Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Newsletter
October 2004
|
******************************************************************** SecuritySpace Newsletter Published by E-Soft Inc. October 1st, 2004 ==================================================================== Advanced Security Audits for $199/Month With the latest enhancements to customize your audit with 80+ parameters, you can run unlimited audits against unlimited IPs. Our award winning vulnerability scanner allows you to schedule audits on a daily/weekly/monthly basis, fix problems and retest at your leisure. Available 24x7, always up to date, find out why banks, governments, ISPs, insurance companies and more are turning to SecuritySpace for auditing their systems. http://www.securityspace.com/smysecure/adv_index.html ==================================================================== In this month's newsletter: I. New This Month: 1) 589 new vulnerability tests on-line II. Tip of the Month: Leveraging multiple Network Monitor sensors III. Security News - Your Top 10 Picks of September IV. Free Internet Research Reports 1) Secure Web Server Market Share Change 2) Web Server Market Share Change 3) Technology Penetration e.g. Java, Flash, etc. 4) Apache Module Report 5) Web Authoring Tools 6) Market Share Theft and Upgrade Report 7) Cookie Usage Report 8) ISP Report 9) DNS Load Balancing Report 10) Web Bug Report 11) Firewalled IIS Servers 12) Web Site Failure/Growth Report 13) Compact Privacy Policy Report 14) Website Distribution by Area Code 15) DNS Site Operator Report V. Subscription / Removal Information ==================================================================== I. New This Month 1) 589 new vulnerability tests on-line -------------------------------------- Security Audits have 589 new tests added this month, bringing the total this month to 4705 vulnerability tests on-line. In addition to numerous Local Security checks for various distributions and the addition of checks for Gentoo and AIX, the following remote tests have been added. Date Test Description ---- ---- ----------- Sep 29 14842 Serendipity SQL Injections Sep 29 14838 myServer POST Denial of Service Sep 29 14841 IRC bot ident server detection Sep 29 14843 ICECast HTTP Header Buffer Overflow Sep 28 14836 WordPress XSS Sep 28 14833 vBulletin XSS(2) Sep 28 14834 radmin on port 10002 - possible GDI compromise Sep 28 14837 PD9 MegaBBS multiple vulnerabilities Sep 28 14835 Symantec Norton AntiVirus Version Detection Sep 28 14831 MySQL bounded parameter overflaw Sep 28 14829 Intellipeer POP3 server user account enumeration Sep 28 14832 Debian GNU/Linux Sendmail Default SASL Password Sep 28 14828 BroadBoard SQL Injection Sep 28 14830 @lex guestbook remote file include Sep 27 14823 ViewCVS XSS Sep 27 14824 Pinnacle ShowCenter Skin DoS Sep 27 14822 OpenBB XSS Sep 27 14825 MDaemon mail server DoS Sep 27 14827 MDaemon imap server DoS(2) Sep 27 14826 MDaemon imap server DoS Sep 24 14806 YaBB Gold 1 Multiple Input Validation Issues Sep 24 14792 vBulletin XSS Sep 24 14793 Tutos input validation Issues Sep 24 14800 Subversion Module unreadeable path information disclosure Sep 24 14818 Possible GDI+ compromise Sep 24 14804 Alt-N MDaemon Multiple Buffer Overflows Sep 24 14810 Macromedia JRun Multiple Vulnerabilities Sep 24 14788 IP protocols scan Sep 24 14805 Emulive Server4 Authentication Bypass Sep 24 14819 Canon ImageRUNNER Printer Email Printing Sep 24 14816 aspWebCalendar SQL Injection Sep 24 14817 aspWebAlbum SQL Injection Sep 24 14803 Apache = 2.0.51 Sep 22 14782 YaBB XSS and administrator command execution Sep 22 14785 vBulletin SQL injection Issue Sep 22 14784 Tutos SQL injection and Cross Site Scripting Issues Sep 22 14783 Snitz Forums 2000 HTTP Response Splitting Sep 22 14787 PHPMyBackupPro Input Validation Issues Sep 22 14786 BBS E-Market File Disclosure Sep 19 14770 php arbitrary file upload Sep 19 14768 Security Update 2004-09-16 Sep 19 14773 Identifies services like FTP, SMTP, NNTP... Sep 19 14772 Try very hard to identify what runs on common ports Sep 19 14771 Apache <= 1.3.31 htpasswd local overflow Sep 19 14748 Apache < 2.0.51 Sep 16 14726 ZoneAlarm Pro local DoS Sep 16 14722 WebLogic Multiple Vulnerabities Sep 16 14719 Turbo Seek files reading Sep 16 14729 Mozilla/Thunderbird multiple flaws Sep 16 14724 Buffer Overrun in JPEG Processing (833987) Sep 16 14732 Vulnerability in WordPerfect Converter (884933) Sep 16 14727 Post-Nuke News module XSS Sep 16 14733 PerlDesk File Inclusion Sep 16 14728 Mozilla/Firefox multiple flaws Sep 16 14718 Cisco bug ID CSCdu35577 (Web Check) Sep 13 14713 Simple Form Mail Relaying via Subject Tags Vulnerability Sep 13 14711 Samba ASN.1 Denial of Service Sep 13 14715 OpenCA signature verification flaw Sep 13 14714 OpenCA multiple signature validation bypass Sep 13 14712 MailEnable SMTP Connector Service DNS Lookup DoS Vulnerability Sep 13 14707 TYPSoft empty username DoS Sep 13 14706 TYPSoft directory traversal flaw Sep 13 14708 PhpGroupWare XSS Sep 13 14709 FTP Serv-U 4.x 5.x DoS Sep 9 14660 ZoneAlarm Personal Firewall port 67 flaw Sep 9 14325 Zixforum database disclosure Sep 9 14269 YaPiG remote server-side script execution vulnerability Sep 9 14614 XOOPS Dictionary Module Cross Scripting Vulnerability Sep 9 14647 Xedus XSS Sep 9 14646 Xedus Denial of Service Sep 9 14645 Xedus directory traversal Sep 9 14644 Xedus detection Sep 9 14372 wu-ftpd S/KEY authentication overflow Sep 9 14302 wu-ftpd rnfr file overwrite Sep 9 14371 wu-ftpd MAIL_ADMIN overflow Sep 9 14301 wu-ftpd ABOR priviledge escalation Sep 9 14585 WS FTP STAT buffer overflow Sep 9 14598 WS FTP server multiple flaws Sep 9 14584 WS FTP server DoS Sep 9 14586 WS FTP CWD DoS Sep 9 14599 WS FTP server FTP bounce attack and PASV connection hijacking flaws Sep 9 14597 WS_FTP client weak stored password Sep 9 14382 WebMatic Security Vulnerability Sep 9 14365 WebAPP Directory Traversal Sep 9 14363 INL ulog-php SQL injection Sep 9 14699 TYPSoft FTP 'RETR' DoS Sep 9 14686 Trillian MSN Overflow Sep 9 14615 TorrentTrader SQL Injection Sep 9 14591 Titan FTP Server CWD heap overflow Sep 9 14659 Titan FTP Server directory traversal Sep 9 14359 TikiWiki Unauthorized Page Access Sep 9 14364 TikiWiki multiple input validation vulnerabilities Sep 9 14300 Sympa unauthorised list creation security issue Sep 9 14323 Sympa New List Cross Site Scripting Sep 9 14299 Sympa invalid LDAP password DoS Sep 9 14298 Sympa wwsympa do_search_list Overflow DoS Sep 9 14369 SWsoft Plesk Reloaded Cross Site Scripting Vulnerability Sep 9 14361 NSS Library SSLv2 Challenge Overflow Sep 9 14273 SSH settings Sep 9 14228 SquirrelMail XSS and Local escalation Sep 9 14381 Samba FindNextPrintChangeNotify() Denial of Service Sep 9 14278 RealPlayer multiple remote overflows Sep 9 14275 QuiXplorer Directory Traversal Sep 9 14263 PuTTY SSH2 authentication password persistence weakness Sep 9 14262 PuTTY window title escape character arbitrary command execution Sep 9 14687 psyBNC Server Detection Sep 9 14685 PsNews XSS Sep 9 14362 PlaySMS Cookie SQL Injection Sep 9 14613 phpScheduleIt HTML Injection Vulnerability Sep 9 14296 PhpGroupWare multiple module SQL injection vulnerabilities Sep 9 14295 PhpGroupWare calendar server side script execution Sep 9 14294 PhpGroupWare unspecified remote file include vulnerability Sep 9 14293 PhpGroupWare plaintext cookie authentication credentials vulnerability Sep 9 14292 PhpGroupWare multiple HTML injection vulnerabilities Sep 9 14368 PHP-CSL Cross Site Scripting Vulnerability Sep 9 14356 PHP-Fusion Database Backup Disclosure Sep 9 14357 PhotoADay Cross-Site Scripting Vulnerability Sep 9 14587 Password Protect SQL Injection Sep 9 14641 Oracle DBS_SCHEDULER vulnerability Sep 9 14346 Opera Resource Detection Sep 9 14261 Opera remote location object cross-domain scripting vulnerability Sep 9 14336 Opera Javascript Denial of Service Sep 9 14638 Opera Empty Embedded Object DoS Sep 9 14700 OpenCA HTML Injection Sep 9 14378 NetAsq identification Sep 9 14343 MySQL mysqlhotcopy script insecure temporary file Sep 9 14319 MySQL buffer overflow Sep 9 14327 MyDMS SQL Injection and Directory Traversal Sep 9 14354 Music Daemon File Disclosure Sep 9 14353 Music Daemon Denial of Service Sep 9 14668 Mozilla/Firefox security manager certificate handling DoS Sep 9 14379 Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail Sep 9 14324 Mantis Multiple Flaws (2) Sep 9 14344 Mantis multiple unspecified XSS Sep 9 14360 MAILsweeper Archive File Filtering Bypass Sep 9 14656 MailEnable HTTPMail Service GET Overflow Vulnerability Sep 9 14655 MailEnable HTTPMail Service Content-Length Overflow Vulnerability Sep 9 14654 MailEnable HTTPMail Service Authorization Header DoS Vulnerability Sep 9 14676 Security Update 2004-09-07 Sep 9 14312 ScanMail file check Sep 9 14279 Kerio MailServer < 6.0.1 Sep 9 14681 Keene digital media server XSS Sep 9 14352 JShop Cross-Site Scripting Vulnerability Sep 9 14388 IgnitionServer Irc operator privilege escalation vulnerability Sep 9 14376 IgnitionServer Denial of Service Sep 9 14684 ipswitch IMail DoS Sep 9 14683 INN buffer overflow Sep 9 14637 IlohaMail User Parameter Vulnerability Sep 9 14636 IlohaMail Password Disclosure Vulnerability Sep 9 14635 IlohaMail External Programs Vulnerabilities Sep 9 14634 IlohaMail Email Header HTML Injection Vulnerability Sep 9 14629 IlohaMail Detection Sep 9 14633 IlohaMail Contacts Deletion Vulnerability Sep 9 14632 IlohaMail Attachment Upload Vulnerability Sep 9 14631 IlohaMail Arbitrary File Access via Session Variable Vulnerability Sep 9 14630 IlohaMail Arbitrary File Access via Language Variable Sep 9 14674 Identd scan Sep 9 14390 ICECast XSS Sep 9 14370 HastyMail HTML Attachement Script Execution Sep 9 14338 Gallery Script Execution Sep 9 14682 eZ/eZphotoshare Denial of Service Sep 9 14664 external services identification Sep 9 14358 eGroupWare Cross-Site Scripting Vulnerability Sep 9 14375 Easy File Sharing Web Server ACL Bypass Sep 9 14639 dasBlog HTML Injection Vulnerability Sep 9 14291 CVSTrac timeline.c timeline_page function overflow Sep 9 14290 CVSTrac ticket title arbitrary command execution Sep 9 14289 CVSTrac malformed URI infinite loop DoS Sep 9 14288 CVSTrac chdir() chroot jail escape Sep 9 14287 CVSTrac invalid ticket DoS Sep 9 14286 CVSTrac history.c history_update function overflow Sep 9 14285 CVSTrac database plaintext password storage Sep 9 14284 CVSTrac cgi.c multiple overflows Sep 9 14283 CVSTrac CVSROOT/passwd arbitrary account deletion Sep 9 14313 CVS file existence information disclosure weakness Sep 9 14318 CuteNews XSS Sep 9 14665 CuteNews index.php XSS Sep 9 14626 Citrix NFuse_Application parameter XSS Sep 9 14317 cfengine CFServD transaction packet buffer overrun vulnerability Sep 9 14316 cfengine format string vulnerability Sep 9 14315 cfengine detection and local identification Sep 9 14314 cfengine AuthenticationDialogue vulnerability Sep 9 14640 Cerbere HTTP Proxy Denial of Service Sep 9 14270 ISS BlackICE Vulnerable config files Sep 9 14308 BasiliX Detection Sep 9 14307 BasiliX Content-Type XSS Vulnerability Sep 9 14306 BasiliX Attachment Disclosure Vulnerability Sep 9 14305 BasiliX Arbitrary File Disclosure Vulnerability Sep 9 14304 BasiliX Arbitrary Command Execution Vulnerability Sep 9 14350 BadBlue Connections Denial of Service Sep 9 14347 AWStats rawlog plugin logfile parameter input validation vulnerability Sep 9 14377 Arkoon identification Sep 9 14337 CSCec16481 New tests added in the last 30 days (and links to them) can be found at http://www.securityspace.com/smysecure/last30.html The complete arsenal of available tests can be viewed and searched at http://www.securityspace.com/smysecure/index.html. ==================================================================== II. Tip of the Month: Alerting on "ANY/ALL" in Network Monitor When configuring a monitored device, you have the options of setting alerts when "ANY" sensor reports an error, or only when "ALL sensors report an error. With "ANY", you get an idea when network segments that some, but not all, of your customers use may be experiencing trouble (e.g. an overseas link to the UK). With "ALL", you are only notified if ALL sensors cannot reach your network, making it highly likely that the problem is on your network or your upstream ISP, and impacts all of your customers. http://www.securityspace.com/netmon/index ==================================================================== III. Security News - Your Top 10 Picks of September Our readers ranked the following 10 articles as the most interesting in September (based on click-through percentage): They are, in order: 1. Code theft mystery deepens http://www.techworld.com/security/news/index.cfm?NewsID=2161 Story from TechWorld 2. Top ISP caught red-handed aiding spammers http://www.techworld.com/security/news/index.cfm?NewsID=2199 Story from TechWorld 3. WinZip catches itself in security trousers http://www.techworld.com/security/news/index.cfm?NewsID=2168 Story from TechWorld 4. New, dangerous Microsoft JPEG exploit code released http://www.computerworld.com/securitytopics/security/holes/story/0,10801,96124,00.html Story from ComputerWorld 5. More big security holes in Linux http://www.techworld.com/security/news/index.cfm?NewsID=2201 Story from TechWorld 6. U.S. government, companies warn of critical Oracle flaws http://www.computerworld.com/securitytopics/security/holes/story/0,10801,95678,00.html Story from ComputerWorld 7. Hackers use Google to access photocopiers http://news.zdnet.co.uk/internet/security/0,39020375,39167848,00.htm Story from ZDNet 8. Spammers embrace anti-spam technology http://www.techworld.com/security/news/index.cfm?NewsID=2154 Story from TechWorld 9. First 'warspamming' case reaches court http://news.zdnet.co.uk/0,39020330,39165719,00.htm Story from ZDNet 10. Windows PCs threatened by JPEG-handling flaw http://news.zdnet.co.uk/software/windows/0,39020396,39166677,00.htm Story from CNET/ZDNet ==================================================================== IV. Internet Research Reports 1) Secure Web Server Market Share Change ---------------------------------------- These reports illustrate the market share of SSL enabled servers. Included are domain by domain breakdowns of SSL servers in use, certificate authorities being used to sign certificates, types of protocols in use, types of ciphers, and more. http://www.securityspace.com/s_survey/sdata/200409/index.html 2) Web Server Market Share Change --------------------------------- The base web server survey that each month visits all servers we know of and extracts the web server signature string. Included are domain by domain breakdowns of server usage. http://www.securityspace.com/s_survey/data/200409/index.html 3) Technology Penetration - Java, JavaScript, etc. -------------------------------------------------- A report on the usage of client side technologies, including JavaScript, Java, Flash/Shockwave, and more. http://www.securityspace.com/s_survey/data/man.200409/techpen.html 4) Apache Module Report ----------------------- The Apache Module report is a breakdown of the popular add-on modules to the Apache web servers. Included are graphs that plot the penetration of technologies such as PHP, perl, and SSL enabling technologies such as OpenSSL. http://www.securityspace.com/s_survey/data/man.200409/apachemods.html 5) Web Authoring Tools ---------------------- A report on the usage of web authoring tools on the web by examining signature strings imbedded by many popular authoring tools into web pages. http://www.securityspace.com/s_survey/data/man.200409/webauth.html 6) Market Share Theft and Upgrade Report ---------------------------------------- These reports detail statistics on web sites whose signature changed from one month to the next. Included are detailed stats on sites that upgrade (or downgrade) from one revision to another, as well as sites that switch completely the type of web server delivering content. http://www.securityspace.com/s_survey/data/man.200409/srvch.html 7) Internet Cookie Report -------------------------- An analysis of the usage of cookies on the internet, along with the attributes, such as longevity and technologies being used to generate cookies (as witnessed by Cookie names such as "WEBTRENDS_ID", "PHPSESSID", "CFTOKEN", etc.) http://www.securityspace.com/s_survey/data/man.200409/cookieReport.html 8) ISP Report -------------- An analysis of the respective market share ISPs have, as determined by ranking them according to the number of sites being directly or indirectly hosted by these ISPs. http://www.securityspace.com/s_survey/data/man.200409/ISPreport.html 9) DNS Load Balancing Report ----------------------------- An analysis of name resolutions of all web servers we know about allows us to determine the number of sites that employ DNS solutions that do (and do not) employ DNS load balancing techniques. http://www.securityspace.com/s_survey/data/man.200409/dnsmult.html 10) Web Bug Report ------------------ By analyzing web page content of sites that are crawled each month, a determination of the number of sites that employ web bugs is made, as well as providing statistics on organizations benefiting from web bugs such as advertising agencies. http://www.securityspace.com/s_survey/data/man.200409/webbug.html 11) Firewalled IIS Servers -------------------------- An analysis of HTTP header information returned by IIS servers as part of every request the service, a common misconfiguration can be exposed that details information of an organization's private network. http://www.securityspace.com/s_survey/data/man.200409/firewalled_cloc.html 12) Web Growth/Failure Report ----------------------------- By analyzing the number of new sites we find each month, and those that stop responding to our survey, a report is generated that focuses on new and expired web sites. By analyzing market share of web servers within this data set, a determination can be made of technologies of choice for new web site administrators. http://www.securityspace.com/s_survey/data/man.200409/growth.html 13) Compact Privacy Policy Report --------------------------------- This report provides an analysis of the penetration of compact privacy policies on the web since the inception of the P3P specification. Included is a complete breakdown of the usage of all tags, their meanings, the number of sites using these tags, and more. http://www.securityspace.com/s_survey/data/man.200409/p3p.html 14) Website Distribution by Area Code/Geographic Region ------------------------------------------------------- This report details how sites are distributed based on telephone numbers that are found published on these sites. By examining the area code, and mapping this to the geographic region applicable, a geographic view of web sites is available. This report is limited to sites publishing numbers matching the North American Numbering Plan (NANP). http://www.securityspace.com/s_survey/data/man.200409/areacode.html 15) DNS Site Operator Report ---------------------------- This report details DNS servers and the number of domains each is responsible for. In essence, this provides the list of customers of ISPs, hosting companies, specialty DNS service providers, and more. The free report provides the top 20 DNS servers (as measured by # of domains the server services), as well as allowing users to query the relevant statistics of any known DNS server. http://www.securityspace.com/s_survey/data/man.200409/dnsop.html ==================================================================== V. Subscription/Removal Information If you know of anyone who may find this newsletter interesting, please forward it to them. To subscribe or unsubscribe from this monthly newsletter, please visit https://secure1.securityspace.com/secnews/subscribe.html -------------------------------------------------------------------- Ying Chan Marketing Manager E-Soft Inc. http://www.e-softinc.com SecuritySpace.com http://www.securityspace.com