From isn at c4i.org Wed Feb 1 07:24:22 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:24:22 -0600 (CST) Subject: [ISN] 'Electronic Discovery' Industry Blooming Message-ID: http://www.casperstartribune.net/articles/2006/01/31/ap/hitech/d8fep9do0.txt By BRIAN BERGSTEIN January 31, 2006 EDEN PRAIRIE, Minn. - Even just a few years ago, lawyers in corporate lawsuits sometimes agreed not to poke around in their opponents' e-mails. Instead they'd confine themselves to paper memos and other documents on file as they pursued evidence. Now, however, with so much work done via e-mail, instant messaging and other online platforms, "nothing's in the file cabinets anymore," said Michele Lange, staff attorney for legal technologies at Kroll Ontrack Inc. Instead, the memos, presentations and other scraps of corporate intelligence are increasingly finding their way into vast "electronic discovery" centers like the one Kroll Ontrack operates here near Minneapolis. Day and night, rows of whirring, blinking computers sock away enormous batches of digital records sent by companies involved in lawsuits. Other files are discovered deep in hard drives _ wedged between everything from personal e-mails to pornography _ by Kroll Ontrack forensic teams whose code names keep their missions secret. All this once was an arcane backwater of the legal-services field. Electronic discovery was commonly performed by local computer experts who played golf with law firm procurement officers. But several factors _ including the inexpensive abundance of data storage, high-profile lawsuits and strict new laws such as Sarbanes-Oxley that demand thorough corporate archiving _ are making electronic discovery a lucrative and competitive slice of information technology. The overall market is worth close to $2 billion and growing at about 35 percent a year, says Michael Clark, who analyzes the field at EDDix LLC. The number of companies offering computer-related evidence gathering appears to have doubled in the past two or three years, with several hundred now hanging a shingle. This surge has led Kroll Ontrack to quadruple the size of its data-crunching center in less than 18 months, from a half-petabyte of storage to two petabytes. That's 2 million gigabytes. Consider that the Internet Archive, which aims to store almost every public Web page ever to appear, currently totals one petabyte. Rival e-discovery vendor Fios Inc. had 48 employees three years ago. This year, the Portland, Ore.-based company expects to employ more than 120, with revenue of $30 million _ nearly double its 2004 figure. Increasingly, e-discovery customers are not just law firms enmeshed in big corporate cases. More and more, companies are working proactively with e-discovery vendors, getting a handle on their data troves so they can meet regulatory requirements _ or just in case they are sued. After all, 90 percent of U.S. corporations are engaged in some type of litigation, according to research by the law firm Fulbright & Jaworski LLP. The average company bigger than $1 billion is wrestling with 147 lawsuits. "The big risk for companies is too much data that there's really no business need for, being kept in ways that if they had to go looking for it, would be uneconomic," said e-discovery pioneer John Jessen, who founded Electronic Evidence Discovery Inc. in 1987. (It began after Jessen, who had a small computer business in his basement, was able to find a seemingly absent mailing list on a defendant's PC.) Partial credit for the recent e-discovery boom goes to two 2005 cases involving investment banks. In one, former UBS AG equities trader Laura Zubulake won a $29 million award in a federal gender discrimination suit in which she had requested that the bank turn over all internal communications about her. The bank produced 350 pages of documents, but Zubulake knew there were more _ she had retained some herself. The case set several precedents about how e-discovery ought to proceed and who should pay for it. In one key ruling, the judge slapped UBS for failing to recognize that the missing e-mails likely would end up being relevant to future litigation. Later, financier Ron Perelman won $1.6 billion from Morgan Stanley & Co. after a judge said the firm had failed to turn over e-mails and other digital evidence in a lawsuit stemming from its role in the 1998 sale of Perelman's Coleman camping gear company to Sunbeam Corp. The case is being appealed, but still proving instructive. "In litigation today, if e-discovery is done wrong, it can have huge implications," said Jonathan Redgrave, a partner at Redgrave Daley Ragan & Wagner LLP who specializes in electronic document issues. In addition to these cases and laws such as Sarbanes-Oxley that tighten record-retention requirements, new changes in rules of civil procedure set strict standards for what companies should do with their files the moment they are sued. "Some of those standards are fairly onerous even to sophisticated, highly litigious businesses," said Gerald Massey, head of Fios. Complicating matters, other rules _ including European data-privacy laws and the new Fair and Accurate Credit Transactions Act _ require companies to go in the opposite direction and dispose of certain kinds of records. Much of what e-discovery companies do is similar _ but offered under different names or pricing schemes. Generally, a vendor gets raw material from corporate computers and backup tapes, then dives in _ with specialized software rather than humans _ to remove duplicate files or records that have no bearing on a case, while zeroing in on those that might. Later the vendors can be asked to testify how the searches were conducted. Sometimes the findings are virtual smoking guns, like the infamous e-mail in which investment banker Frank Quattrone endorsed a recommendation that colleagues destroy files. Other times evidence comes not from what's in a file, but from its "metadata" _ the automatically applied labels that explain such things as when a file was made, reviewed, changed or transferred. >From there, even the end product comes in digital form. The evidence found by electronic discovery firms can be put on secure Web sites for legal teams to pore over, mark up and redact if necessary. This kind of service often runs well into six figures, but there will be pressure to bring that down as cost-conscious companies replace law firms as the direct clients. And that figures to change the sprawling field. Some think software providers and tech-services giants will step in and begin baking electronic discovery capabilities into other data-retention products. For example, storage systems can include "litigation hold" functions that let a company instantly preserve certain records if necessary. "The ultimate buyers of a company like ours have only just begin to emerge in our space," said Massey at Fios. "The names we'll associate with the services we provide in three, four, five years from now will be like IBM and EMC and Oracle." From isn at c4i.org Wed Feb 1 07:24:35 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:24:35 -0600 (CST) Subject: [ISN] The case of the sneaky daughter and the wireless card Message-ID: http://www.networkworld.com/columnists/2006/012306nutter.html By Ron Nutter NetworkWorld.com 01/23/06 My 16 year old daughter has wireless Internet access with her notebook computer. My wife and I control the signal by putting the modem on a timer, thus not allowing her to access the Internet after 12:00 am. She's a high-school student and we want her off the Internet after midnight. However, she's learned to access other available Wi-Fi signals, so us turning off the modem does no good whatsoever. Other than confiscating her wireless card, is there any way we can keep her off the Internet after her curfew? Is there a way to block incoming signals to our home? Or is there a way to program her computer blocking her access to Wi-Fi other than our secured network? --Dan Meyerson If her notebook computer is running XP Home, one option would be to enable logging in by username. Give her username enough to do what she needs do to but restrict her from making any changes such as selecting alternate access points. Depending on how the wireless card driver is written, this might be enough to prevent her from changing to another access point. This assumes that the SSID of your access point is unique and not running the default used by the manufacturer when it was made. This will also give you another possible option. Use the XP's Scheduled Tasks function to run batch files to disable (and then re-enable) the wireless card at set times. It is possible to use one script to run automatically when she logs in and check to see if the network card needs to be enabled or disabled based on time. Another option is to put a hub or switch between the access point and put that hub/switch on a timer. When the power is shut off to the hub/switch, she will still see the access point but can't go anywhere. If you need to use the access point within the house when you don't want your daughter to be able to use it, check within the firmware of the access point to see what kind of access control is available to control when a given workstation can and cannot access the Internet. Not all access points have this, so you may need to change access point vendors if your current access point doesn't allow this. If you have a friend who is an Amateur Radio operator and has experience with the Oscar satellites, he may have another option for you. Some of the newer satellites can operate in the 2.4 Ghz range. See if he has a signal source for this frequency range. What you are looking for is a signal source that is weak enough to not disturb your neighbors wireless access but to effectively make your daughters notebook "deaf" to hearing other access points. This signal source would need to be placed in a location close to where the notebook is normally used in order to be effective. It could be placed on a timer to only have power during the hours when you want to restrict wireless access. From isn at c4i.org Wed Feb 1 07:24:49 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:24:49 -0600 (CST) Subject: [ISN] Honeywell Investigates Security Breach Message-ID: http://www.durantdemocrat.com/articles/2006/01/31/ap/hitech/d8ffvnug4.txt February 1, 2006 MORRISTOWN, N.J. - Honeywell International is offering credit monitoring and identity theft insurance to approximately 19,000 current and former employees whose personal information _ including Social Security numbers and bank account information _ was posted on an Internet Web site. The company notified employees about the breach within a day of learning of it on Jan. 20, according to spokesman Robert C. Ferris. "The company immediately contacted the relevant service provider, had the page removed from the Internet and is continuously monitoring the Internet to ensure that the Web page and any copies of it remain taken down," said Ferris. He said the company was working with federal and state investigators to determine who posted the data. Ferris said he didn't know whether the posting was the work of a disgruntled employee or resulted from an administrative error or other cause. "Honeywell will aggressively pursue those responsible for this breach," Ferris said. In a Jan. 24 letter to employees, the company's vice president of global security, John E. McClurg, said the Identity Theft and Fraud Division of insurer AIG would help them protect themselves. "They will provide you with a tool kit of resources and hands-on support to address any issues you encounter," he said. The Morristown-based industrial and aerospace conglomerate employs about 120,000 people worldwide. Incidents like the Honeywell security breach are on the rise as thieves and pranksters take aim at corporate America, according to Ron Teixeira, executive director of the National Cyber Security Alliance, a Washington, D.C.-based nonprofit dedicated to educating individuals and corporations about cyber safety. "There are a number of reasons why this could have happened. When it's put out on the Web, hackers do that to show they could get access to the information and show the company their security was lacking. Other times, hackers are actually thieves or try to sell the information to thieves to commit ID theft. "Any time your info is posted on a Web site, you never know who's using it and what they're using it for," said Teixeira. ? Durant Democrat From isn at c4i.org Wed Feb 1 07:25:00 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:25:00 -0600 (CST) Subject: [ISN] Data Loss Mailing List Announcement Message-ID: Forwarded from: lyger In what has become a near weekly occurance, large companies are collecting your personal information (sometimes without your knowledge or consent), and subsequently letting it fall into the hands of the bad guys. This is your personal information; name, address, social security number, credit card number, bank account numbers, and more. Data Loss is a mail list that covers topics such as news releases regarding large-scale data loss, data theft, and identify theft incidents. Discussion about incidents, indictments, legislation, and recovery of lost or stolen data is encouraged. To subscribe to Data Loss, send a mail to: dataloss-subscribe at attrition.org To unsubscribe from this list, send a mail to: dataloss-unsubscribe at attrition.org From isn at c4i.org Wed Feb 1 07:24:03 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:24:03 -0600 (CST) Subject: [ISN] State takes new look at computer security Message-ID: http://kennebecjournal.mainetoday.com/news/local/2383457.shtml By SUSAN M. COVER Staff Writer January 31, 2006 AUGUSTA -- The state is taking steps to limit access to critical computer systems in response to a report that showed deficiencies in security. The Office of Program Evaluation and Government Accountability released a report Monday that revealed weaknesses in the way the state runs its computer systems. Part of the report, which was given to lawmakers and others in a closed session last month, indicated that the state needs to make sure only those who have proper credentials can get access to critical information. However, the state system was not affected by hackers who tapped into Rhode Island's state Web site and got access to credit card numbers, said Richard Thompson, chief information officer for the state. The company that manages the Rhode Island site also works for the Maine government Web site. The breach, which occurred in December, was made public Friday. Thompson said he had staff working all weekend, but they did not find any record that Maine's site had been illegally accessed. "We are convinced, at least as of today, we are in good shape," he said. Rep. A. David Trahan, R-Waldoboro, said he's heard from people who are concerned about the security of state computer systems. "The urgency of this is greater now because of what just happened," he said. A review of state computer security procedures conducted by Jefferson Wells International found that "system access controls do not measure up to industry standards." Also, the state has not adequately put in writing what steps it would take if a major computer system fails or if offices could not be used because of a terrorist threat, according to the report. Thompson, who is in the process of reorganizing how state agencies purchase and manage computer systems, said at least some of the criticism is due to a lack of paperwork. "The weaknesses Jefferson Wells identified was, 'We can't tell you what we've got' ," he said. "It wasn't that we didn't have enough security." Other parts of the report detailed a piecemeal approach in state government when it comes to purchasing new computers. State agencies, often using federal government money, move ahead on an individual basis without consulting other agencies. And although Thompson is in charge of the executive branch computer systems, he does not have jurisdiction over the Legislature or judicial branch. Also, it's difficult for the program evaluation office to find out how much is being spent on computers and computer software because it is scattered throughout state government, said Beth Ashcroft, director of the evaluation office. "The goal here from (the program evaluation office) perspective is to shine a light on information technology and how it's being managed," she said. "Right now, there's no good way to get a handle on that." Another inefficiency is that it's hard to combine data from different agencies and some data is duplicated in several systems, she said. The program evaluation oversight committee, which is made up of 12 legislators, will meet again to discuss what action it can take to address some of the concerns in the report. Copyright ? 2005 Blethen Maine Newspapers Inc. From isn at c4i.org Wed Feb 1 07:25:14 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:25:14 -0600 (CST) Subject: [ISN] Boston Globe in credit card data snafu Message-ID: http://money.cnn.com/2006/01/31/news/companies/security_bostonglobe.reut/ January 31, 2006 SAN FRANCISCO (Reuters) - Two Massachusetts newspapers owned by The New York Times Co., the Boston Globe and Worcester Telegram & Gazette, said Tuesday they had mistakenly sent out slips of paper with the credit card data of up to nearly a quarter million subscribers. The credit card numbers were printed on routing slips attached to 9,000 bundles of newspapers sent to retailers and carriers last weekend, according to the newspapers. "Immediate steps have been taken internally at the Globe and Telegram & Gazette to increase security around credit card reporting," Richard H. Gilman, publisher of the Boston Globe, said in a statement. The credit card data of up to 240,000 subscribers may have been exposed, they said. The blunder comes amid heightened concern over the security of consumer data in the wake of several incidents of lost or stolen personal records involving companies such as data broker ChoicePoint Inc., Bank of America Corp. and shoe retailer DSW Inc. So far, the newspapers had not received any reports of misuses of the credit cards, and American Express, Discover, MasterCard and Visa had been advised of the situation, said Boston Globe spokesman Al Larkin. Exposure of the data occurred because the Telegram & Gazette, which helps circulate both papers under a shared distribution system, printed the routing slips on recycled paper containing internal reports with subscriber credit card numbers, Larkin said. "We've put a stop to that," Larkin said of the practice of reusing paper. The Globe's circulation was 450,000, according to Larkin. He did not have a daily number for the Telegram & Gazette, but said the Sunday edition had a circulation of 81,000. The newspapers were trying to locate and recover as many of the slips as possible, but believed that most had already been thrown away. The publications had set up a hotline, 1-888-665-2644, for subscribers to check if their data was sent out. The papers are part of The New England Media Group, which is owned by The New York Times Co. From isn at c4i.org Wed Feb 1 07:25:26 2006 From: isn at c4i.org (InfoSec News) Date: Wed, 1 Feb 2006 06:25:26 -0600 (CST) Subject: [ISN] Spyware probe couple deported to Israel Message-ID: http://www.theregister.co.uk/2006/01/31/spyware_suspect_deportation/ By John Leyden 31st January 2006 Spyware-for-hire suspects Michael and Ruth Haephrati arrived in Israel on Monday to face industrial espionage charges following their extradition from Britain. The couple, alleged masterminds behind a spyware-linked industrial espionage program, face trial in their native Israel after dropping an appeal against deportation. Investigators allege the dynamic duo developed and sold customised spyware or Trojan horse packages designed to evade detection by security tools to three private investigation companies in Israel - Modi'in Ezrahi, Zvi Krochmal, and Philosof-Balali, The Jerusalem Post reports. This spyware code was allegedly installed on victims' PCs by private detectives from a diskette or via email, as part of a spying scam that ran for up to two years. The malware sent stolen documents to an FTP site, allowing unscrupulous firms to swipe confidential documents from rivals. Each software installation allegedly netted the Haephratis ?2,000. Firms suspected of using the malware include Mayer Motors (an importer of Volvo and Honda cars) against Champion Motors (an Audi and Volkswagen dealership), satellite television company Yes is accused of spying on rival cable TV outfit HOT, while Israeli mobile phone firms Pelephone and Cellcom are accused of spying Haaretz reports. The Haephratis are two of 22 people arrested in Israel and the UK in connection with the case, some of who are currently on trial in Israel's Tel Aviv District Court. ? From isn at c4i.org Fri Feb 3 04:28:29 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:28:29 -0600 (CST) Subject: [ISN] Black Hat USA CFP opens, Europe early bird reminder, Federal news Message-ID: Forwarded from: Jeff Moss -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello InfoSec News readers, A bunch of announcements from Black Hat. It was easier to bundle them all together instead of send them out bit by bit, so everything from Black Hat Federal coverage to the CFP opening for the summer USA conference is included. Here we go! Black Hat Europe 2006 Final Reminder: Speaker selection for Black Hat Europe 2006 has been finalized. This is our sixth conference in Amsterdam, and we have an impressive line up. Register now and save - our early bird rate closes February 8. http://www.blackhat.com/html/bh-europe-06/bh-eu-06-speakers.html Black Hat Europe 2006 Discount Book Offer: BreakPoint Books, our official bookseller is currently taking pre-orders of select titles for 15% off the suggested retail price which can be picked up at the conference. Orders must be placed by February 8, 2006. Download order form: http://www.blackhat.com/images/bh-europe-06/bh-eu-06-ad.pdf Black Hat USA 2006 Call for Papers opens! The Black Hat USA 2006 Call for Papers opens February 1. Don't hesitate to submit your presentations. Unleash you best kung-fu for the greatest chance of being selected. http://www.blackhat.com/html/bh-usa-06/bh-usa-06-cfp.html Black Hat USA 2006 Hotel: Reserve your hotel early. The Black Hat room block at Caesars Palace is now accepting reservations. The block has sold out 6 weeks prior to the start of the show the last few years, so please make your room arrangements early. Reservations must be made directly through Caesars: http://www.caesars.com/reservations/main.aspx?hotelid=14&specialgroupc ode=SCBL06 Black Hat Federal 06 presentations now on-line: The presentations from the Black Hat Federal '06 show are currently on-line. In addition to PDFs, appropriate source code and white papers are also present. http://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#f ederal Black Hat Federal 2006 news: Black Hat Federal generated a large amount of interest from the press and blog world. The presentations were more paranoid in nature, dealing with topics from root kits to reverse engineering and physical memory forensics. Read the stories at Slashdot, Washington Post, SecurityFocus, the Register, Government Computer News, and others. * http://it.slashdot.org/article.pl?sid=06/01/27/1327228 * http://www.securityfocus.com/brief/118 * http://blogs.washingtonpost.com/securityfix/2006/01/a_letter_from_b.ht ml * http://www.gcn.com/vol1_no1/daily-updates/38107-1.html * http://www.gcn.com/vol1_no1/daily-updates/38098-1.html * http://www.theregister.co.uk/2006/01/30/good_worms_nematodes_blackhatc onference/ * http://taosecurity.blogspot.com/#113839241238734087 We carry links to these and more on our RSS feed. http://www.blackhat.com/BlackHatRSS.xml Thanks everyone, Jeff Moss -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQ+GFqkqsDNqTZ/G1AQJTgwf/e0uFtSkjISmGCueGBkKymVzx8ZQD7Tm6 kqoY0sC88F4Fn3e+xrPYMUE6XR3Db7u2spa/foK3WQJ1Wb3Wu3D3Guy1sSuTcKAt u+7tLgpzDCTpWNpYeULub2khW7qvuD+psWrgB1Qj5atTyHTpOHExfUUDUJmoIzpa X+t8/z7Msh23PPsgTfPwEV5hll51umLziDnh4L0e3p6KvN8YlGI+X+t4hn/DYQNG AjEcpAlQI7xuXnsdCmliec0KbUzSFDB5QZoCuZ6dnKRHAlXBaUT58p+SDcF8nOOS 0qSdd+Q9NftA6Ehsiyv0pW0Hst5IZoAnGWZGxwKrKMHWE0iojOVwlA== =XBlJ -----END PGP SIGNATURE----- From isn at c4i.org Fri Feb 3 04:29:56 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:29:56 -0600 (CST) Subject: [ISN] Linux Advisory Watch - February 3rd 2006 Message-ID: +---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 3rd, 2006 Volume 7, Number 5a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave at linuxsecurity.com ben at linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. Due to several changes in our advisory archiving scripts, Linux Advisory Watch did not go out last week. This has caused an unusually high number of advisories. The purpose of this week's newsletter is to 'catch up' and ensure that every advisory has been published. We apologize for any inconvenience. Advisories were released for petris, unzip, tetex-bin, koffice, fetchmail, gpdf, tuxpaint, albatross, mantis, antiword, smstools, sudo, ClamAV, kdelibs, crawl, CUPS, trac, libapache-auth-ldap, flyspray, wine, mailman, lsh-utils, ImageMagick, drupal, hylafax, libextractor, unalz, limbmail-audit-perl, pdftohtml, mod_auth_pgsql, poppler, tetex, kdegraphics, ethereal, httpd, openssh, mozilla, firefox, Gallery, LibAST, Paros, MyDNS, xorg-x11, UUlib, SSLeay, mdkonline, gthumb, libgphoto, net-snmp, apache2, thunderbird, bzip2, gzip, libast, gd, and phpMyAdmin. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE. ---- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec ---- A Linux Security Look To The Future By: Pax Dickinson It's much the same story as last year, Windows worms and viruses continually propagate, crossbreed, and multiply while Linux remains above the fray. Sober and the other "newsmaking" viruses all infect and attack Windows while all Linux admins get out of it are a few hits to our Snort rulesets. Yes, there are worms attacking Linux, and Linux, like any other system, is certainly not immune. Linux is, however, more resistant. One reason is made clear when the internet is compared to a biosphere. Linux is a mutt. Every Linux distribution does things slightly differently, Linux runs on very varied hardware, many Linux users compile their own software. Things just aren't as standardized in the Linux world, which is viewed as a flaw by many pundits, though it has many benefits when it comes to security. A Linux security flaw may only affect a certain distribution or application, and most distributions and applications lack the massive marketshare to provide enough sustenance for a worm to really get going. Meanwhile, the applications that do possess large marketshare, such as Apache, tend to be generally secure due to their source code availability. Windows, on the other hand, lacks this genetic diversity. One copy of Windows XP is exactly like the next, and the source is closed so previously unknown flaws are discovered all the time. Yes, Windows does have a greater marketshare making it a bigger target, but I'd wager that if the marketshares of Windows and Linux were even Windows would still have more vulnerabilities. In nature, populations that lack genetic diversity run the risk of being decimated by a virulent disease, and the internet is no different. There's a reason we use biological metaphors like "worm" and "virus" to describe malware. Linux also benefits by tending to not be a primary target for malware authors because they have such a juicy target in Windows. Of course, keeping systems patched has been and will remain key, luckily most Linux distributions available today tend to be very polished in this area, with tools such as apt-get, yum, and portage providing easy application and system upgrades. So much for the good. Looking to the future, things go from bad to beyond ugly. We Linux users should realize how good we have it right now and recognize that the current security situation will not remain so benevolent for us. In an environment of dumb worms and viruses targeted at the least common denominator, Linux is well prepared to hold fast and remain generally secure. However, sinister trends are developing now that may end this state of complacency and need to be addressed. Crime related to spam, spyware, and other online illegalities is said by some experts to have recently passed international drug trafficking in dollars earned, and malicious hacking that used to be performed for fun is now a big business. Websites once hacked only so the culprit could deface them and show off are now penetrated in order to steal customer data and engage in identity theft. Botnets of more than a million compromised hosts are not unknown, used to send spam, host child pornography, and perform distributed DoS attacks. An underground market for botnets has made the creation of viruses and trojans into a thriving business opportunity for the unscrupulous. Read Entire Article: http://www.linuxsecurity.com/content/view/121230/49/ ---------------------- EnGarde Secure Community 3.0.3 Released Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.3 (Version 3.0, Release 3). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, the SELinux policy, and the LiveCD environment. http://www.linuxsecurity.com/content/view/121150/65/ --- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New petris packages fix buffer overflow 27th, January, 2006 Steve Kemp from the Debian Security Audit project discovered a buffer overflow in petris, a clone of the Tetris game, which may be exploited to execute arbitary code with group games privileges. http://www.linuxsecurity.com/content/view/121285 * Debian: New unzip packages fix unauthorised permissions modification 27th, January, 2006 The unzip update in DSA 903 contained a regression so that symbolic links that are resolved later in a zip archive aren't supported anymore. This update corrects this behaviour. http://www.linuxsecurity.com/content/view/121286 * Debian: New tetex-bin packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121287 * Debian: New koffice packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121288 * Debian: New fetchmail packages fix denial of service 27th, January, 2006 Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers. http://www.linuxsecurity.com/content/view/121289 * Debian: New gpdf packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121290 * Debian: New tuxpaint packages fix insecure temporary file creation 27th, January, 2006 Javier Fern=EF=BF=BDndez-Sanguino Pe=EF=BF=BDa from the Debian Security Aud= it project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion. http://www.linuxsecurity.com/content/view/121291 * Debian: New albatross packages fix arbitrary code execution 27th, January, 2006 A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution. http://www.linuxsecurity.com/content/view/121292 * Debian: New Perl packages fix arbitrary code execution 27th, January, 2006 Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software. http://www.linuxsecurity.com/content/view/121293 * Debian: New mantis packages fix several vulnerabilities 27th, January, 2006 Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/121294 * Debian: New antiword packages fix insecure temporary file creation 27th, January, 2006 Javier Fern=EF=BF=BDndez-Sanguino Pe=EF=BF=BDa from the Debian Security Aud= it project discovered that two scripts in antiword, utilities to convert Word files to text and Postscript, create a temporary file in an insecure fashion. http://www.linuxsecurity.com/content/view/121295 * Debian: New smstools packages fix format string vulnerability 27th, January, 2006 Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges. http://www.linuxsecurity.com/content/view/121296 * Debian: New sudo packages fix privilege escalation 27th, January, 2006 It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library. http://www.linuxsecurity.com/content/view/121297 * Debian: New ClamAV packages fix heap overflow 27th, January, 2006 A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected. http://www.linuxsecurity.com/content/view/121298 * Debian: New kdelibs packages fix buffer overflow 27th, January, 2006 Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121299 * Debian: New crawl packages fix potential group games execution 27th, January, 2006 Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges. http://www.linuxsecurity.com/content/view/121300 * Debian: New CUPS packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121301 * Debian: New trac packages fix SQL injection and cross-site scripting 27th, January, 2006 Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems: http://www.linuxsecurity.com/content/view/121302 * Debian: New libapache-auth-ldap packages fix arbitrary code execution 27th, January, 2006 "Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121303 * Debian: New flyspray packages fix cross-site scripting 27th, January, 2006 Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitary script code into the index page. http://www.linuxsecurity.com/content/view/121304 * Debian: New wine packages fix arbitrary code execution 27th, January, 2006 H D Moore that discovered that Wine, a free implemention of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files. http://www.linuxsecurity.com/content/view/121305 * Debian: New clamav packages fix heap overflow 27th, January, 2006 A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected. http://www.linuxsecurity.com/content/view/121306 * Debian: New xpdf packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121307 * Debian: New mailman packages fix denial of service 27th, January, 2006 Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash. http://www.linuxsecurity.com/content/view/121308 * Debian: New lsh-utils packages fix local vulnerabilities 27th, January, 2006 Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys. http://www.linuxsecurity.com/content/view/121309 * Debian: New ImageMagick packages fix arbitrary command execution 27th, January, 2006 Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names.=09This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. http://www.linuxsecurity.com/content/view/121310 * Debian: New drupal packages fix several vulnerabilities 27th, January, 2006 Several security related problems have been discovered in drupal, a fully-featured content management/discussion engine. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: http://www.linuxsecurity.com/content/view/121311 * Debian: New kpdf packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package. http://www.linuxsecurity.com/content/view/121312 * Debian: New hylafax packages fix arbitrary command execution 27th, January, 2006 Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server. http://www.linuxsecurity.com/content/view/121313 * Debian: New pound packages fix multiple vulnerabilities 27th, January, 2006 Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/121314 * Debian: New smstools packages fix format string vulnerability 27th, January, 2006 Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges. http://www.linuxsecurity.com/content/view/121315 * Debian: New libapache2-mod-auth-pgsql packages fix arbitrary code execution 27th, January, 2006 iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. http://www.linuxsecurity.com/content/view/121316 * Debian: New libextractor packages fix arbitrary code execution 27th, January, 2006 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121317 * Debian: New trac packages fix SQL injection and cross-site scripting 30th, January, 2006 This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. http://www.linuxsecurity.com/content/view/121444 * Debian: New unalz packages fix arbitrary code execution 30th, January, 2006 Ulf H=EF=BF=BDrnhammer from the Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive. http://www.linuxsecurity.com/content/view/121446 * Debian: New ImageMagick packages fix arbitrary command execution 31st, January, 2006 Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names.=09This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the '$' character as well, which was forgotton in the former update. http://www.linuxsecurity.com/content/view/121451 * Debian: New libmail-audit-perl packages fix insecure temporary file use 31st, January, 2006 Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default. http://www.linuxsecurity.com/content/view/121452 * Debian: New libmail-audit-perl packages fix insecure temporary file use 31st, January, 2006 Updated package. http://www.linuxsecurity.com/content/view/121461 * Debian: New pdfkit.framework packages fix arbitrary code execution 1st, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121462 * Debian: New pdftohtml packages fix arbitrary code execution 1st, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121463 * Debian: New mydns packages fix denial of service 2nd, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121475 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 4 Update: cups-1.1.23-15.3 27th, January, 2006 This update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627. http://www.linuxsecurity.com/content/view/121373 * Fedora Core 3 Update: cups-1.1.22-0.rc1.8.9 27th, January, 2006 This update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627. http://www.linuxsecurity.com/content/view/121374 * Fedora Core 4 Update: kernel-2.6.14-1.1656_FC4 27th, January, 2006 This update fixes several low-priority security problems that were discovered during the development of 2.6.15, and backported. Notably, CVE-2005-4605. http://www.linuxsecurity.com/content/view/121377 * Fedora Core 3 Update: mod_auth_pgsql-2.0.1-6.2 27th, January, 2006 Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue. http://www.linuxsecurity.com/content/view/121378 * Fedora Core 4 Update: mod_auth_pgsql-2.0.1-8.1 27th, January, 2006 Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue. http://www.linuxsecurity.com/content/view/121379 * Fedora Core 3 Update: gpdf-2.8.2-7.2 27th, January, 2006 Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. http://www.linuxsecurity.com/content/view/121392 * Fedora Core 4 Update: poppler-0.4.4-1.1 27th, January, 2006 Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. http://www.linuxsecurity.com/content/view/121393 * Fedora Core 4 Update: xpdf-3.01-0.FC4.6 27th, January, 2006 Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of xpdf should upgrade to this updated package, which contains a patch to resolve these issues. http://www.linuxsecurity.com/content/view/121395 * Fedora Core 4 Update: tetex-3.0-9.FC4 27th, January, 2006 Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. This package also updates bindings in texdoc and causes the local texmf tree to be searched first. http://www.linuxsecurity.com/content/view/121396 * Fedora Core 3 Update: tetex-2.0.2-21.7.FC3 27th, January, 2006 Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. http://www.linuxsecurity.com/content/view/121397 * Fedora Core 4 Update: kdegraphics-3.5.0-0.2.fc4 27th, January, 2006 Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of kdegraphics should upgrade to this updated package, which contains a patch to resolve these issues. http://www.linuxsecurity.com/content/view/121404 * Fedora Core 3 Update: ethereal-0.10.14-1.FC3.1 27th, January, 2006 This update fixes a DoS in Ethereal. http://www.linuxsecurity.com/content/view/121408 * Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4 27th, January, 2006 A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue http://www.linuxsecurity.com/content/view/121415 * Fedora Core 4 Update: httpd-2.0.54-10.3 27th, January, 2006 This update includes fixes for three security issues in the Apache HTTP Server. http://www.linuxsecurity.com/content/view/121420 * Fedora Core 4 Update: openssh-4.2p1-fc4.10 27th, January, 2006 This is a minor security update which fixes double shell expansion in local to local and remote to remote copy with scp. It also fixes a few other minor non-security issues. http://www.linuxsecurity.com/content/view/121421 * Fedora Core 4 Update: mozilla-1.7.12-1.5.2 2nd, February, 2006 Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. http://www.linuxsecurity.com/content/view/121496 * Fedora Core 4 Update: firefox-1.0.7-1.2.fc4 2nd, February, 2006 Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. http://www.linuxsecurity.com/content/view/121497 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: HylaFAX Multiple vulnerabilities 27th, January, 2006 HylaFAX is vulnerable to arbitrary code execution and unauthorized access vulnerabilities. http://www.linuxsecurity.com/content/view/121318 * Gentoo: KPdf, KWord Multiple overflows in included Xpdf code 27th, January, 2006 KPdf and KWord both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121319 * Gentoo: xine-lib, FFmpeg Heap-based buffer overflow 27th, January, 2006 xine-lib and FFmpeg are vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/121320 * Gentoo: ClamAV Remote execution of arbitrary code 27th, January, 2006 ClamAV is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/121321 * Gentoo: HylaFAX Multiple vulnerabilities 27th, January, 2006 HylaFAX is vulnerable to arbitrary code execution and unauthorized access vulnerabilities. http://www.linuxsecurity.com/content/view/121322 * Gentoo: Blender Heap-based buffer overflow 27th, January, 2006 Blender is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/121323 * Gentoo: Wine Windows Metafile SETABORTPROC vulnerability 27th, January, 2006 Fixed packages were issued to fix this vulnerability in Wine, but some of the fixed packages were missing the correct patch. All Wine users should re-emerge Wine to make sure they are safe. The corrected sections appear below. http://www.linuxsecurity.com/content/view/121324 * Gentoo: KDE kjs URI heap overflow vulnerability 27th, January, 2006 KDE fails to properly validate URIs when handling javascript, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121325 * Gentoo: Trac Cross-site scripting vulnerability 27th, January, 2006 Trac is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. http://www.linuxsecurity.com/content/view/121326 * Gentoo: Gallery Cross-site scripting vulnerability 27th, January, 2006 Gallery is possibly vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. http://www.linuxsecurity.com/content/view/121327 * Gentoo: mod_auth_pgsql Multiple format string vulnerabilities 27th, January, 2006 Format string vulnerabilities in mod_auth_pgsql may lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121328 * Gentoo: xine-lib, FFmpeg Heap-based buffer overflow 27th, January, 2006 xine-lib and FFmpeg are vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/121329 * Gentoo: VMware Workstation Vulnerability in NAT networking 27th, January, 2006 VMware guest operating systems can execute arbitrary code with elevated privileges on the host operating system through a flaw in NAT networking. http://www.linuxsecurity.com/content/view/121330 * Gentoo: ClamAV Remote execution of arbitrary code 27th, January, 2006 ClamAV is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/121331 * Gentoo: Blender Heap-based buffer overflow 27th, January, 2006 Blender is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/121332 * Gentoo: Wine Windows Metafile SETABORTPROC vulnerability 27th, January, 2006 There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, which could possibly result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121333 * Gentoo: Sun and Blackdown Java Applet privilege escalation 27th, January, 2006 Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate their privileges. http://www.linuxsecurity.com/content/view/121334 * Gentoo: Wine Windows Metafile SETABORTPROC vulnerability 27th, January, 2006 There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, which could possibly result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/121335 * Gentoo: LibAST Privilege escalation 29th, January, 2006 A buffer overflow in LibAST may result in execution of arbitrary code with escalated privileges. http://www.linuxsecurity.com/content/view/121434 * Gentoo: Paros Default administrator password 29th, January, 2006 Paros's database component is installed without a password, allowing execution of arbitrary system commands. http://www.linuxsecurity.com/content/view/121435 * Gentoo: MyDNS Denial of Service 30th, January, 2006 MyDNS contains a vulnerability that may lead to a Denial of Service attack. http://www.linuxsecurity.com/content/view/121447 * Gentoo: Xpdf, Poppler, GPdf, libextractor, pdftohtml Heap overflows 30th, January, 2006 Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code. http://www.linuxsecurity.com/content/view/121449 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated koffice packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121337 * Mandriva: Updated poppler packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121338 * Mandriva: Updated cups packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121340 * Mandriva: Updated tetex packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121341 * Mandriva: Updated xorg-x11 packages to address several bugs. 27th, January, 2006 Issues have been reported with display corruption for various cards, including several ATI and Nvidia cards when using the free drivers. There was also an issue with the Greek keyboard layout. These should be corrected by the upstream 6.9.0 final, which this package is based on. Updated packages should correct these issues. http://www.linuxsecurity.com/content/view/121342 * Mandriva: Updated kdegraphics packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121343 * Mandriva: Updated kolab packages fix vulnerability 27th, January, 2006 A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (".") character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems. http://www.linuxsecurity.com/content/view/121344 * Mandriva: Updated pdftohtml packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121345 * Mandriva: Updated wine packages fix WMF vulnerability 27th, January, 2006 A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems. http://www.linuxsecurity.com/content/view/121346 * Mandriva: Updated hylafax packages fix eval injection vulnerabilities 27th, January, 2006 Patrice Fournier discovered the faxrcvd/notify scripts (executed as the uucp/fax user) run user-supplied input through eval without any attempt at sanitising it first. This would allow any user who could submit jobs to HylaFAX, or through telco manipulation control the representation of callid information presented to HylaFAX to run arbitrary commands as the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered versions) Updated packages were also reviewed for vulnerability to an issue where if PAM is disabled, a user could log in with no password. (CVE-2005-3538) In addition, some fixes to the packages for permissions, and the %pre/%post scripts were backported from cooker. (#19679) The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/121348 * Mandriva: Updated clamav packages fix vulnerability 27th, January, 2006 A heap-based buffer overflow was discovered in ClamAV versions prior to 0.88 which allows remote attackers to cause a crash and possibly execute arbitrary code via specially crafted UPX files. This update provides ClamAV 0.88 which corrects this issue and also fixes some other bugs. http://www.linuxsecurity.com/content/view/121349 * Mandriva: Updated mod_auth_ldap packages fix vulnerability 27th, January, 2006 A format string flaw was discovered in the way that auth_ldap logs information which may allow a remote attacker to execute arbitrary code as the apache user if auth_ldap is used for authentication. This update provides version 1.6.1 of auth_ldap which corrects the problem. Only Corporate Server 2.1 shipped with a supported auth_ldap package. http://www.linuxsecurity.com/content/view/121355 * Mandriva: Updated kernel packages fix several vulnerabilities 27th, January, 2006 A number of vulnerabilites have been corrected in the Linux kernel. http://www.linuxsecurity.com/content/view/121356 * Mandriva: Updated kdelibs packages fix vulnerability 27th, January, 2006 A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/121357 * Mandriva: Subject: [Security Announce] Updated ipsec-tools packages fix vulnerability 27th, January, 2006 The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/121359 * Mandriva: Updated xpdf packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functionsin the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121360 * Mandriva: Subject: [Security Announce] Updated mozilla-thunderbird packages fix vulnerability 27th, January, 2006 GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/121361 * Mandriva: Updated perl-Convert-UUlib packages fix vulnerability 27th, January, 2006 A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation. This update provides version 1.051 which is not vulnerable to this flaw. http://www.linuxsecurity.com/content/view/121362 * Mandriva: Updated perl-Net_SSLeay packages fix vulnerability 27th, January, 2006 Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/121363 * Mandriva: Updated ImageMagick packages fix vulnerabilities 27th, January, 2006 The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. http://www.linuxsecurity.com/content/view/121364 * Mandriva: Updated mdkonline package provides url fixes 27th, January, 2006 The mdkonline package for MNF2 was incorrectly connecting to mandrivaonline.net rather than mandrivaonline.com. This update corrects the problem. http://www.linuxsecurity.com/content/view/121365 * Mandriva: Updated dynamic packages fix USB device and Palm detection issues 27th, January, 2006 Dynamic was not calling scripts correctly when hardware was plugged/unplugged. Plugging a digital camera (not usb mass storage, like a Canon camera) was not creating an icon on Desktop (for GNOME) or in the Devices window (for KDE). http://www.linuxsecurity.com/content/view/121366 * Mandriva: Update gthumb packages to fix corrupted UI after photo import 27th, January, 2006 A bug was discovered in gthumb were the UI (User Interface) can get corrupted when importing photos in some non-UTF8 locales (such as French). Some text strings (returned from libgphoto) where not converted into UTF-8 before being used by GTK+. Updated packages have been patched to correct the issue. http://www.linuxsecurity.com/content/view/121367 * Mandriva: Updated libgphoto packages fix bug on disconnection of digital camera 27th, January, 2006 A bug was discovered with libgphoto which was preventing the removal of icons on the desktop (in GNOME) or in the Devices window (in KDE) when a digital camera was unplugged. Updated packages have been patched to correct the issue. http://www.linuxsecurity.com/content/view/121368 * Mandriva: Updated gpdf packages fix several vulnerabilities 27th, January, 2006 Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) http://www.linuxsecurity.com/content/view/121369 * Mandriva: Updated net-snmp packages fix vulnerabilities 27th, January, 2006 The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems. http://www.linuxsecurity.com/content/view/121370 * Mandriva: Updated apache2 packages fix vulnerabilities 27th, January, 2006 A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross-site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352). http://www.linuxsecurity.com/content/view/121371 * Mandriva: Updated mozilla-thunderbird packages merge dropped changes 27th, January, 2006 Recent security updates to mozilla-thunderbird did not include some changes made to the build from the community branch of 2006.0. The changes include corrections to the packaging of language files and some corrections to the uninstall scripts. New builds of the enigmail-es and enigmail-it packages are also included. Updated packages merge both of these builds. http://www.linuxsecurity.com/content/view/121433 * Mandriva: Updated bzip2 packages fix bzgrep vulnerabilities 30th, January, 2006 A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep. As well, the bzip2 package provided with Mandriva Linux 2006 did not the patch applied to correct CVE-2005-0953 which was previously fixed by MDKSA-2005:091; those packages are now properly patched. The updated packages have been patched to correct these problems. http://www.linuxsecurity.com/content/view/121448 * Mandriva: Updated gzip packages fix zgrep vulnerabilities 30th, January, 2006 Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more comprehensive fix to the problem. http://www.linuxsecurity.com/content/view/121450 * Mandriva: Updated php packages fix XSS and response splitting vulnerabilities 1st, February, 2006 Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207) Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in "certain error conditions." (CVE-2006-0208). http://www.linuxsecurity.com/content/view/121474 * Mandriva: Updated libast packages fixes buffer overflow vulnerability 2nd, February, 2006 Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/121491 * Mandriva: Updated poppler packages fixes heap-based buffer overflow vulnerability 2nd, February, 2006 Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/121492 * Mandriva: Updated kdegraphics packages fixes heap-based buffer overflow vulnerability 2nd, February, 2006 Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/121493 * Mandriva: Updated xpdf packages fixes heap-based buffer overflow vulnerability 2nd, February, 2006 Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/121494 * Mandriva: Updated OpenOffice.org packages fix issue with disabled hyperlinks 2nd, February, 2006 OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this issue. http://www.linuxsecurity.com/content/view/121495 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: kernel security update 27th, January, 2006 Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. http://www.linuxsecurity.com/content/view/121279 * RedHat: Moderate: tetex security update 27th, January, 2006 Updated tetex packages that fix several integer overflows are now available. http://www.linuxsecurity.com/content/view/121280 * RedHat: Critical: kdelibs security update 27th, January, 2006 Updated kdelibs packages are now available for Red Hat Enterprise Linux 4. http://www.linuxsecurity.com/content/view/121281 * RedHat: Important: kernel security update 1st, February, 2006 Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (64 bit architectures). This security advisory has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/121471 * RedHat: Important: kernel security update 1st, February, 2006 Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/121472 * RedHat: Moderate: gd security update 1st, February, 2006 Updated gd packages that fix several buffer overflow flaws are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/121473 * RedHat: Critical: mozilla security update 2nd, February, 2006 Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/121482 * RedHat: Critical: firefox security update 2nd, February, 2006 An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/121483 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: xpdf,kpdf,gpdf,kword 27th, January, 2006 "infamous41md", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. http://www.linuxsecurity.com/content/view/121427 * SuSE: novell-nrm remote heap overflow 27th, January, 2006 iDEFENSE reported a security problem with the Novell Remote Manager. http://www.linuxsecurity.com/content/view/121428 * SuSE: kdelibs3 (SUSE-SA:2006:003) 27th, January, 2006 Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that exploit this bug (CVE-2006-0019). http://www.linuxsecurity.com/content/view/121429 * SuSE: phpMyAdmin (SUSE-SA:2006:004) 27th, January, 2006 Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). http://www.linuxsecurity.com/content/view/121430 * SuSE: nfs-server/rpc.mountd remote code 27th, January, 2006 An remotely exploitable problem exists in the rpc.mountd service in the user space NFS server package "nfs-server". http://www.linuxsecurity.com/content/view/121431 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request at linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ From isn at c4i.org Fri Feb 3 04:27:59 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:27:59 -0600 (CST) Subject: [ISN] Millionaire on hacking charge Message-ID: http://www.timesonline.co.uk/article/0,,2087-2015469,00.html Sophie Kirkham January 29, 2006 MATTHEW MELLON, heir to a ?6.6 billion banking and oil fortune, will appear in court next month in connection with an investigation into an alleged phone-tapping and computer hacking gang. The former husband of Tamara Mellon, who runs the Jimmy Choo shoe empire, will appear alongside 17 other defendants accused of involvement in the operation, which allegedly provided clients with confidential information about wealthy people and businesses. Following a tip-off from BT, Scotland Yard has conducted a long investigation into a private detective agency run by a former policeman which it believed was bugging phone calls. It is now alleged the group was also hacking into NHS computers to access confidential medical files to blackmail people, spying on police and bugging their phone calls to get information. There are also several charges of falsifying invoices. One of the group is said to have taken BT overalls, a reflective jacket and tools, along with a BT works barrier and stool, and a shirt from NTL, another other telecoms company. A regular on the London social scene and close friends with Elizabeth Hurley and Hugh Grant, Mellon, 41, inherited a ?14m trust fund at the age of 21. He now has a fortune put by The Sunday Times Rich List at ?50m. His family is held in the same regard in America as the Rockefellers, Vanderbilts and Astors. He met Tamara Yeardye in 1998. The couple?s marriage in 2000 at Blenheim Palace took up eight pages in American Vogue and the bride wore a Valentino wedding dress encrusted with diamonds. More than half the guests were said to be wearing Jimmy Choos. The Mellons spent several years as a golden couple of London society often appearing in magazine pages and at charity functions. In 2002 they had a daughter, Araminta. But the marriage fell apart amid revelations of Mellon?s cocaine habit, which he is said to have battled in the 1990s, and the couple went through an acrimonious divorce last year. After the marriage ended Tamara, who is now worth ?60m in her own right, began seeing Oscar Humphries, the son of Barry, creator of Dame Edna Everage. Mellon has recently said he was planning a change in career from working as chief designer for Harry?s, an upmarket men?s shoe company he launched five years ago ? he has tried his hand at film producing in the past. He remains a colourful figure on the social scene ? his hobbies are said to include nude jet skiing ? and he has had a string of celebrity girlfriends since his marriage break-up. He is currently seeing Noelle Reno, a 24-year-old actress. Mellon, who lives in Belgravia, London, is charged with conspiracy to cause unauthorised modification of computer material. Also in the dock at Bow Street magistrates? court in February will be another wealthy businessman, Adrian Kirby, who made his money from waste disposal units. Kirby, 47, of Haslemere, Surrey, has a fortune put at ?65m by the Rich List. He is charged with conspiracy to intercept communications unlawfully, unauthorised modification of computer material and perverting the course of justice. Former Essex police officer Scott Gelsthorpe, 31, of Kettering, Northamptonshire, is facing 15 charges. The suspects, 17 men and one woman, come from southern England, Lincolnshire and France and are said to have committed the offences between July and September 2004. They will appear before magistrates on February 23. From isn at c4i.org Fri Feb 3 04:28:43 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:28:43 -0600 (CST) Subject: [ISN] DHS wants to improve software security Message-ID: http://www.fcw.com/article92172-02-01-06-Web By Michael Arnone Feb. 1, 2006 The Homeland Security Department wants public comment on two draft documents that are part of a federal program to improve software security, according to today's Federal Register. The documents are part of the Software Assurance Program that DHS created as part of the National Strategy to Secure Cyberspace. The program is designed to reduce vulnerabilities and exploitation of weaknesses to improve software security, particularly in software that critical infrastructure uses. One document, "Security in the Software Lifecycle," aims to help developers and project managers of software applications establish strategies to make sure new software products are more secure. The second, "Secure Software Assurance - Common Body of Knowledge," would help colleges and the private sector create curricula to train people in software assurance. The documents and an online comment form are available at the Build Security In Web site [1]. Comments on the two documents are due by Feb. 21. [1] http://buildsecurityin.us-cert.gov/ From isn at c4i.org Fri Feb 3 04:30:11 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:30:11 -0600 (CST) Subject: [ISN] Russian hackers hawked Windows exploit for $4,000 Message-ID: http://news.com.com/Russian+hackers+hawked+Windows+exploit+for+4%2C000/2100-7349_3-6034591.html By Greg Sandoval Staff Writer, CNET News.com February 2, 2006 Competing hacker groups in Russia were peddling the exploit code responsible for the Windows Meta File attacks last December for $4,000, according to security company Kaspersky Lab. "One of the purchasers of the exploit is involved in the criminal adware/spyware business," read a Kaspersky Lab quarterly report released this week. "It seems likely that this was how the exploit became public." The WMF flaw unsettled security experts after they found that the virus-writing community discovered the vulnerability before they did. A slew of Trojan programs were written to try and take advantage of the exploit. The British Parliament was attacked by hackers who tried to exploit the WMF flaw. MessageLabs, an e-mail filtering provider for the U.K. government, said last month that targeted e-mails were sent to various individuals within government departments in an attempt to take control of their computers. The e-mails contained the exploit code. A statement on the Kaspersky Lab site said more than a thousand instances of malicious code were detected in a week. "As the vulnerability was present in all versions of Windows, the situation threatened to spiral out of control." According to Kaspersky, the situation was mitigated by the holiday season, when Internet use was much lighter than normal. When the corrupt WMF files finally came to the attention of anti-spyware experts, they were traced back to Web sites known to spread advertising software surreptitiously to computers. Security companies have lamented the practice by some Web advertisers of paying others to distribute their software. Some of the more unscrupulous among those are in the business of distributing exploits that let them spread adware without the knowledge of computer users. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From isn at c4i.org Fri Feb 3 04:31:06 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:31:06 -0600 (CST) Subject: [ISN] Secunia Weekly Summary - Issue: 2006-5 Message-ID: ======================================================================== The Secunia Weekly Advisory Summary 2006-01-26 - 2006-02-02 This week : 54 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: A vulnerability has been discovered in Winamp, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited. The vulnerability has been confirmed in version 5.12. Other versions may also be affected. NOTE: An exploit is publicly available. Please refer to the referenced Secunia advisory below for additional details. Reference: http://secunia.com/SA18649 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA18649] Winamp Computer Name Handling Buffer Overflow Vulnerability 2. [SA18621] Oracle Products PL/SQL Gateway Security Bypass Vulnerability 3. [SA18629] Cisco VPN 3000 Concentrator HTTP Packet Denial of Service 4. [SA18613] Cisco IOS AAA Command Authentication Bypass Vulnerability 5. [SA15546] Microsoft Internet Explorer "window()" Arbitrary Code Execution Vulnerability 6. [SA18614] nfs-server "rpc.mountd" Buffer Overflow Vulnerability 7. [SA18628] My Little Forum/Guestbook/Weblog "link" BBcode Script Insertion 8. [SA18630] Debian update for drupal 9. [SA18255] Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution 10. [SA18529] F-Secure Anti-Virus Archive Handling Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA18649] Winamp Computer Name Handling Buffer Overflow Vulnerability [SA18646] @Mail Webmail Attachment Upload Directory Traversal [SA18636] ASPThai Forums Login SQL Injection Vulnerability [SA18668] MailEnable Professional EXAMINE Command Denial of Service UNIX/Linux: [SA18679] Debian update for pdfkit.framework [SA18677] Xpdf PDF Splash Image Handling Vulnerability [SA18675] Debian update for pdftohtml [SA18674] GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities [SA18669] Avaya Products PHP Multiple Vulnerabilities [SA18665] Debian update for unalz [SA18659] Avaya Intuity Audix Lynx Arbitrary Command Execution [SA18654] libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability [SA18653] Gentoo update for mydns [SA18647] Pioneers Long Chat Message Denial of Service Vulnerability [SA18644] Gentoo updates for xpdf/poppler/gpdf/libextractor/pdftohtml [SA18643] GIT "git-checkout-index" Symbolic Link Handling Buffer Overflow [SA18642] pdftohtml xpdf Multiple Integer Overflow Vulnerabilities [SA18631] Debian update for imagemagick [SA18630] Debian update for drupal [SA18627] Gentoo update for gallery [SA18638] SUSE update for nfs-server [SA18663] Avaya Intuity Audix OpenSSL Potential SSL 2.0 Rollback [SA18662] Avaya Intuity Audix TCP Timestamp Denial of Service [SA18661] Avaya Intuity Audix Two OpenSSH Security Issues [SA18625] Gentoo update for trac [SA18635] Mandriva update for net-snmp [SA18626] Gentoo update for paros [SA18660] Avaya Intuity Audix "uidadmin' Buffer Overflow [SA18656] Debian update for libmail-audit-perl [SA18652] Mail::Audit Insecure Log File Creation Vulnerability [SA18639] Mandriva update for perl-Net_SSLeay [SA18632] Gentoo update for libast [SA18623] Debian update for lsh-utils [SA18671] Sun Solaris x64 Kernel Processing Denial of Service [SA18650] Trustix update for openssh Other: [SA18629] Cisco VPN 3000 Concentrator HTTP Packet Denial of Service Cross Platform: [SA18648] CRE Loaded "HTML AREA" File Upload Security Issue [SA18640] CommuniGate Pro Server LDAP BER Decoding Vulnerabilities [SA18634] PmWiki Unregister "register_globals" Layer Bypass [SA18678] MyBB "templatelist" SQL Injection Vulnerability [SA18676] SPIP Cross-Site Scripting and SQL Injection Vulnerabilities [SA18667] Calendarix Basic SQL Injection Vulnerabilities [SA18666] SZUserMgnt "username" SQL Injection Vulnerability [SA18664] IPB Dragoran Portal Module "site" SQL Injection Vulnerability [SA18655] UebiMiau Webmail HTML Email Script Insertion Vulnerability [SA18633] AndoNET Blog "entrada" SQL Injection Vulnerability [SA18628] My Little Forum/Guestbook/Weblog "link" BBcode Script Insertion [SA18624] NewsPHP SQL Injection Vulnerabilities [SA18673] Easy CMS Cross-Site Scripting Vulnerabilities [SA18672] sPaiz-Nuke "query" Cross-Site Scripting Vulnerability [SA18670] Nuked-Klan "letter" Cross-Site Scripting Vulnerability [SA18658] BrowserCRM "query" Cross-Site Scripting Vulnerability [SA18657] Cerberus Helpdesk "contact_search" Cross-Site Scripting [SA18645] PHP-Ping "count" Denial of Service Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA18649] Winamp Computer Name Handling Buffer Overflow Vulnerability Critical: Extremely critical Where: From remote Impact: System access Released: 2006-01-30 ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/18649/ -- [SA18646] @Mail Webmail Attachment Upload Directory Traversal Critical: Moderately critical Where: From remote Impact: System access Released: 2006-02-02 Secunia Research has discovered a vulnerability in @Mail Webmail, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/18646/ -- [SA18636] ASPThai Forums Login SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2006-01-30 Emperor Hacking Team has reported a vulnerability in ASPThai Forums, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18636/ -- [SA18668] MailEnable Professional EXAMINE Command Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-02-01 A vulnerability has been reported in MailEnable Professional, which potentially can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18668/ UNIX/Linux:-- [SA18679] Debian update for pdfkit.framework Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-02-01 Debian has issued an update for pdfkit.framework. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/18679/ -- [SA18677] Xpdf PDF Splash Image Handling Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-02-01 Dirk Mueller has reported a vulnerability in Xpdf, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/18677/ -- [SA18675] Debian update for pdftohtml Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-02-01 Debian has issued an update for pdftohtml. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/18675/ -- [SA18674] GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-02-01 Some vulnerabilities have been reported in GNUStep PDFKit Framework, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/18674/ -- [SA18669] Avaya Products PHP Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2006-02-01 Avaya has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/18669/ -- [SA18665] Debian update for unalz Critical: Moderately critical Where: From remote Impact: System access Released: 2006-01-31 Debian has issued an update for unalz. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/18665/ -- [SA18659] Avaya Intuity Audix Lynx Arbitrary Command Execution Critical: Moderately critical Where: From remote Impact: System access Released: 2006-01-31 Avaya has acknowledged a vulnerability in Intuity Audix, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/18659/ -- [SA18654] libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-02-01 A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service) against applications using libpng or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/18654/ -- [SA18653] Gentoo update for mydns Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-01-31 Gentoo has issued an update for mydns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18653/ -- [SA18647] Pioneers Long Chat Message Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-01-30 Bas Wijnen has discovered a vulnerability in Pioneers, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18647/ -- [SA18644] Gentoo updates for xpdf/poppler/gpdf/libextractor/pdftohtml Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-01-31 Gentoo has issued updates for xpdf/poppler/gpdf/libextractor/pdftohtml. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), and potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/18644/ -- [SA18643] GIT "git-checkout-index" Symbolic Link Handling Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2006-01-30 A vulnerability has been reported in GIT, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/18643/ -- [SA18642] pdftohtml xpdf Multiple Integer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-01-31 Some vulnerabilities have been reported in pdftohtml, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/18642/ -- [SA18631] Debian update for imagemagick Critical: Moderately critical Where: From remote Impact: System access Released: 2006-01-27 Debian has issued an update for imagemagick. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/18631/ -- [SA18630] Debian update for drupal Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2006-01-27 Debian has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. Full Advisory: http://secunia.com/advisories/18630/ -- [SA18627] Gentoo update for gallery Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-27 Gentoo has issued an update for gallery. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/18627/ -- [SA18638] SUSE update for nfs-server Critical: Moderately critical Where: From local network Impact: System access Released: 2006-01-27 SUSE has issued an update for nfs-server. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/18638/ -- [SA18663] Avaya Intuity Audix OpenSSL Potential SSL 2.0 Rollback Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-01-31 Avaya has acknowledged a vulnerability in Intuity Audix, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/18663/ -- [SA18662] Avaya Intuity Audix TCP Timestamp Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-01-31 Avaya has acknowledged a vulnerability in Intuity Audix, which can be exploited by malicious people to cause a DoS (Denial of Service) on active TCP sessions. Full Advisory: http://secunia.com/advisories/18662/ -- [SA18661] Avaya Intuity Audix Two OpenSSH Security Issues Critical: Less critical Where: From remote Impact: Security Bypass, Privilege escalation Released: 2006-01-31 Avaya has acknowledged two security issues in Intuity Audix, which can be exploited malicious users to gain escalated privileges or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/18661/ -- [SA18625] Gentoo update for trac Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-26 Gentoo has issued an update for trac. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/18625/ -- [SA18635] Mandriva update for net-snmp Critical: Less critical Where: From local network Impact: Privilege escalation, DoS Released: 2006-01-27 Mandriva has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, or by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18635/ -- [SA18626] Gentoo update for paros Critical: Less critical Where: From local network Impact: Security Bypass, Exposure of sensitive information Released: 2006-01-30 Gentoo has issued an update for paros. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/18626/ -- [SA18660] Avaya Intuity Audix "uidadmin' Buffer Overflow Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-01-31 Avaya has acknowledged a vulnerability in Intuity Audix, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/18660/ -- [SA18656] Debian update for libmail-audit-perl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-01-31 Debian has issued an update for libmail-audit-perl. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/18656/ -- [SA18652] Mail::Audit Insecure Log File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-01-31 Niko Tyni has reported a vulnerability in Mail::Audit, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/18652/ -- [SA18639] Mandriva update for perl-Net_SSLeay Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2006-01-27 Mandriva has issued an update for perl-Net_SSLeay. This fixes a vulnerability, which can be exploited by malicious, local users to weaken certain cryptographic operations. Full Advisory: http://secunia.com/advisories/18639/ -- [SA18632] Gentoo update for libast Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-01-30 Gentoo has issued an update for libast. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/18632/ -- [SA18623] Debian update for lsh-utils Critical: Less critical Where: Local system Impact: Exposure of sensitive information, DoS Released: 2006-01-26 Debian has issued an update for lsh-utils. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18623/ -- [SA18671] Sun Solaris x64 Kernel Processing Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-02-01 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18671/ -- [SA18650] Trustix update for openssh Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2006-01-30 Trustix has issued an update for openssh. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/18650/ Other:-- [SA18629] Cisco VPN 3000 Concentrator HTTP Packet Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-01-27 Eldon Sprickerhoff has reported a vulnerability in Cisco VPN 3000 Concentrator, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18629/ Cross Platform:-- [SA18648] CRE Loaded "HTML AREA" File Upload Security Issue Critical: Highly critical Where: From remote Impact: System access Released: 2006-01-30 kaneda has discovered a security issue in CRE Loaded, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/18648/ -- [SA18640] CommuniGate Pro Server LDAP BER Decoding Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-01-30 Evgeny Legerov has reported some vulnerabilities in CommuniGate Pro Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/18640/ -- [SA18634] PmWiki Unregister "register_globals" Layer Bypass Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access Released: 2006-01-30 Francesco "aScii" Ongaro has discovered a vulnerability in PmWiki, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/18634/ -- [SA18678] MyBB "templatelist" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-02-01 A vulnerability has been discovered in MyBB, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18678/ -- [SA18676] SPIP Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Cross Site Scripting Released: 2006-02-01 Zone-H Research Team has discovered some vulnerabilities in SPIP, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/18676/ -- [SA18667] Calendarix Basic SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2006-02-01 Aliaksandr Hartsuyeu has discovered two vulnerabilities in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18667/ -- [SA18666] SZUserMgnt "username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2006-02-01 Aliaksandr Hartsuyeu has discovered a vulnerability in SZUserMgnt, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18666/ -- [SA18664] IPB Dragoran Portal Module "site" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-02-01 SkOd has reported a vulnerability in the Dragoran Portal module for Invision Power Board, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18664/ -- [SA18655] UebiMiau Webmail HTML Email Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-31 M.Neset KABAKLI has discovered a vulnerability in UebiMiau, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/18655/ -- [SA18633] AndoNET Blog "entrada" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-01-27 Aliaksandr Hartsuyeu has discovered a vulnerability in AndoNET Blog, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18633/ -- [SA18628] My Little Forum/Guestbook/Weblog "link" BBcode Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-27 Aliaksandr Hartsuyeu has discovered a vulnerability in My Little Forum, My Little Guestbook, and My Little Weblog, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/18628/ -- [SA18624] NewsPHP SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-01-26 SAUDI has reported some vulnerabilities in NewsPHP, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/18624/ -- [SA18673] Easy CMS Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-31 Preben Nylokken has reported some vulnerabilities in Easy CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/18673/ -- [SA18672] sPaiz-Nuke "query" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-31 Night_Warrior has reported a vulnerability in sPaiz-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/18672/ -- [SA18670] Nuked-Klan "letter" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-01-31 Night_Warrior has discovered a vulnerability in Nuked-Klan, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/18670/ -- [SA18658] BrowserCRM "query" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-02-01 Preben Nyl?kken has reported a vulnerability in BrowserCRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/18658/ -- [SA18657] Cerberus Helpdesk "contact_search" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-02-01 Preben Nyl?kken has reported a vulnerability in Cerberus Helpdesk, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/18657/ -- [SA18645] PHP-Ping "count" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2006-01-30 cvh has discovered a vulnerability in PHP-Ping, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/18645/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support at secunia.com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 From isn at c4i.org Fri Feb 3 04:31:20 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:31:20 -0600 (CST) Subject: [ISN] Kama Sutra virus expected to strike Message-ID: http://www.washingtonpost.com/wp-dyn/content/article/2006/02/03/AR2006020300346.html By Michael Kahn Reuters February 3, 2006 SAN FRANCISCO (Reuters) - A destructive worm posing as a pornographic e-mail may already have infected hundreds of thousands of computers and could erase many everyday files on Friday, security experts warn. The "Kama Sutra" worm, which targets popular Microsoft Corp., Adobe Systems Inc. and ZIP files, is a threat because many users will not know the virus has infected their computers until it is too late, security experts said. They also estimate that the worm -- which spreads by e-mailing itself to addresses in an infected computer's mailbox -- may already have slipped onto 275,000 to 500,000 machines and is now simply waiting to obliterate files on Friday. The virus, also known as Nyxem, Grew.A or MyWife, tricks users by appearing as an e-mail attachment with subject lines such as "Hot Movie," "give me a kiss" and "Miss Lebanon 2006." Some variations refer to the ancient Kama Sutra guide to elaborate sexual positions in order to attract attention and convince victims to open. "It claims to be a movie or picture with some sort of sexual content," said Johannes Ullrich, chief research officer at the nonprofit SANS Institute research group. "That is how it tricks you." The virus causes a keyboard and mouse to freeze up and then disables anti-virus programs when the computer is restarted, leaving a machine vulnerable, said Ken Dunham, rapid response director at VeriSign Corp.'s security unit iDefense. The attack is scheduled to begin at midnight on February 3. The virus mainly has infected computers of vulnerable consumers and small businesses, which are far less likely to have up-to-date security software, he said. The Kama Sutra worm also stands out because its primary purpose is to destroy files rather than to seek financial gain or to take control of a computer, security experts said. Dunham said any users who suspect they may have triggered the worm should reinstall an anti-virus program and make sure the virus has been removed. "It is already underway and will be activated unless people get removal tools," he said. "If you have opened an e-mail and your computer froze up, you should be very concerned." From isn at c4i.org Fri Feb 3 04:31:32 2006 From: isn at c4i.org (InfoSec News) Date: Fri, 3 Feb 2006 03:31:32 -0600 (CST) Subject: [ISN] Hacker hands over laptop Message-ID: http://www.mlive.com/news/fljournal/index.ssf?/base/news-34/1138897570313390.xml&coll=5 By Bernie Hillman THE FLINT JOURNAL February 02, 2006 LINDEN - A Linden High School senior who hacked into school records - possibly for the purpose of changing school grades, police say - handed his laptop over to police Tuesday. The laptop will be delivered to the state police crime lab in Lansing next week, said Argentine Township police Lt. Bruce Coverdill. Coverdill said the 17-year-old, who was suspended Jan. 25 for 10 days, is not talking to police and has an attorney. "He admitted getting into some files," Coverdill said. "We don't know what files - possibly changing school grades; we don't know to what degree." But hacking into a school computer is no easy task, said Thomas Svitkovich, superintendent for the Genesee Intermediate School District. "There are fire walls and protective devices in place at all levels," he said. "The systems are closed systems. You can't just dial up and get into something, but I don't know what he got into or what he was doing." It's too early in the investigation to know if the teen acted alone, said Coverdill, who noted that the hacking may have been going on for some time. "(The school) had suspected something was wrong with their files. They approached him, and he admitted to it," Coverdill said. Superintendent Elizabeth Leonard said she couldn't say much more other than the investigation is ongoing. "Certainly he got into some Linden files," Leonard said. Students will have limits on what they can access via computer until the investigation is complete, but Leonard said she could not say what those limits will be. Senior Jamie Wolverton said the incident was not the talk of the school. She found out about it Wednesday from a teacher in the computer lab class. "Someone said they couldn't save something, and (the teacher) said someone hacked into the system, and now we couldn't do that," Jamie said. "She didn't say how or who. We used to be able to save on a disc or under your own name, and now we can't do that." Leonard said a decision whether to lengthen the suspension was expected to be made today. ?2006 Flint Journal From isn at c4i.org Mon Feb 6 01:39:25 2006 From: isn at c4i.org (InfoSec News) Date: Mon, 6 Feb 2006 00:39:25 -0600 (CST) Subject: [ISN] Oracle aims to tone security muscle with Fusion Message-ID: http://www.zdnet.com.au/news/security/soa/Oracle_aims_to_tone_security_muscle_with_Fusion/0,2000061744,39236748,00.htm By Joris Evers Special to ZDNet 06 February 2006 Billions of dollars worth of acquisitions have bought Oracle a perhaps unexpected bonus: security lessons. Last year, the technology maker bought more than a dozen companies. Now it's picking up tips from those operations and using them in a major overhaul of its business applications software, an initiative called Project Fusion. Other products and processes are benefiting, too. In return, Oracle is teaching its new employees something about security -- literally. The Redwood Shores, California-based, company found that none of the companies it bought required security-specific training for staff. But Oracle does. So employees brought in from PeopleSoft, JD Edwards, Retek and Oblix purchases, among others, are learning the ropes. All in all, Oracle hopes the security sum will be greater than its parts. "To make the merged organisation successful, we take the best of what they did and the best of what we do, and make it what the combined company does," Mary Ann Davidson, Oracle's chief security officer, said in an interview on Tuesday. Security has been a bugbear for the database specialist, which has drawn criticism for the time it takes to fix flaws and the quality of its patches. Experts will be watching closely to see what comes of any new effort. Moreover, Fusion is a hefty undertaking, with the aim of incorporating the technology of companies Oracle has acquired. And security is only one element of Fusion. Oracle President Charles Phillips recently said the company, one year into the project, is already half done with its work on the next generation of its applications. Yet, Phillips said, the first Fusion applications won't be ready until 2008 -- a schedule that falls in line with previous promises. Oracle isn't saying much about security in Fusion or in any of its other products, but in meetings with ZDNet Australia?s sister site CNET News.com last week, company representatives lifted the veil on the software maker's endeavours to get all its security eggs into one basket. One lesson Oracle has learned from PeopleSoft is that less customisation equals fewer security risks. While Oracle has historically allowed developers to program on top of its applications, PeopleSoft took a more limited approach. Its software was mainly set up to let customers analyse their business processes, then build upon its applications. "What you can do from a security perspective in PeopleSoft is limited, while Oracle is more fine-grained and more customisable," said John Heimann, director of security program management at Oracle. "Sometimes simplicity is good for security, because you can sometimes code yourself into a hole." Oracle's buying spree In 2005 alone, Oracle acquired more than a dozen companies. The security synchronisation effort includes some of these: PeopleSoft (January), Oblix (March), Retek (April), TripleHop (June), TimesTen (June), ProfitLogic (July), Context Media (July), I-flex (August), Siebel (September), G-Log (September), Innobase (October), Thor Technologies (November), OctetString (November), TempoSoft (December) Oracle allows developers to define security roles with a lot of flexibility, increasing the risk of mistakes and thus the introduction of flaws. For example, it is possible to restrict which user can access a specific part of an application based on very detailed rules, Heimann said. PeopleSoft doesn't provide the same level of flexibility, he said. "We're going to try and combine the simplicity and declarative nature of PeopleSoft and PeopleTools with the extensibility and flexibility of the Oracle applications framework," Heimann said. As an indication of that, Oracle executives said a key person working on security for Fusion is Robert Armstrong, a former PeopleSoft security chief. Another lesson partially learned from PeopleSoft is to ship products that have a high level of security out of the box, or at least provide an easy way to increase the security level -- something Oracle calls the Secure Configuration Initiative. "In the past, our products have tended to be developer-friendly out of the box," Heimann said. "There were accounts with easy-to-remember passwords like 'Welcome1', demo code, and things were set with permissions that were wide open." Oracle's 10g database products, which shipped in 2004, delivered on some of the "secure by default" approach, Heimann said. Customers should see more of it in future products, including the next generation of the database family, he added. "It will be there to a much greater extent in 11g, and it is a focus for Fusion," he said. "That is the future: Security by default, and delivering it so you don't have to be a sophisticated developer to implement security rules." For example, Oracle is thinking of allowing a system administrator to change security settings using a simple user interface or with drag-and-drop capabilities, Heimann said. Patchy record Oracle, which has marketed its products as "unbreakable," has faced mounting criticism over its security practices. Security researchers have accused the company of fixing security flaws too late, releasing faulty security updates or not plugging holes at all. "Oracle can no longer be considered a bastion of security," Gartner analyst Rich Mogull wrote in a research note after Oracle released a slew of security patches on 17 January. "Critical Oracle vulnerabilities are being discovered and disclosed at an i