or NT box for connections from the firewall,
requesting user authentication for connections. This information is all
transmitted in cleartext, and is unauthenticated. This means it can be
sniffed. In addition, the agent accepts connections from any host. Any
person who can connect to the session agent can impersonate the Firewall-1
module, and request username and password information. If supplied, this
can result in the compromise of that username and password.
6. Check Point Firewall-1 Session Agent Dictionary Attack Vulnerability
BugTraq ID: 1662
Remote: Yes
Date Published: 2000-08-15
Relevant URL:
http://www.securityfocus.com/bid/1662
Summary:
A vulnerability exists in all versions of the Check Point Session Agent,
part of Firewall-1. Session Agent works in such a way that the firewall
will establish a connection back to the client machine. Upon doing so, it
will prompt for a username, and if the username exists, a password. Upon
failure, it will reprompt indefinitely. This allows for a simple brute
force attack against the username and password.
7. SCO Unixware "/search97cgi/vtopic" Vulnerability
BugTraq ID: 1663
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1663
Summary:
Certain versions of SCO Unixware ship with a web enabled help system which
is installed by default. This system, httpd-scohelphttp, ships with a
faulty CGI program which will allow remote users to view files which are
viewable to the account under which the web server is run as (typically
'nobody').
The problem in specific is in the following CGI:
/usr/ns-home/httpd-scohelphttp/search97cgi/vtopic
This CGI makes use of a parameter called ViewTemplate that points to an
HTML Template for use with search results:
http://unixware7box:457/search97cgi/vtopic?action=3Dview&ViewTemplate=3D
However, the CGI does not place any restrictions on the relative path and
a user may supply their own and thereby move outside the web root
directory by walking down the directory structure (../) .
8. Tmpwatch Recursive Write DoS Vulnerability
BugTraq ID: 1664
Remote: No
Date Published: 2000-09-09
Relevant URL:
http://www.securityfocus.com/bid/1664
Summary:
Any user with write access to /tmp or /var/tmp, can induce tmpwatch to
cause redhat 6.1 (and others runnng tmpwatch from cron) to stop
responding, and possibly require a hard reboot. This is accomplished by
creating a directory tree many (ie. ~6000) nodes deep in /tmp. For each
level of the directory in /tmp, tmpwatch will fork() a new copy of itself.
9. muh IRC Log Format String Vulnerability
BugTraq ID: 1665
Remote: Yes
Date Published: 2000-09-09
Relevant URL:
http://www.securityfocus.com/bid/1665
Summary:
muh acts as a proxy between an irc client and server. To the irc server,
the muh session appears as the irc client, and to the irc client, the muh
session appears as an irc server.
One of muh's features is to log client messages if the client is
disconnected.
Version 2.05 (and possibly earlier versions) are vulnerable to a format
string bug which can be used to make muh crash if logged messages are
replayed by the client. It is possible that this bug can also be exploited
to execute arbitrary code with the privileges of the user running muh.
10. NT Authentication PAM Modules Buffer Overflow Vulnerability
BugTraq ID: 1666
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1666
Summary:
The pam_smb and pam_ntdom are plug-in authentication modules that allow
unix users to authenticate against an NT domain controller. The pam_smb
module contains a remotely exploitable buffer overflow vulnerability.
pam_ntdom, which was derived from pam_smb, contains the same
vulnerability. The problem results from long user names being copied into
a 16 byte stack variable without bounds checking.
11. Mailman 1.1 Writable Variable Vulnerability
BugTraq ID: 1667
Remote: No
Date Published: 2000-09-07
Relevant URL:
http://www.securityfocus.com/bid/1667
Summary:
Mailman supports external archiving of messages, typically via an archiver
like MHonArc or hypermail. Macros may be used which are based on
variables internal to Mailman.
For example, list archives can be saved on a per-list basis with the
following entry in $prefix/Mailman/mm_cfg.py, :
PUBLIC_EXTERNAL_ARCHIVER =3D '(mhonarc -add -nolock -umask 023 -rcfile
rc.%(listname)s -outdir /mnt/WWW/htdocs/lists/%(listname)s)'
The (listname) value can be created for each list by the list administrato=
r. =20
If the listname variable is set to a system command, the command will be
run every time a message is sent to the list as Mailman archives the
message.
For example, if the listname value is set to: `/usr/X11R6/bin/xterm
- -display myhost.example.com:0 -e /bin/csh`
Upon receipt of a message to the list, the embedded command will be
executed, in this example opening a remote xterm with a shell running
under the uid/gid of the Web server.
Other variable names may also be accessed, depending on the configuration
of your PUBLIC_EXTERNAL_ARCHIVER definition.
The patch supplied under the Solution tab will only fix problems with
%(listname)s expansion.
12. YaBB Arbitrary File Read Vulnerability BugTraq ID: 1668 Remote: Yes
Date Published: 2000-09-10 Relevant URL:
http://www.securityfocus.com/bid/1668=20
Summary:=20
YaBB.pl, a web-basedbulletin board script, stores board postings in
numbered text files. The numbered file name is specified in the call to
YaBB.pl in the variable num=3D<file>. Before retrieving the file, YaBB will
append a .txt extension to <file>.
Due to input validation problems in YaBB, relative paths can be specified
in <file>. This includes ../ style paths.
Additionally, <file> does not need to be numerial, and the .txt extension
can be avoided by appending %00 to <file>.
By expoliting these problems in a single request, a malicious user can
view any file that the webserver has access to.
13. Ranson Johnson mailto.cgi Piped Address Vulnerability
BugTraq ID: 1669
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1669
Summary:
The value of the 'emailadd' variable in Ranson Johnson's Combination
Mail-to and Credit Card Orderform is used in conjunction with a piped
open. This value is supplied by users filling out the form. This opens
up the possibility of remote command execution with the privilege level of
the web server by entering specially crafted values into the 'emailadd'
field on the form.
14. MailForm 2.0 XX-attach_file Vulnerability
BugTraq ID: 1670
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1670
Summary:
MailForm 2.0 uses a number of hidden form fields to process messages.
Hidden form fields can often be edited in a local copy of the page, and
used to acheive undesired results. The XX-attach_file field can be edited
in MailForm 2.0 to cause the cgi to email the attacker a copy of any file
that is readable by the cgi.
15. Microsoft WebTV DoS Vulnerability
BugTraq ID: 1671
Remote: Yes
Date Published: 2000-09-12
Relevant URL:
http://www.securityfocus.com/bid/1671
Summary:
If a remote user sends a UDP packet to any port in the 22701 - 22705 range
to a system running WebTV for Windows, the system may crash entirely or at
the least the program will stop responding.
As well, sending a UDP packet to port 22703 specifically has been known to
cause automatic reboots.
16. mgetty-sendfax .lastrun File Overwrite Vulnerability
BugTraq ID: 1672
Remote: No
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1672
Summary:
The faxrunq and faxrunqd commands in mgetty-sendfax use
/var/spool/fax/outgoing/.lastrun to track the date and time of the last
use of the faxrunq command. An attacker can create a symbolic link called
/var/spool/fax/outgoing/.lastrun which points to any other file on any
mounted filesystem. When faxrunq is run, the contents of this file will be
overwritten.
17. Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
BugTraq ID: 1673
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1673
Summary:
Due to an inherent flaw in the RPC service in Microsoft Windows 2000, it
is possible to crash RPC services on a Windows 2000 server, thus denying
any incoming RPC requests. Sending a specially malformed RPC packet via
port 135-139 or 445 to a Windows 2000 server will halt the RPC service
entirely. A reboot is required in order to regain normal functionality.
18. Horde CGI Remote Command Execution Vulnerability
BugTraq ID: 1674
Remote: No
Date Published: 2000-09-08
Relevant URL:
http://www.securityfocus.com/bid/1674
Summary:
Horde is a set of web-based productivity, messaging, and
project-management applications written in PHP and distributed under the
GPL and LGPL licenses. For sending email, it uses popen to execute
sendmail with user input as part of the command string (which is then
parsed by the shell..). One of these parameters that originates as user
input, the "from" value, can be used to gain remote access to the server
on which horde is running. The script does not check to make sure that the
value of this variable is sane before sending it to the shell that is
executed by the popen() call. As a result it is possible for an attacker
to gain access to the target host with the priviliges of the webserver,
given that he/she has ability to send mail from Horde in the first place
(it is authenticated in most cases, which is why this is classified as a
local vulnerability). The "from" field is the only parameter known to be
affected in such a manner. The rest of the variables are protected by a
function that cleans them of any metacharacters.
19. EFTP Buffer Overflow Vulnerability
BugTraq ID: 1675
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1675
Summary:
EFTP is a freeware ftp client and server package that offers encrypted and
normal file transfer functionality written by Khalim Landross. If the
server recieved a request containing more than 2100 characters, it will
crash due to sensitive memory areas being overwritten by the extraneous
data. The server will then, in most cases, crash. It may be possible to
execute arbitrary code on the server running eftp if a request is
carefully crafted to do so.
20. EFTP Partial Input Denial of Service Vulnerability
BugTraq ID: 1677
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1677
Summary:
EFTP is a small freeware ftp server that supports encrypted ftp written by
Khalim Landross. Like most ftp servers, it parses server requests based on
newline characters in the incoming data buffer. Unfortunately eftp does
not take into account the possibility of recieving zero newlines before a
connection is closed, leaving the software vulnerable to unpredictable
behaviour if this happens. If a client connects and sends data to the ftp
server without sending a newline to "terminate the request", the server
will crash resulting in a denial of service.
21. Mandrake /perl http Directory Disclosure Vulnerability
BugTraq ID: 1678
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1678
Summary:
The default configuration files for versions of mod_perl shipped with
Mandrake Linux 6.1 through 7.1 contain a misconfiguration that can be a
security concern in some situations. The /perl directory is part of the
webserver's root tree (the subdirectory tree from which files are
accessable on the webserver..) that is used to store perl scripts. In the
configuration file for mod_perl, the apache perl interpreter module, the
directory is permitted to be "indexed".. meaning that the webserver will
display the contents of the directory if it is requested by itself. The
result is that an attacker can see what files are in /perl. While this bug
does not affect how the webserver interprets the files in that directory
(eg., it will still execute them), knowing what is there to be executed
can allow for more targeted and intelligent attacks against scripts known
to be vulnerable listed there.
22. IMP File Disclosure Vulnerability
BugTraq ID: 1679
Remote: Yes
Date Published: 2000-09-12
Relevant URL:
http://www.securityfocus.com/bid/1679
Summary:
IMP is a set of PHP scripts that implement an IMAP based webmail system.
Certain versions of IMP are vulnerable to a remote attack which allows
attackers to have files on the server running IMP mailed to them.
This vulnerability is due to the fact that user supplied variables may be
set to the PHP script. The script is in proper operation supposed to use
these pre-defined variables to track attachments being composed through
IMP. The variable in particular:
attachments_name[]
Can be supplied by the user with a file which he/she would not normally be
able to read. This action is performed by the user privilege level at
which IMP is being run. The file which can be read are therefore dependant
on this. In addition to mailing this file to the attacker IMP will further
attempt to unlink it. If the the file is writable by the user running IMP
the file will be deleted.
23. Jack De Winter WinSMTP Buffer Overflow Vulnerability
BugTraq ID: 1680
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1680
Summary:
A number of unchecked buffers exist in the SMTP and POP3 components of
Jack De Winter's WinSMTP mail daemon which could lead to denial of service
attacks or arbitrary code execution, depending on the data entered.
Sending a HELO command consisting of approximately 170 bytes or a USER
command consisting of approximately 370 bytes will result in a Windows
general protection fault error.
24. Netegrity SiteMinder Authentication Bypass Vulnerability
BugTraq ID: 1681
Remote: Yes
Date Published: 2000-09-11
Relevant URL:
http://www.securityfocus.com/bid/1681
Summary:
Netegrity's SiteMinder software is designed to provide access control to
webpages at the server. It is possible, with a specially modified URL, for
unauthenticated clients to gain read and/or execute access to protected
content.
If the URL is modified by adding the string '/$/nonexistantfile.ext' after
the desired URL, the server will pass the requested content without
prompting for or requiring any authentication whatsoever. The extension of
the non-existant file is checked, and so far only .ccc, .class, and .jpg
have been proven to work.
If the restricted content is a cgi application, variable values are
specified after the added string. If no values are specigfied, the server
will return the source of the cgi.
25. HP OpenView Network Node Manager Config Scripts Vulnerability
BugTraq ID: 1682
Remote: Unknown
Date Published: 2000-09-12
Relevant URL:
http://www.securityfocus.com/bid/1682
Summary:
According to an HP advisory (HPSBUX0009-120), the database configuration
scripts bundled with OpenView NNM are not sufficiently secure and allow
users with a login to obtain unauthorized privileges.
26. Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
BugTraq ID: 1683
Remote: Yes
Date Published: 2000-09-14
Relevant URL:
http://www.securityfocus.com/bid/1683
Summary:
By default, the telnet client (telnet.exe) shipped with Microsoft Windows
2000 utilizes Windows NT Challenge/Response (NTLM) as an authentication
method. When establishing a connection to a host, the telnet client will
attempt authentication via NTLM, regardless of whether or not the host is
a Windows telnet server or not. There is a possibility that the NTLM
challenge/response authentication session could be monitored and
subsequently cracked, which could lead to the disclosure of sensitive
information such as usernames, passwords, domains, etc. The NTLM
challenge/response protocol is known to be susceptible to brute-force
cracking, as demonstrated in the tool "L0phtcrack."
Forcing a telnet session on a remote target is a trivial task because
products such as Microsoft Internet Explorer, Outlook (Express), Netscape
Navigator, etc. will automatically open URLs with a "telnet://"; prefix in
a default telnet client (which is normally telnet.exe). The following are
some examples of how one could open a telnet session on a specified rogue
server:
1)
<html>
<frameset rows=3D"100%,*">
<frame src=3Dabout:blank>
<frame src=3Dtelnet://target>
</frameset>
</html>
2)
<html>
<head>
<meta http-equiv=3D"refresh" content=3D"0;URL=3Dtelnet://target";>
</head>
</html>
3)=20
<script>window.open("telnet://target";)</script>
27. Sambar Server (BETA) Search CGI Vulnerability
BugTraq ID: 1684
Remote: Yes
Date Published: 2000-09-15
Relevant URL:
http://www.securityfocus.com/bid/1684
Summary:
The Sambar Server was created to test a three-tier communication
infrastructure modeled after the Sybase Open Client/Open Server. Soon
thereafter, the idea of leveraging the infrastructure for dynamic delivery
of content on the WWW resulted in the addition of an HTTP protocol stack,
and efforts in supporting the notion of preexistent users via HTTP.
Originally developed on a Sun Workstation (UNIX), it was ported to the PC
(Windows 32) and licensed for commercial purposes. After completely
rewriting the base code at the end of 1996, and adding many new features,
version 3.0 began shipping in February 1997. Version 4.0 began shipping in
mid-May 1997.
Certain BETA versions of this software ship with a vulnerability in the
search.dll which allows remote attackers to view the contents of the
SAMBAR Server such as mail folders etc. It should be noted that this
vulnerability ships in a *beta* version of the software according to the
available information.
28. CamShot Remote Buffer Overflow Vulnerability
BugTraq ID: 1685
Remote: Yes
Date Published: 2000-09-15
Relevant URL:
http://www.securityfocus.com/bid/1685
Summary:
CamShot is a Windows 95/98/2000/NT web server that serves up web pages
containing time stamped images captured from a video camera. The images
can be viewed from anywhere on the network with a web browser. CamShot
works with Video For Windows compatible video equipment. Certain trial
versions of this software contain a possibly exploitable remote buffer
overflow by way of a overly long user supplied 'Authorization' password.
It is not known if supported commercial versions of this software contain
the same vulnerability.
29. FreeBSD Eject Local Root Vulnerability
BugTraq ID: 1686
Remote: No
Date Published: 2000-09-13
Relevant URL:
http://www.securityfocus.com/bid/1686
Summary:
eject contains several explotable buffers which, upon overflow, can confer
root privelege to local users.
30. Pine Malformed Header Denial of Service Vulnerability
BugTraq ID: 1687
Remote: Yes
Date Published: 2000-09-13
Relevant URL:
http://www.securityfocus.com/bid/1687
Summary:
Pine is one of the most popular unix console email clients. If a message
within a mailbox accessed by pine has a malformed X-Keywords line
(X-Keywords is part of the email header), the client will crash without
visible reason when attempting to parse the mailbox file. This is due to a
bug in the c-client library, which is used for parsing the mailbox files.
The result of this being exploited is a denial of service to the recipient
of the email until the malicious malformed message is removed.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY=20
- ------------------------------------------
1. Cyber SpyHunt
By Kevin Poulsen
September 18, 2000=20
At the root of the biggest computer security case of the information age
you can find the spirits of McCarthy and Hoover haunting the Infobahn like
the ghostly hitchhikers of urban legend, extending their gangrenous thumbs
and peering hopefully through filmy eyes as each driver slows, considers.
Tragically, it was the press and the judiciary who stupidly pulled over,
popped open their passenger-side doors and asked, "How far ya going?"
http://www.securityfocus.com/templates/article.html?id=3D87
2.White House Flunks Back
By Kevin Poulsen
September 13, 2000
WASHINGTON--A top aid to President Clinton said Wednesday that Congress
deserves the blame for the poor state of computer security at Federal
agencies.
"For two years in a row now the administration has asked Congress for
funding [for computer security], and for two years in a row they've
refused," said Richard Clarke, national coordinator for security,
infrastructure protection and counter-terrorism on the White House's
National Security Council. "What grade do we give them?"
http://www.securityfocus.com/templates/article.html?id=3D85
3. Panel: 'Cyberweapons' Control Needed
By Kevin Poulsen
September 12, 2000 3:46 PM PT
WASHINGTON--An international ban on malicious computer code could be fully
implemented in as little as two years, and would provide law enforcement
agencies with a powerful tool in the war on computer crime, according to
officials from the U.S. and Europe speaking at the InfowarCon 2000
conference here Tuesday.
http://www.securityfocus.com/templates/article.html?id=3D84
4. Microsoft Cookies Jump Domains
By Kevin Poulsen
September 12, 2000 1:44 AM PT
Privacy enhancements in Microsoft's newest Internet Explorer beta release
don't guard against a stealthy technique that the company has begun using
to track visitors to their own web sites, MSNBC.com, Expedia, bCentral,
and others.
http://www.securityfocus.com/templates/article.html?id=3D83
5. Coming Out Party
By Kevin Poulsen
September 11, 2000 6:03 AM PT
Most of the 1,334 United States patents that will turn 17-years-old and
expire on September 20th will not kick-off raucous celebration around the
country. When the patent for a particular timed telephone ring silencer
device becomes usable by anyone sans licensing fees, champagne glasses
will not tilt for it. Likewise, a combined denture mold dewaxer and curing
basin, a circuit for distorting an audio signal, and a process for
preparing acetic acid esters will all slip into the public domain without
so much as a handful of confetti taking flight in their honor.
But U.S. patent number 4,405,829, "Cryptographic Communications System And
Method," is another story.
http://www.securityfocus.com/templates/article.html?id=3D82
IV.SECURITY FOCUS TOP 6 TOOLS=20
- -----------------------------
1. Ethereal 0.8.12=20
(AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, SCO, Solaris and
True64 UNIX) =20
by Gerald Comb (gerald@zing.org)
Relevant URL:
=09http://ethereal.zing.org/=20
=20
Ethereal is a network protocol analyzer, or "sniffer", that lets you
capture and interactively browse the contents of network frames. The goal
of the project is to create a commercial-quality packet analyzer for Unix,
and the most useful packet analyzer on any platform. Ethereal can now read
the compressed Sniffer file format. The dissectors for RTP, IP, ISAKMP,
ICMP, SMB, SMB-PIPE, VTP, SNMPv3, Ethernet, GRE, EIGRP, DHCP, IPX, X.25,
RSVP, and L2TP have been updated, and Mobile IP and COPS have been added.
The dissector API has changed dramatically to provide a more error-free
and robust program, although the conversion of dissectors to this new API
is still underway. There is now support for decoding syslog, X11, and CLTP
protocols. Ethereal can now read NetXRay 2.002 files and Linux ATM
interfaces. The Win32 version now has the "Update list of packets in real
time" feature.
2.ShadowSecurityScanner 1.01.001=20
(Windows 2000, Windows 95/98 and Windows NT)
by RedShadow, red@rsh.kiev.ua
Relevant URL:
=09http://www.rsh.kiev.ua=20
=20
New version of ShadowSecurityScaner, update:
=091. The nucleus of the scanner was completely rewrote
=092. The format of bases was changed
=093. The possibility of homing of new bases has become better
=094. The interface has changed
=095. The options are rather widened
=096. The NetBiosa control can work even under Win9x
=097. The possibility of checking of list of hosts has appeared now
=098. All of defects obtained in previous versions were reformed
=099. Added new method for checking a users netbios password
=0910. Added function for checking a users password with a password list
3. Lsof 4.51=20
(AIX, BSDI, Digital UNIX/Alpha, FreeBSD, HP-UX, IRIX, Linux, =20
NetBSD, OpenBSD, SCO, Solaris, SunOS and Ultrix)
by Vic Abell (abe@purdue.edu)
Relevant URL:
=09http://www.securityfocus.com/tools/1008
Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open
Files, and it does just that. It lists information about any files that
are open by processes currently running on the system. NetBSD Alpha added,
Solaris kernel address filtering added, fixes for /dev/kmem-based Linux,
Solaris, BSDI, FreeBSD, NeXTSTEP, OpenBSD, and OpenStep. Added 64 bit file
size and offset support for BSDI, FreeBSD, NetBSD, and OpenBSD. Support
for Solaris 9 (SunOS 2.9) and Linux 2.4, and bug fixes
4. Wrapper v2 (Linux, Solaris and UNIX)=20
by Joe Zbiciak (im14u2c@primenet.com)
Relatively URL:
=09 http://cegt201.bradley.edu/~im14u2c/wrapper/=20
=20
This wrapper is intended to protect SUID/SGID programs that may either be
susceptible to buffer overflows on commandline arguments, or
inappropriately trust certain environment variables. This wrapper does not
fix file race-conditions, nor does it help with other bugs/problems.=20
=20
5. Winfingerprint 2.2.8=20
(Netware, Windows 95/98 and Windows NT)
by Kirby Kuehl (vacuum@technotronic.com)
Relevant URL:
=09http://www.technotronic.com/winfingerprint/=20
Advanced remote windows OS detection. Current Features: Determine OS using
SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain
Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE
SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate
Shares including Administrative ($), Enumerate Global Groups, Enumerate
Users, Displays Active Services, Ability to Scan Network Neighborhood,
Ability to establish NULL IPC$ session with host, Ability to Query
Registry (currently determines Service Pack Level & Applied Hotfixes.
Changes: Enumerates, Shares, groups, users, services, transports, time,
determines OS version, service pack and hotfix level, html output.
6. OpenSSL 0.9.5a=20
(UNIX and Windows NT)=20
by OpenSSL Project
Relevant URL:
=09http://www.openssl.org/=20
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation. OpenSSL is based on the excellent SSLeay library and
licensed under an Apache-style license.
V. SECURITY JOBS SUMMARY
- ------------------------
1. What are the advantages using a recruiter? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3ds9c10a30.034@mail.4bcg=
=2Ecom
=20
2. Jobs @NFR: Be with the Best (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d20000914162555.21193.q=
mail@securityfocus.com
=20
3. Security Engineer: New Jersey (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d002301c01e74$06016c10$=
b301a8c0@iconsinc.net
=20
4. Looking for a mid level server security engineer (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d001e01c01e7f$8557d660$=
3e02010a@deepthought
=20
5. HP Internet Security Opportunities - Atlanta, GA & Cupertino, CA (Thre=
ad)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d079FD72E42C9D311B85400=
9027650E6F80D8B1@xatl02.atl.hp.com
=20
6. Join the security team of a major ISP!-Atlanta, Georgia (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3dNDBBIANENKHKPHLGCFCAME=
NGCJAA.toddcc@thorgroup.com
=20
7. Security Manager needed for D.C. 5-12 month engagement, (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3dNCBBLNPMHFBGKOMJOGILCE=
KFLDAA.sgoldsby@integrate-u.com
=20
8. Advertise MN (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3dA1FC9A38ED03D311A8DA00=
500403A48912241F@suntzu.net
=20
9. Internet Security Analyst - #187 - NJ (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d20000911183837.25141.q=
mail@securityfocus.com
=20
10. Security Consultant (Any State) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d20000908180112.7364.qm=
ail@securityfocus.com
=20
11. Senior Security Consultant - #416 - Palo Alto, CA or NYC (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d77%26date%3d2000-09-15%26thread%3d20000908140749.5908.qm=
ail@securityfocus.com
=20
VI. INCIDENTS LIST SUMMARY
- -------------------------
1. Large scans in progress... (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dPine.LNX.4.10.10009142=
249420.6070-100000@redhat1.mmaero.com
=20
2. ICMP mapping, questioning legality!! (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d20000914235013.861D54@=
proven.weird.com
=20
3. Follow up on Apache Wierdness (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dPine.LNX.4.10.10009141=
852540.20285-100000@server5.creative-webs.com
=20
4. new scanner tool or blind luck? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d4.3.2.7.2.200009141552=
53.00b853f0@mail.natdoor.com
=20
5. t0rnkit on www (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d39C1394A.FEAEB747@swbe=
ll.net
=20
6. port scans from local workstation (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d8525695A.006C1936.00@p=
ch.gc.ca
=20
7. Administrivia: Quoting (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d20000914151313.L21645@=
securityfocus.com
=20
8. Interesting Logs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d39C0F707.99E251EA@secu=
reaustin.com
=20
9. isakmp before smtp? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d39C10F73.E2DB2A46@glob=
alstar.com
=20
10. UDP port 1025 Blackjack=BF? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dp04310100b5e682b3afe9@=
[192.168.0.1]
=20
11. Port 2000, 2002 scans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dAB45B90F396FD411BCBC00=
00F4A28469245673@lpd4mubd01.austin.navy.mil
=20
12. DDOS attacks on IRC (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d20000913102225.S16586@=
securityfocus.com
=20
13. ICMP messages - Scan or exploit attempt? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dSIMEON.10009121252.D21=
545@bluebottle.itss
=20
14. Hits on 64257/tcp (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d39BE8A75.35F9E086@glob=
alstar.com
=20
15. [Snort-users] [bgallia@orion.it.luc.edu: Castor's use of "ECN" shut-off=
] (fwd) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091212=
22590.1200-110000@mail
=20
16. por favor (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d20000912121055.C30352@=
underground.org
=20
17. wake up & smell the DDoS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d200009130523.AAA12774@=
astro.as.utexas.edu
=20
18. t0rn (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d39BE3CC1.1C0A7FC9@cert=
=2Eorg
=20
19. AW: Port 2000, 2002 scans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dNDBBKGCODKEIDLPAMIPEAE=
LODJAA.security@perotech.ch
=20
20. t0rn (the rootkit) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d200009111853.LAA03619@=
crafty.wanet.net
=20
21. Large ICMP Packet, DoS or smth else? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d200009111351.e8BDpJ030=
252@black-ice.cc.vt.edu
=20
22. win95, notepad.exe worm/trojan, note.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d20000909172558.25916.q=
mail@fhome32.rz2.gmx.net
=20
23. AOL vs. Koreans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d007e01c01b20$95141a80$=
0100007f@Gill
=20
24. Digital Signatures for evidence (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d85256956.00031E51.00@p=
ch.gc.ca
=20
25. ICMP Source Quench - Can it be some flood attack? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3dPine.LNX.4.04.10009091=
718580.877-100000@ghost.net
=20
26. clearing up: Re: something nasty (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d39B9154B.D9C518F7@netl=
and.nl
=20
27. port 9704 scans (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d002b01c019ad$73cb16e0$=
dec92f86@int1.telenor.cz
=20
28. packets with reserved bits set on (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d00db01c01991$6db7faa0$=
dec92f86@int1.telenor.cz
=20
29. Oh, Christmas Tree (Was: packets with reserved bits set on) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d4.3.2.7.2.200009081026=
53.04e4ada0@localhost
=20
30. The end of trinity (soon) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d75%26date%3d2000-09-15%26thread%3d046a01c01935$78b40a40$=
af00a8c0@cybercable.fr
=20
VII. VULN-DEV RESEARCH LIST SUMMARY
- ----------------------------------
1. [ no subject ]
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d39C1BAAE.24E1CA3E@thie=
vco.com
=20
2. How to prevent malicious linking/posting to webapps? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d004501c01e41$b8cf6140$=
f7c723cb@lifelesswks
=20
3. ICMP clarification (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dGDEIJDIGIGIFHEIILCALIE=
PPCEAA.ofir@itcon-ltd.com
=20
4. All Advantage Spyware (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d013001c01e6a$4c893140$=
dec92f86@int1.telenor.cz
=20
5. Forge packets? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dEC8093BEB3FDD311B42500=
805FA7F01C010E240B@mtvmail.merant.com
=20
6. stackguard-like embedded protection (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d20000914014157.A14399@=
antiz.marmoc.net
=20
7. RES: All Advantage Spyware (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d20000913191137.A31215@=
genus.cyberchat2000.com
=20
8. za and spyware (was: no subject) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d200009131725.NAA19820@=
mailout1-1.nyroc.rr.com
=20
9. your mail (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091313=
05560.29108-100000@hackme.spy.org
=20
10. Format Bugs in Windows Code? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dPine.LNX.4.10.10009131=
228210.7069-100000@blue.localdomain
=20
11. por favor (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d20000912121055.C30352@=
underground.org
=20
12. Auto-update software... (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091210=
31440.29108-100000@hackme.spy.org
=20
13. Daemonic (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dPine.BSF.4.21.00091210=
20301.32867-100000@intrepid.vapour.net
=20
14. Stack Interpretation and Manipulation (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d200009121400.JAA28349@=
rgfsparc.cr.usgs.gov
=20
15. How to strip http-referer field? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dNDBBJOKICOHGIJLJDFEJKE=
NKCIAA.dom@devitto.demon.co.uk
=20
16. All Advantage Spyware maybee the new orifice (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dF215P3AjMZKru6RkWIM000=
07d23@hotmail.com
=20
17. Format Bug List? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d001a01c01bce$542074c0$=
0100a8c0@zeus
=20
18. glibc vulnerability (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dPine.LNX.4.10.10009102=
130340.15251-100000@mastermind.inside.guardiandigital.com
=20
19. Format Bugs Are Not Unique to UNIX (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d39BB5A4E.BD260690@wire=
x.com
=20
20. IRIX telnetd exploit for 5.3 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3dPine.LNX.4.21.00090900=
31450.25214-100000@intellx2.physics.uiuc.edu
=20
21. getcat.com -- IE CueCat Spy on you. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d4.3.2.7.0.200009082357=
18.00bfddd0@mail.airmail.net
=20
22. Cisco 2621 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d20000909004502.6545.qm=
ail@web1103.mail.yahoo.com
=20
23. getcat.com-- IE CueCat Spy on you. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d6BE294A3D8FBD111BF5800=
A0C9B71F6924D468@NTPC3
=20
24. ICMP and BlackICE (fwd) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d4.3.2.7.2.200009081126=
29.00aa5990@ohstpy.mps.ohio-state.edu
=20
25. SSL & IDS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d82%26date%3d2000-09-15%26thread%3d20000908000417.C2347@s=
cylla
=20
VIII. MICROSOFT FOCUS LIST SUMMARY
- ---------------------------------
1. NTFS and ACLs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d000801c01e9c$613ec910$=
020a0a0a@trinity
=20
2. Renaming the Administrator Account (Logging out of a NT server) (Threa=
d)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dLAW2-OE3078KpX13wZt000=
01999@hotmail.com
=20
3. Fwd:Re: Logging out of a NT server (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dc4.92e8fb4.26f37b17@ao=
l.com
=20
4. W2K Security Policy (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d20000914165122.16790.q=
mail@securityfocus.com
=20
5. Logging out of a NT server (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dOF4A727A80.DF9BEC58-ON=
8525695A.006AC13A@tas.alcatel.ca
=20
6. Logging out of a NT server(s) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dBBA667FBA8DCD211B3B300=
08C7B1A7CE06C9F7B2@ldihouexch6.stewart.com
=20
7. Secure IMAP (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d1C89780C4179D3118C5800=
902771935808A91D9D@caemsx01.cae.ca
=20
8. Renaming the Administrator Account (Logging out of a NT server) (Threa=
d)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dCEE0B7A5C566D411862100=
9027DE24767FA7@hsadenmx02.hsacorp.net
=20
9. MS Proxy as a firewall (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dDLEILCKDOINEPPBFIBDNAE=
DPCAAA.m.dokter@deanmoor.nl
=20
10. ArcServIT encrypted (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dF40sfGdMNFmWAFsTmIC000=
09962@hotmail.com
=20
11. IIS ISAPI Filter (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d6B180991CB19D31183E400=
00F86AF80E020CCE43@broexc2.bro.dec.com
=20
12. MS-CHAP/PAP and reg. values (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d39BFFC44.B75350E9@choi=
cehotels.com
=20
13. CGI Scripts (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d15B861674BF8D31186DC00=
508B8BB2F70105C5D2@edmm61.bchydro.bc.ca
=20
14. how to detect password sniffing trojans ? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dDAEIJNEKMPIGLADFMEICME=
JHCJAA.smoulec@cuisinesolutions.com
=20
15. I need informations about arp/rarp attack (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d20000913054226.26046.q=
mail@web6304.mail.yahoo.com
=20
16. Hotfixing SP6a servers running iis4.0 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d003401c01cf9$060996a0$=
05000006@home
=20
17. NT Vulnerability Scanners (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d003301c01cf9$046f2080$=
05000006@home
=20
18. javascript-of-unknown-origin.netscape.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dLAW2-F147Ae2hXSDx1k000=
0c6e5@hotmail.com
=20
19. NT Patch script (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091214=
27360.547-100000@mail
=20
20. config issue (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dF277rm3rxUn3AkTR60o000=
0472f@hotmail.com
=20
21. Visual Source Safe? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d0DB7B6E06277D311B79700=
9027AA5B4A472BFF@axcs01.cs.itc.hp.com
=20
22. Logging out of a NT server (logging IP) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d005201c01cc9$71c453b0$=
dc0adc0a@xato.net
=20
23. Logging out of a NT server - straying a bit (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d001b01c01c75$e24d4500$=
af05a8c0@anchorsign.com
=20
24. SecurityFocus.com Microsoft News #2 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091112=
03140.21523-100000@mail
=20
25. AIM and Screen Savers (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d008a01c01bf5$5bbe27a0$=
ab00000a@123
=20
26. Windows Network logon (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d006901c01b40$3edaafb0$=
0200a8c0@bravo
=20
27. Route Command (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d001c01c01a5a$bac70d80$=
81c0a8c0@openports.com
=20
28. Restricting Win2K TS Connection? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d757FB99C5009D31197CA00=
A0C983121C01C6C69A@intra.qdata.net
=20
29. RestrictAnonymous Not working (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dLPBBJMNBMILKDPHHCDNKEE=
LOCDAA.potus@glacyar.com.ar
=20
30. Software Audit Tools (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3d6B6FA301D07CD311936600=
A0C9ACA4400D3B1B@TCCOM
=20
31. Policy and Procedure for installing Service Packs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dOF968D397C.FBD00BEA-ON=
86256954.006887BF@wheda.com
=20
32. Messenger service for Win9x / WinNT-2k (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d88%26date%3d2000-09-15%26thread%3dNEBBJCLKGNOGCOIOBJNAIE=
MLDHAA.marc@eeye.com
=20
IX. SUN FOCUS LIST SUMMARY=20
- ----------------------------
1. Custom PAM for Solaris (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3d20000915175947.24417.q=
mail@nwcst276.netaddress.usa.net
=20
2. How to configure a unified, secure,DHCP/DNS/NIS in a heterogeneous...(Th=
read)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3d41AF07DE6293D311AF9C00=
9027C23B26067D4C3A@titan.i.spray.se
=20
3. How to configure a unified, secure,DHCP/DNS/NIS in a heterogeneous...(Th=
read)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3d39C16726.F7559C70@glob=
alstar.com
=20
4. How to configure a unified, secure,DHCP/DNS/NIS in a heterogeneous...(Th=
read)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091412=
45380.2427-100000@mgolear.cus.ilstu.edu
=20
5. Is there a way to timeout telnet session (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3d9567030CBFF6D311BDD900=
D0B71DBF84E42F02@doamail04.doa.state.wi.us
=20
6. unsafe start-up services [Long excerpt] (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3d681A172AD027D411AB2200=
08C716D0C7D81E54@c0003v1idc1.oss.level3.com
=20
7. unsafe start-up services (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3dPine.GSO.3.96.10009141=
00656.20130A-100000@roble2.roble.com
=20
8. [FW1] Please help: Blocking user jumping to different servers... (Thread=
)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3dB5B1F1162663D411BB8000=
508B691B20030995@ptimapp3
=20
9. locale exploit on BugTrack (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d92%26date%3d2000-09-15%26thread%3d200009081639.RAA02059@=
otis.UK.Sun.COM
=20
X. LINUX FOCUS LIST SUMMARY
- ---------------------------
1. ipchains log .... connect from local port:23 to remote port:2628 (Thre=
ad)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d006a01c01ec4$5dafa7b0$=
140aa8c0@wido1.on.wave.home.com
=20
2. scp secure (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d4.3.2.7.2.200009142243=
07.00b74e08@mail.cnw.com
=20
3. Red Hat Linux release 6.0/6.1 (Hedwig) (Cartman) bug? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d00ee01c01ec9$e58a9be0$=
0201a8c0@hell.net
=20
4. root on irc (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d005f01c01ec8$48f9d940$=
0201a8c0@hell.net
=20
5. From Ports Unknown... (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d009401c01e94$6da07800$=
948643ce@wlnet.com
=20
6. Apache Logs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dPine.GSO.4.21.00091417=
38210.17714-100000@carrefour.gothpoodle.com
=20
7. We've been compromised? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dp0500190db5e6c8032fe2@=
[132.235.174.206]
=20
8. nslookup weirdness (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dEEEAIBONKDCOLHPMDABDGE=
FCCDAA.nate@buylink.com
=20
9. samba vs nfs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d008201c01ded$e3dc63a0$=
0202000a@absoft.com.au
=20
10. User's .bash_history (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dPine.LNX.4.20.00091410=
24340.11564-100000@noella.mindsec.com
=20
11. chmod and permission trouble (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d97BB32FD26B4D311B10100=
90276AE3E68795AA@CWEXCHANGESVR01
=20
12. Can't identify log entry (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dPine.LNX.4.21.00091408=
36060.12564-100000@zaius.poa.net
=20
13. in_cksum.h (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dF90MvYofF49PCFKQwS2000=
0c1db@hotmail.com
=20
14. Where to get security-related upgrades in linux2.4 kernel? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d20000914052405.20362.q=
mail@securityfocus.com
=20
15. samba binded int. secure? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=3D%2ftemplates%2farc=
hive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3d002a01c01dfb$58afb1c0$=
46170780@lunchmeat7.com
=20
16. FTPD Question (Thread)
Relevant URL:
%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-09-15%26thread%3dEF1B=
4BABBE61D411B86B00508BDFB2C00483E4@WDCROBEXC10=3D%2ftemplates%2farchive.pik=
e%3flist%3d91%26date%3d2000-09-15%26thread%3dEF1B4BABBE61D411B86B00508BDFB2=
C00483E4@WDCROBEXC10
XI. SPONSOR INFORMATION - RSA Security Ltd.
- ----------------------------------
RSA Security - The Only Fully Interoperable PKI Solution.=20
PKI is driving the next wave of e-business. RSA Keon PKI issues and
manages digital certificates and trust - enabling you to securely deploy
apps that feature authentication, digital signatures and encryption. For
smooth implementation that's easy to use, you need interoperability. That
means you need RSA
Keon PKI.=20
Contact RSA Security at1-800-495-1095.
www.rsasecurity.com/go/keon
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
- -------------------------------------
1. How do I subscribe?=20
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname=20
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?=20
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:=20
UNSUBSCRIBE SF-NEWS=20
If your email address has changed email aleph1@securityfocus.com and I
will manualy remove you.=20
3. How do I disable mail delivery temporarily?=20
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:=20
SET SF-NEWS NOMAIL=20
To turn back on e-mail delivery use the command:=20
SET SF-NEWS MAIL=20
4. Is the list available in a digest format?=20
Yes. The digest is generated once a day.=20
5. How do I subscribe to the digest?=20
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST=20
6. How do I unsubscribe from the digest?=20
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST=20
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?=20
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
------- End of Forwarded Message
|
