Networking

Source: Linux Security

Date: Mon, 21 Jan 2002 21:10:37 -0800 (PST)
From: Marc Slemko
To: bugtraq@securityfocus.com
Subject: Mozilla Cookie Exploit

Source: NewsDay.com

For those charged with securing the computer systems of entities as diverse as the Metropolitan Transit Authority and Astoria Federal Savings, the job has come to combine the more challenging aspects of juggling with the potential consequences of a fall from the high-wire.

Source: ZDNet

Increased activity on port 12345 could be due to hackers, an antivirus product or something else altogether

Increased activity on TCP port 12345 -- best known as both the NetBus Trojan's default port and the port used for a Trend Micro antivirus product -- has the security community arguing as to who is responsible. Is it Trend Micro customers who have yet to patch known vulnerabilities, script kiddies looking for an easy hit, or an Internet X-file?

Source: Entrepreneur.com

Who's reading your e-mail? Hackers? Competitors? If you're among the companies that have set up an 802.11b-or Wi-Fi-Wireless LAN (WLAN), you may have more people downloading files from your network than you have on your payroll. Some may even be planning to sabotage you.

Source: Zero Security

It is possible to cause Snort, an open source network intrusion detection tool, to core dump by sending it an extremely small ICMP ECHO packet.

Vulnerable systems:
Snort version 1.8 and prior (without the patch)

Example:
Run snort:
# snort -dev host 192.168.0.3 and 192.168.0.1

Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
# ping -c 1 -s 1 192.168.0.1

Source: News Forge

The package shipped with Conectiva Linux 6.0 and older logs by default all queries made to the database to the /var/log/mysql file. This includes user creation, password changes via SQL commands and other queries. Our package incorrectly leaves the permissions of this file as world-readable (0644), thus allowing any user on the system access to potentially sensitive information.

Source: National Post

The leader of an international hacker group that penetrated over a Department of National Defence computer system in 1999 was a 17-year-old high school student who gained access to the security network in 10 minutes from his mother's kitchen table.

Russell Sanford, now 19 and serving two years in a Texas prison, designed complex software that exploited one of Canada's military networks via its Website intermittently for three days.

Source: O'Reilly Network

In this column, we look at several problems with ProFTPD; a Trojan Horse application disguised as an exploit; buffer overflows in the glibc library, dtspcd, wmcube-gdk, and Mandrake Linux's Kerberos telnet; and problems in Slash, IBM Websphere, popauth, Aftpd, TWIG, PGPMail.pl, and the Cisco SN 5420 Storage Router.

Source: Xatrix

The Media Gateway Controller (MGC) product is installed on top of
Solaris operating system. In the default installation Solaris has
several know security vulnerabilites. In order to prevent them from
being exploited customers must install updated packages CSCOh007 and
CSCOh013. These packages contain the latest Solaris patches and
additional hardening of the Solaris OS.

Source: SecurityFocus